America West Airlines finds itself in the unhappy position of not having the technology needed to comply with a new information-sharing requirement from the U.S. Customs Service. Consequently, all its international passengers and their bags are being searched upon arrival in the United States. That's not considered great customer service-and the carrier can ill afford unhappy customers.

The airline industry isn't the only one being enlisted to help fight terrorism by granting federal agencies access to customer information. A group of the nation's largest banks last week disclosed a plan to let government agencies check their records daily in an effort to cut terrorists off from their financial resources. And Homeland Security director Tom Ridge proposed creating a national network and database for collecting health-care data to better detect and respond to bioterrorism.

As the government steps up the war on terrorism, hundreds of companies could be called on to provide information that the government considers useful. Compliance can involve technical, legal, and ethical issues, not to mention cost. The development work America West is doing to feed data into the Customs Service's Advance Passenger Information System will cost $100,000.

Until now, the electronic transfer of international passenger lists to the Customs Service while a flight was en route was voluntary. But Customs Service commissioner Robert C. Bonner last week ordered airlines to provide passenger and crew data electronically-including scanned images of passports, visas, and other documents-by Nov. 29 or subject passengers to searches upon arrival. He's getting a jump on one of the provisions of the aviation security law, which takes effect Jan. 18; after that date, airlines also will face fines for noncompliance.

America West and its IT contractor, EDS, last week were still developing the software needed to transmit passenger lists in advance, a project that should be completed by the Jan. 18 deadline, an airline spokeswoman says. America West currently provides that information on paper to customs as planes arrive. Some airlines, mostly foreign, are also unprepared or unwilling to comply with the mandate. Carriers that fly only domestic routes ultimately may be affected, too: Bonner has spoken in favor of electronic passenger lists for domestic flights.

In the financial world, the nation's largest bank clearing company, the New York Clearing House Association LLC, and about a dozen major banks are negotiating with the government over greater access to their data. Banks now are required to report transactions of $10,000 or more to the government. "We're working out the details," New York Clearing House president Jeffrey Neubert says. But, he adds, "We won't be disclosing the specifics when they're finalized."

Fundtech Ltd., which develops software that scans wire transfers of $10,000 or more by looking for key words or phrases that could indicate a suspect transaction, is seeing increased interest in its products. The vendor plans to add artificial intelligence to its software to detect suspicious trends by analyzing stored transaction data. For instance, although a single transfer of less than $10,000 wouldn't get screened at transaction time, a series of them could be spotted in a database, prompting system monitors to look closer.

It's not as easy as it sounds. Fundtech's software comes across transactions that bear closer scrutiny every day at Washington Mutual Inc., but none of them has proven to be tied to criminal activity in the past year. "Most of the hits are soundalikes," says Beverly Mumford, VP of the wire-transfer department at the consumer and small-business bank in Seattle. Those involved in illegal activities have become more aware of sophisticated electronic surveillance and are using different methods to move funds, she adds.

Health-care providers and public agencies will have to ensure that information shared over a nationwide health network is secure, network coordinator Bersell says.

Compass Bank, a subsidiary of Compass Bancshares Inc., uses Fundtech's software to ensure that it complies with regulations set by the Treasury Department's Office of Foreign Assets Control, which enforces economic and trade sanctions against drug traffickers, certain foreign countries, and groups that sponsor terrorism. Compass Bank is careful about identifying individual customers to the government, says VP Terri Yancey, who manages the bank's wire-transfer department. "We have to follow the Gramm-Leach-Bliley privacy act," she says. Before sharing customer-specific data, Compass' security department "authenticates" both the person making the request and the legitimacy of the request itself, she says.

Privacy laws intended to protect credit, financial, and health data remain in effect. But companies generally won't run into problems for complying with legitimate requests from the government for data that otherwise would be protected, says Orson Swindle, a commissioner at the Federal Trade Commission, the agency that enforces privacy laws. "If the holder of such information provides it to investigating offices for justified purposes," he says, "I don't see how that alters what we do at the FTC."

The catch: Businesses remain legally bound to follow publicly stated privacy guidelines. Companies might want to update such policies to reflect any new data sharing that may occur, Swindle says.

Privacy is also an issue for the health-care industry as it ponders Ridge's plan to create a medical network that would be used to detect bioterrorism threats and coordinate responses among public health authorities. The system will be built on the Health Alert Network operated by Health and Human Services for linking state and local health officials with the Centers for Disease Control and Prevention. A Computer Sciences Corp. survey of more than 160 CIOs at health-care organizations found that safeguarding information is their top IT issue. Depending on how data is handled going forward, "there could be huge privacy issues," says Kevin Bersell, New Mexico's public-health network coordinator.

As part of the Health Insurance Portability and Accountability Act, "chain-of-trust" agreements must be signed between health-care organizations and other parties that share patient data. That would seem to put shared responsibility on health-care providers and public agencies to get it right. "It's a two-way street," Bersell says. "Each party has to make sure data is secure."

Those sentiments will probably be heard a lot as more businesses are asked to help in the war on terrorism.-With Eileen Colkin, Marianne Kolbasuk McGee, and John Rendleman