As technology continues to evolve, airports and airport users are collecting more and more data from passengers, airport users, tenants, concessionaires, airlines, and others. Airports and their tenants also are beginning to consider whether and how to monetize the data collected. A wide range of functions within the airport environment will utilize this data, including legal, management, operations, marketing, information technology, and planning and development. People who seek to gather and use this data may not consider or be aware of the legal requirements or implications, including those related to public records, data privacy, data breach, and Payment Card Industry Data Security Standard (PCI DSS) compliance.
The objective of this research was to provide guidance to the collectors of data with respect to the applicable laws, including federal, state, and international, the compliance requirements, and the consequences of non-compliance. The digest includes a survey of applicable law, recommendations for the collection and safe keeping of data, and a review of the issues that arise related to data collection among airports, their tenants, and other users and how to address them.