JetBlue Hits Turbulence For Violating Customer Privacy Policy - InformationWeek
01:14 PM

JetBlue Hits Turbulence For Violating Customer Privacy Policy

Under fire for violating its own privacy policies, JetBlue says it won't participate in a computer-assisted passenger pre-screening system unless mandated by law.

A group of passengers has filed a class-action lawsuit against JetBlue Airways Corp., charging the airline with violating its own privacy policy by providing a military contractor with passenger data. The suit, filed Monday in Utah's 3rd District Court, comes on the heels of a complaint filed Monday with the Federal Trade Commission by a privacy watchdog group over the same incident.

The lawsuit charges JetBlue with fraudulent misrepresentation, breach of contract, and invasion of privacy and seeks unspecified compensatory damages but no punitive damages.

JetBlue admitted Monday that it provided passenger names, addresses, and phone numbers to Torch Concepts Inc., a defense contractor that develops data-mining and pattern-recognition technology to identify potential terrorists. Torch Concepts used the data as part of a risk-assessment study to improve security at military bases.

On Monday the Electronic Privacy Information Center, a privacy advocacy organization, filed a complaint with the FTC against JetBlue and Acxiom Corp., a marketing database company, charging the two with violating consumer protection laws by providing Torch Concepts with customer data. The complaint says JetBlue provided information on 1.5 million passengers.

The privacy information center says Torch Concepts combined the JetBlue information with additional personal information from Acxiom, including demographic data and Social Security numbers, to determine if passengers could be deemed a security risk, according to the privacy information center complaint.

The privacy information center's complaint charges that JetBlue's and Acxiom's actions violated privacy policies posted on their Web sites. Violating published privacy policies is fraudulent under consumer protection laws.

JetBlue has already issued a public apology for the incident. Monday the airline released a statement saying it has retained the Deloitte & Touche consulting firm to "assist the airline in its analysis and continued development of its privacy policy" in light of the incident. The airline has not yet seen the class-action lawsuit and wouldn't comment.

Acxiom, in a statement, denies that data-processing work it performed for Torch Concepts under contract with the Department of Defense violated its privacy policy. Acxiom's policy, the company says, clearly states that the company provides information such as financial data and Social Security numbers to government agencies "for the purposes of verifying information, employment screening, and assisting law enforcement."

The privacy information center also filed Freedom of Information Act requests with the Federal Aviation Administration, the Transportation Security Administration, and the U.S. Army (which commissioned the Torch Concepts work) seeking additional information about the anti-terrorism screening program.

JetBlue provided passenger itinerary data--but not credit-card or payment information--to Torch Concepts "at the special request of the Department of Defense," according to the airline's statement. JetBlue also said it has been told by Torch Concepts that no "identifiable customer data" was shared with other parties, including the Defense Department or the transportation security administration, and that all the data has been destroyed.

JetBlue also said it has decided, unless mandated by law, that it will not participate in the CAPPS II (computer-assisted passenger prescreening system) program now being developed by the transportation security administration. JetBlue had initially agreed to participate in the development of CAPPS II.

The FTC has "been very active" in enforcing privacy regulations, "so we take allegations like this very seriously," says FTC spokeswoman Claudia Bourne Farrell. She could not say how long it will take to investigate the privacy information center complaint, although she said such complaints are often resolved by the parties through negotiation and consent decrees.

We welcome your comments on this topic on our social media channels, or [contact us directly] with questions about the site.
Comment  | 
Print  | 
More Insights
Newest First  |  Oldest First  |  Threaded View
2017 State of IT Report
2017 State of IT Report
In today's technology-driven world, "innovation" has become a basic expectation. IT leaders are tasked with making technical magic, improving customer experience, and boosting the bottom line -- yet often without any increase to the IT budget. How are organizations striking the balance between new initiatives and cost control? Download our report to learn about the biggest challenges and how savvy IT executives are overcoming them.
Register for InformationWeek Newsletters
White Papers
Current Issue
Top IT Trends for 2018
As we enter a new year of technology planning, find out about the hot technologies organizations are using to advance their businesses and where the experts say IT is heading.
Twitter Feed
Sponsored Live Streaming Video
Everything You've Been Told About Mobility Is Wrong
Attend this video symposium with Sean Wisdom, Global Director of Mobility Solutions, and learn about how you can harness powerful new products to mobilize your business potential.
Flash Poll