The Transportation Security Administration (TSA) continues to investigate the circumstances surrounding the loss of a Clear®- owned laptop computer on July 26 that contained unencrypted data of approximately 33,000 customers. TSA has verified that a laptop was discovered by Clear® officials yesterday at San Francisco International Airport (SFO). It was voluntarily surrendered to TSA officials for forensic examination.TSA’s regulatory role in this matter is as follows: Every commercial airport is required to have an approved airport security plan. So Registered Traveler is part of that comprehensive plan at the airports where it operates. Under the airport security plan, the sponsoring entity, (SFO in this case) is required to assure its vendors have an approved information security program. Because the computer at SFO was not encrypted it is in violation of the airport’s security plan.
TSA also has the ability to go directly to vendors when the plan is not being adhered to so TSA is conducting a broad review of all Registered Traveler providers’ information systems and data security processes to ensure compliance with security regulations.
Clear® needs to meet the information security requirements that they agreed to as part of the Register Traveler program before their enrollment privileges will be reinstated. Encryption is the wider issue as opposed to one incident with one laptop. So for now, Clear® enrollments remain curtailed.
Current customers will not experience any disruption when using Registered Traveler.
Eos Blog Team
