Skip to main content

Not "Clear" What Happens to Passenger Data.....

Bad news if you were a frequent flyer who ponied up the $199 annual fee to participate in Verified Identity Pass, Inc.'s registered traveler program, branded as "Clear." Last night, the company announced that it was "unable to negotiate an agreement with its senior creditor" and shut down. Membership fees will not be refunded.

The bigger concern is what will happen to the (very) personal information of some 260,000 travelers who had registered and been "cleared." In order to receive a Clear card, you had to provide substantial background information, fingerprints and iris scans. In its announcement, Clear Lanes Are No Longer Available, the website says that the company will take "appropriate steps" to delete its customers' personal data. Given some of the prior history of the company with respect to securing that information, I am not reassured by that statement.

Last year, the company acknowledged temporarily losing an unencrypted laptop at San Francisco International Airport that contained the personal data of approximately 33,000 of its customers. In a press release, the Transportation Security Administration announced at the time that it was temporarily suspending Verified Identity Pass' operations of the Clear program until VIP got its security house in order. The question is: now what? Does a bankruptcy judge decide what happens to the data? Will those whose information is in the database be informed in a manner other than a post on the company website? What methods will this now-defunct company use to "delete" the wealth of personal data it has on 260,000 Americans and how can those people be assured that any such deletion is reliable (I'll be interested in hearing about that...)?

Tip of the iceberg...............

Subscribe To Viewpoints


Cynthia J. Larose

Member / Co-Chair, Privacy & Cybersecurity Practice

Cynthia J. Larose is Chair of the firm's Privacy & Cybersecurity Practice, a Certified Information Privacy Professional-US (CIPP-US), and a Certified Information Privacy Professional-Europe (CIPP-E). She works with clients in various industries to develop comprehensive information security programs on the front end, and provides timely counsel when it becomes necessary to respond to a data breach.