The operator of Clear, a Registered Travel program, e-mailed members on Friday describing how it intends to protect all of the private information it had collected on members. The email, published in the Denver Business Journal, says, in part:
How is Clear securing personal information?
Clear stands by our commitment to protect our customer’s personally identifiable information — including fingerprints, iris images, photos, names, addresses, credit card numbers and other personal information provided to us — and to keep the privacy promises that we have made. Information is secured in accordance with the Transportation Security Administration’s Security, Privacy and Compliance Standards.
How is Clear securing any information at the airports?
Each hard disk at the airport, including the enrollment and verification kiosks, has now been wiped clean of all data and software. The triple wipe process we used automatically and completely overwrites the contents of the entire disk, including the operating system, the data and the file structure. This process also prevents or thoroughly hinders all known techniques of hard disk forensic analysis.
How is Clear securing any information in central databases and corporate systems?
Lockheed Martin is the lead systems integrator for Clear, and is currently working with Verified Identity Pass, Inc. to ensure an orderly shutdown as the program closes. As Verified Identity Pass, Inc. and the Transportation Security Administration work through this process, Lockheed Martin remains committed to protecting the privacy of individuals’ personal information provided for the Clear Registered Traveler program. Lockheed’s work will also remain consistent with the Transportation Security Administration’s federal requirements and the enhanced security and privacy requirements of Verified Identity Pass, Inc.
The computers that Verified Identity Pass, Inc. assigned to its former corporate employees are being wiped using the same process described for computers at the airports.
Will personally identifiable information be sold?
The personally identifiable information that customers provided to Clear may not be used for any purpose other than a Registered Traveler program operated by a Transportation Security Administration authorized service provider. Any new service provider would need to maintain personally identifiable information in accordance with the Transportation Security Administration’s privacy and security requirements for Registered Traveler programs. If the information is not used for a Registered Traveler program, it will be deleted.
How will members be notified when information is deleted?
Clear intends to notify members in a final email message when the information is deleted.
Who is monitoring this process?
Clear is communicating with TSA, airport and airline sponsors, and subcontractors, to ensure that the security of the information and systems is maintained throughout the closure process. Clear thanks these partners for their continuing cooperation and diligence.