Boarding Pass Security System (BPSS) and CATSA Plus
Author: CATSA
Version: Public Summary - Privacy Impact Assessment
Date: August 2023
Executive Summary
This is a summary of the Privacy Impact Assessment (PIA) completed by the Canadian Air Transport Security Authority (CATSA) for the Boarding Pass Security System (BPSS) and CATSA Plus. CATSA, through BPSS scanners, collects information from passenger boarding cards to validate whether access is permitted to airport secure areas, and from Trusted Traveller program cards to ensure they are valid.
CATSA Plus is a screening-line infrastructure design comprised of a scalable collection of modular features to enhance passenger experience, which can include such innovations as remote x-ray analysis. CATSA shares a limited amount of passengers’ personal information collected by the BPSS with air carriers, airport authorities, and screening contractors for the following reasons:
- Ensuring compliance with Canadian aviation regulations;
- Assisting air carriers to make better decisions regarding flight departures or delays;
- To improve operational related decisions; and
- Improving security management overall for CATSA and other aviation security partners.
The PIA was conducted using the Treasury Board of Canada Secretariat guidelines for conducting PIAs, which incorporates the ten principles of the Canadian Standards Association (CSA) Model Code for assessing fair information handling practices.
The PIA concluded that CATSA is addressing all risks with risk mitigation strategies that are in line with privacy best practices including ensuring:
- Only limited passenger personal information is collected and retained by BPSS.
- Only limited passenger personal information is accessible by air carriers.
- Agreements are executed with air carriers, airport authorities, and screening contractors that contain terms and conditions to protect individuals’ privacy. These provisions limit the use, disclosure, retention, and disposal of personal information.
- Accurate privacy notice statements explaining BPSS data sharing are readily available to the travelling public online.
Privacy Principles
The findings and recommendations relating to potential privacy risks for the BPSS Data Sharing Initiative below are presented in a framework consistent with the ten privacy principles of the CSA Model Code for assessing fair information handling practices.
Principle 1: Accountability
CATSA has assigned the accountability for privacy risks and their mitigation.
Principle 2: Identifying Purposes
CATSA has prepared communication material to explain the BPSS and CATSA Plus to travellers. Notice identifying the purpose of BPSS is available online.
Principle 3: Consent
CATSA considers the disclosure of passengers’ personal information, for the purposes listed above, to the air carrier issuing the boarding pass a consistent use.
Principle 4: Use
The table below illustrates the specific data elements that are available to each stakeholder:
| BPSS data element | Source of info | Data available to Airports | Data available to Air Carriers | Data available to Screening Contractors |
|---|---|---|---|---|
| Airline Code | Barcode | Yes | Yes | Yes |
| Flight Number | Barcode | Yes | Yes | Yes |
| Flight Date | Barcode | Yes | Yes | Yes |
| Seat Number | Barcode | No | Yes | No |
| Check-in sequence number | Barcode | No | Yes | No |
| Airport Code | BPSS | Yes | Yes | Yes |
| Checkpoint name | BPSS | Yes | Yes | Yes |
| BPSS Scan type | BPSS | Yes | Yes | Yes |
| Manual Entry (“Y/N”) | BPSS | Yes | Yes | Yes |
| De-personalized bar code ID | BPSS | Yes | Yes | Yes |
| Scan Time | BPSS | Yes | Yes | Yes |
| Wait Time | BPSS | Yes | Yes | Yes |
CATSA has included clauses in the information sharing agreements that limit the retention period for the information that is accessible by stakeholders.
Principle 5: Disclosure and Retention
CATSA limits the retention of a passenger’s name to 30 days, unless the passenger in question was involved in an incident, a security breach, or filed a complaint or claim, in which case the passenger’s name would be retained for two years. This retention practice is consistent with the requirements listed in the Privacy Regulations. CATSA has included clauses in the information sharing agreements that limit the retention period for the information that is accessible by stakeholders.
Principle 6: Accuracy
CATSA and the BPSS rely on the air carriers to provide accurate and up-to-date data on boarding passes and the airport authority to provide accurate data in the flight information system. The BPSS will identify duplicate and fraudulent boarding passes based on the accuracy of the data that is provided by air carriers and airport authorities.
Principle 7: Safeguarding
Prior to the launch of data sharing, the addition of Trusted Traveller card scanning and validation, CATSA Plus remote x-ray analysis, CATSA officials assessed the administrative, physical and technical safeguards associated with the BPSS.
Principle 8: Openness
CATSA provides information online about the purpose for the collection of personal information by BPSS. Additionally, the Personal Information Bank PPU 100 - Boarding Pass Security Screening explains CATSA’s handling of personal information collected by BPSS.
Principle 9: Individual Access
Individuals requesting access to their personal information collected by the BPSS may forward their requests to the CATSA Access to Information and Privacy Coordinator.
Principle 10: Challenging Compliance
Individuals requesting additional information regarding the privacy management features of the BPSS may contact the CATSA Privacy Advisor at priv@catsa.gc.ca. If individuals are not satisfied with the outcome of their response, they can formally file a complaint with the federal Privacy Commissioner.
Conclusion
In conducting interviews and reviewing the documentation provided for PIA purposes, it was concluded that CATSA has incorporated privacy as a core element of the BPSS Data Sharing Initiative. CATSA will continue to assess the effectiveness of this initiative.