The US Government is about to undertake a massive nationwide Master Data Management program. Like all big MDM programs, concerns over data quality, data governance and exception handling loom large, but there's a difference this time...
The US Government is about to undertake a massive nationwide Master Data Management program. Like all big MDM programs, concerns over data quality, data governance and exception handling loom large, but there's a difference this time: the Secure Flight program announced by the Transportation Security Administration (TSA) will be directly affecting you, me... and our great grandchildren.
The T.S.A Secure Flight program has been developed by the Department of Homeland Security (DHS) in response to a key 9/11 Commission recommendation for improving the effectiveness of watch lists at our airports, in order to enhance the security of domestic and international commercial air travel. As reported in The New York Times and on the TSA Web site, the Secure Flight program will improve upon current practices in matching passenger identities to watch lists in many ways. At first glance, this appears to be a well thought-out program that conforms to several basic tenets of Master Data Management (in bold below), in this case for the "Customer" entity.The TSA program has scope for improvement as well… but then, which MDM program doesn't? Here's how the new program will improve on the old.
Entity matching: Instead of relying on only passenger names, as happens currently -- leading to numerous instances of innocent passengers getting harassed or worse -- multiple identifying attributes will be coalesced to help uniquely determine passenger identity: passenger full name (note "full"), gender and date of birth. Right away, the remote likelihood that two different persons have the same full name and date of birth reduces error rates and the chances of a passenger being singled out unfairly. The role of gender isn't quite clear -- would they let two such passengers get away merely because they declare different genders? It's also not clear if they will be using nationality along with name and date of birth... but we hope it's a "safe" assumption that they will.
Single source of the truth and data stewardship: Information collected will be transferred to TSA, which will then verify the stated identity against a central database. TSA is taking over this responsibility from aircraft operators who, up until now, have been responsible for checking passengers against government watch lists -- clearly a vast improvement over current state in terms of data security and process integrity.
Exception handling: Passengers that get ensnared in the process -- rightly or wrongly -- will be assigned a "redress number" that they can use the next time they book a flight to get clearance for travel. As we all know, no MDM implementation is complete without a good strategy for exception handling, and it's a relief to see that the TSA has thought this one through.
However, concerns still remain. For example, in the matter of exception handling, success lies in faultless implementation -- what good is a redress number, if it cannot be resolved quickly? The specter of future abuse is even more worrisome. The TSA will keep passenger information on file for seven days for those cleared to fly, but for those who are a potential match, it will be kept for seven years... and for confirmed matches, it will be stored for 99 years.
Ninety-nine years? Would innocent descendents of today's "confirmed matches" be forced to spend their lifetimes trying to clear their good names, smeared -- possibly inadvertently, even -- generations ago?The US Government is about to undertake a massive nationwide Master Data Management program. Like all big MDM programs, concerns over data quality, data governance and exception handling loom large, but there's a difference this time...
We welcome your comments on this topic on our social media channels, or [contact us directly] with questions about the site.
Cybersecurity Strategies for the Digital EraAt its core, digital business relies on strong security practices. In addition, leveraging security intelligence and integrating security with operations and developer teams can help organizations push the boundaries of innovation.