TSA Rules

TSA Rules

How Will The New DHS Secure Flight Rules Affect Your Business?

As previously reported, the U.S. Department of Homeland Security (DHS) has issued its Final Rule on Secure Flight. This rule shifts pre-departure watch list matching responsibilities from individual airlines to the Transportation Security Administration (TSA). ASTA filed extensive comments on the proposed rule, most of which were acted upon favorably in the final rule. In this memo we will address the main issues we raised, TSA’s resolution of them and other important aspects of the rules, using Q & A format. You can also view this on ASTA.org at anytime.Q. What is the exact information you will have to collect from each prospective air traveler?

A. There are four mandatory facts to collect:

(1) full name as it appears on the document that will be used to verify identity at the airport
(2) date of birth
(3) gender
(4) Redress Number (if the person has one)

Q. When do you have to begin asking for this information?

A. Airlines will be brought into Secure Flight individually over time and should issue directions to you. The GDSs also have to inform you about where to put the information in the Passenger Name Record. Meanwhile, ASTA recommends that you plan now how you are going to update any client profiles you keep. Profiles that pre-populate booking screens can eliminate the need to ask repeat clients the same Secure Flight questions every time they book.

Q. What happens if the passenger refuses to provide the Secure Flight information?

A. You may make the booking anyway, but you should tell the passenger that she will not be able to get a boarding pass either at home or at the airport until the information has been provided. Giving the Secure Flight information is not optional.

Q. Are there time limits on the provision of the Secure Flight information?

A. Yes. The information must be provide no later than 72 hours prior to the scheduled departure time, unless the reservation is made within 72 hours of the scheduled departure time, in which case it must be collected at the time of booking.

Q. Must we collect the Secure Flight information for both domestic and international flights?

A. Initially the program will cover only domestic flights but around September 2009 international flights will be integrated into the system.

Q. What is a Redress Number and where does a passenger get one?

A Redress Number is obtained from DHS when a passenger has had identification issues related to the terrorist watch lists but is not in fact a terrorist. Additional information regarding the DHS’ Redress program can be found online. Applying for such a number is the passenger’s responsibility, not the travel agent. It is alright if a passenger, when asked, says “I don’t have one.”

Q. Does Secure Flight have a privacy notice requirement in light of the personal information involved in the program?

A. Yes, but non-airline Web sites only have to provide the privacy notice if they are capable of taking reservations for an airline. If your Web site is just information about the agency and its services, but does not have a booking facility, you are not required by the rules to display the privacy notice.

Q. If an agency has a booking engine on its Web site, is there a particular form of privacy notice that must be displayed?

A. Yes. The rule requires specific language, as set forth below, but the requirement can be satisfied by posting a link to the TSA Web site.

“The Transportation Security Administration of the U.S. Department of Homeland Security requires us to collect information from you for purposes of watch list screening, under the authority of 49 U.S.C. section 114, and the Intelligence Reform and Terrorism Prevention Act of 2004. Providing this information is voluntary; however, if it is not provided, you may be subject to additional screening or denied transport or authorization to enter a sterile area. TSA may share information you provide with law enforcement or intelligence agencies or others under its published system of records notice. For more on TSA Privacy policies, or to view the system of records notice and the privacy impact assessment, please see TSA’s Web site at www.tsa.gov.”

Q. Are travel agents required to provide the privacy notice in telephone, personal or other non-Internet based contacts with prospective air travelers?

A. No. Agents are free, however, to inform consumers that their request for this personal information is a requirement of the federal government for security purposes.

Q. When does the government expect the entire airline industry to be able to collect and transmit Secure Flight information to TSA?

A. Within nine (9) months of publication of the final rule in the Federal Register. That publication should occur within a week. ASTA will advise when more certain implementation dates become available.

Q. Does a travel agent have to verify or validate the accuracy of Secure Flight information provided by a client?

A. No.

Q. Does the travel agent have to make a record in the PNR or elsewhere of an individual’s refusal to provide the Secure Flight information?

A. No, but it would be wise in ASTA’s view to do so.

Q. Will Secure Flight alter the way group space is blocked (without listing all travelers’ names)?

A. No. This is an important clarification that ASTA had requested in its comments. Reservations may be accepted without all of the Secure Flight information, but airlines may not request a boarding pass approval from TSA until the information is in the PNR.

Q. Does the travel agent have to ask for the Secure Flight information each time in repetitive bookings by the same passenger?

A. Not if you have stored the information electronically so it can populate the PNR screen without being re-entered.

Q. Is the government going to do anything to help educate the traveling public about these new requirements?

A. TSA says it will develop a public awareness campaign. ASTA has made input to drafts of such a campaign in the past, but we do not know at this time whether the campaign will be similar. ASTA has offered to assist the government in assuring that the messages in the campaign are framed in language that will help both consumers and travel agents understand what is required.

Q. Will the airlines be able to use the Secure Flight data entered by travel agents for marketing and sales purposes?

A. ASTA asked TSA to make clear that the information was for purposes of Secure Flight watch-list matching only and could not be so used. The explanation of the rule issued by TSA says that “TSA will _ instruct covered aircraft operators to appropriately safeguard the dated related to Secure Flight_.” We believe the intent of this language was to prohibit the airlines from using the data for marketing and sales but ASTA will seek further clarification of this point.

ASTA will continuously monitor the implementation of Secure Flight and provide you with updates and practical suggestions as to how to deal with the program as efficiently as possible.
© 2008 ASTA