Clear's privacy policy:

I wrote earlier about how Clear appears to be willing to sell its customer database to another Registered Traveler company.

It turns out that that this would be a violation of Clear's privacy policy, at least as it stood on Oct. 1 2008.

Section 3, subsection B seems pretty, um, clear:

B. None of the information that we collect may be used for any purpose outside the operation and maintenance of the Clear Services

Of course, what are the penalties for an out -of-business company that violates its own privacy policy? Come to think of it, what penalties are there for any company that violates its privacy policy?

UPDATE

I just spoke with Clear's privacy ombudsman, Professor Paul Schwartz, of the University of California, Berkeley. In his opinion selling the Clear service to another company, that continued to operate Clear would not violate this policy.

On the other hand, handing over your credit and biometric information to a another company without your consent seems, at very least, uncool.

Clear should give its former customers a way to have their data deleted immediately.

I"m going to try to get an interview with someone at Clear, so if you have any questions you'd like me to ask, drop me a  line at bob_mcmillan@idg.com

You can find the original pdf version of Clear's privacy policy here.

Text version follows:

Clear’s Privacy Policy

The Clear® Registered Traveler program (“Clear”) is owned and operated by Verified Identity Pass, Inc., a privately held

company. This program is operated in accordance with standards set and oversight conducted by the U.S. Government’s

Transportation Security Administration (TSA), a division of the Department of Homeland Security.

In this privacy statement, Clear explains the steps we take to protect the privacy, confidentiality, and security of personal

information about our applicants and members.

If, after reading this explanation, you have questions or want further information, please contact Clear’s Chief Privacy Officer.

1. WHAT INFORMATION WE COLLECT AND HOW WE USE IT

Participation in Clear is voluntary. If you choose to apply for Clear membership, we request certain information from you as

part of the enrollment process which we retain and use in connection with the administration of Clear.

A. Initial application and identity verification. Applicants are required to provide certain basic personal information about

themselves in order to initiate an application, some of which we are required by TSA to request. The information that TSA

requires us to request is full legal name, other names used, Social Security number (optional), citizenship, Alien Registration

Number (if applicable), current home address, primary and secondary telephone numbers, current email address, date of birth,

place of birth, gender and height. TSA also lists as optional, but helpful, the following personal information: home addresses,

driver’s license number and employer’s name and address.

All information that is related to you is encrypted when stored or in transit.

We recognize the sensitivity of all of this information. With respect to your Social Security number in particular, we take extra

precautions to protect it. For example, your Social Security number is stored in a separate facility and device from the personal

information that is needed for customer service issues. We have also used an extra layer of encryption to ensure the protection

of your Social Security number.

TSA also requires Clear to request that applicants appear in-person with two forms of government-issued identification (one

of which must contain a photo) – such as a passport or driver’s license. We carefully examine these documents for authenticity

using document inspection technology to detect tampering or counterfeiting. So that we have a complete record of your

application, we store in a secure database the biographical information you supply and an image of the documents you submit

to enroll. We use this information to provide customer service where your biographical information and document images are

required, such as for card re-issuance.

In order to minimize the possibility of someone committing identity fraud, we are partnering with the American Association

of Airport Executives’ Transportation Security Clearinghouse and with nationally-recognized identity verification and fraud

detection companies to compare the information you provide with publicly-available records such as telephone number

listings, as well as personally identifiable information (but not any financial information) associated with credit reports. (We

and our partners never collect or use financial information in any way in connection with Clear.) Our partner(s) will also check

your name and other identifying information against global terrorist watch lists. Although we pass your biographical data

through these identity verification processes, our partners have signed contracts agreeing not to retain, use or sell your data for

any reason.

There may be one or more mismatches between your biographical data on the one hand, and the underlying public records on

the other. For example, your Social Security number may be linked in public records to a different name and address than the

one you give us. This may be the result of someone having stolen your Social Security number or a clerical error, to name just

two possibilities. In any case, we will be able to alert you to this and will be able to assist you in correcting any mismatch if it is

an error.

Clear also collects an applicant’s credit card information for membership payment. This information is collected solely for our

use, although we must share it with a credit card processor to charge your credit card account. It is not transmitted to or shared

with TSA, and TSA does not require its collection. As an extra precaution, your credit card information is stored in a separate

facility from the personal information that we are required by TSA to request from you (described above).

B. Biometrics. Following successful initial identity verification, Clear takes your digital photo and digital images of all of your

fingerprints and your irises and stores these images in your record in Clear’s secure database – all in compliance with TSA

requirements. If you are approved for Clear membership, your biometrics are used as part of our identity verification processes

when you use your Clear card.

C. Enhanced Equipment. If you are using any of our enhanced equipment at the Clear lane, such as the shoe scanner, you may

be issued a receipt to show the TSA officer at the lane whether you have been processed by that equipment. For example, the

receipt might say that your shoes have been cleared and, therefore, that you do not have to remove them before going through

the metal detector. The receipt has your digital photo on it to ensure that you cannot switch it with someone else. But it does

not have your name, and the TSA requires its officers to destroy the receipts they collect by the end of each day.

D. Verification. When your Clear card is presented at the Clear lane kiosk, you are also asked to present your biometric —

your fingerprint or your iris image — at the kiosk to make sure it matches the biometric embedded in the card. This is our

way of making sure that the card actually belongs to you. If approval is granted, the Clear member’s entry is authorized. For

purposes of real-time maintenance and customer support (e.g., if your card doesn’t work, we need to be able to run tests to

understand why), we will maintain “log files” of entrances to local venues. However, we purge these records automatically on a

daily basis, and we have designed our network so that neither we nor any of our subcontractors can track and record members’

activities from location to location. Thus, Clear has developed a system that addresses customer service inquiries and system

maintenance needs while still ensuring the privacy of our members.

2. INFORMATION SECURITY

Clear maintains (and we require our subcontractors to maintain) administrative, physical, and technical safeguards to help us

protect your personal information and the integrity of our systems. Examples of the safeguards we employ include:

Each of our employees and the employees of our subcontractors with access to personal information must pass a background

investigation.

Each of our employees and the employees of our subcontractors with access to personal information is required to sign a

confidentiality pledge promising to adhere to Clear’s privacy rules and security procedures, with discipline up to and including

dismissal for violations.

Each of our employees and the employees of our subcontractors with access to personal information receives Privacy and Fair

Information Practices training (i) when they are hired, (ii) if the Policy is changed and (iii) annually.

Access to personal information of applicants and members by Clear employees and subcontractors is provided only on a need-

to-know basis.

..

We use user IDs, passwords and biometrics to regulate access to the personal information of applicants and members

in our systems.

..

We encrypt all personal information about applicants and members in our systems, both in transit and in storage.

..

We apply firewalls to guard our computers against outside intruders.

..

We conduct periodic data security audits. TSA also conducts periodic audits to ensure that we comply with their

standards for data security.

..

We have a regular update process for anti-virus protection and implement operating system security updates for our

network infrastructure.

3. ADDITIONAL LIMITATIONS ON APPLICANT AND MEMBER PERSONAL INFORMATION

A. We do not sell or give lists or compilations of the personal information of our members or applicants to any business or

non-profit organization. We do not provide member or applicant personal information to any affiliated or non-affiliated

organizations for marketing.

B. None of the information that we collect may be used for any purpose outside the operation and maintenance of the Clear

Services.

C. We would only disclose personal information about members or applicants if required to do so by law or legal process.

4. APPLICANT AND MEMBER ACCESS

The Record of an applicant or member in the Clear system is a slim file — as already described. However, an applicant or

member can request a copy of everything that we have in his or her information systems files for Clear identified to the

applicant or member personally, and we will provide this information. If you believe that any of the information we have about

you is inaccurate, please contact Clear Support at (866) 848-2415.

5. COMPLIANCE WITH OUR POLICIES

To assure members and potential members that Clear is following its Privacy and Fair Information Practices Policies, we have

adopted these safeguard processes:

A. Independent Audit. To provide an independent professional and technical review of Clear’s compliance with its Privacy and

Fair Information

Practices Policies, including our data security procedures, we commission an annual outside audit from an Independent Public

Accounting firm. That professional audit, and our response to it, is available to Clear members and the public who wish to see

it. This privacy audit includes audits of any Clear subcontractors who are collecting or maintaining our data.

B. Annual Privacy Report. Our Chief Privacy Officer conducts a yearly privacy and data security report which is presented to

Clear’s CEO and its Board of Directors. This Annual Privacy Report, including any problems identified and steps to be taken

to resolve those, is made available to Clear members upon request.

C. Identity Theft Warranty. Clear has put in place what we believe to be strong, effective measures to protect the security of

the limited personal information we collect from applicants and members. Because we have implemented these measures

and because the public is rightfully concerned about identity theft, we make the following promise to all applicants and

members: In the highly unlikely event that an applicant or member is the victim of identity theft (defined as the taking

of personal information of an applicant or member resulting in fraudulent transactions being made in the name of that

applicant or member), resulting from any unauthorized dissemination by Clear or its subcontractors, or theft from Clear or

Related:
1 2 Page 1
Page 1 of 2
8 pitfalls that undermine security program success