With Clear's airport security dissolving, what happens to all that personal data?
After days of uncertainty following Verified Identity Pass's abrupt shutdown last week, representatives of the defunct company are coming forward with at least some data on what will happen to the large collection of personally identifiable information (PII) it acquired from its customers.
In a letter to former members that's also posted to its Web site, Clear Customer Service attempted to address at least a few of the questions that have come up. The company (the letter was unsigned) reiterated that the data "is secured in accordance with the Transportation Security Administration's Security, Privacy, and Compliance Standards." The company revealed that Lockheed, which has been the firm's lead systems integrator, is working with parent company Verified Identity Pass, Inc. and the US Transportation Safety Administration "to ensure an orderly shutdown as the program closes."
Laptops, both those used at airport check-in stations and those used by former employees, are undergoing the "triple-wipe process." It all sounds very sanitary, though studies (PDF available here) indicate that unless the drives are more than a few years old, one wipe will actually do -- if it's the Secure Erase process or another process meeting the specifications lain out by NIST 800-88, the National Institute of Standards and Technology Guidelines for Media Sanitization. (Whether that's the case isn't clear from the letter.) The company says it will notify members via e-mail when the process is completed.
Though the company didn't exactly rule out the sale of PII, it took some trouble to lay out the parameters of any potential sale. "The personally identifiable information that customers provided to Clear may not be used for any purpose other than a Registered Traveler program operated by a Transportation Security Administration authorized service provider," the letter explained. "Any new service provider would need to maintain personally identifiable information in accordance with the Transportation Security Administration's privacy and security requirements for Registered Traveler programs. If the information is not used for a Registered Traveler program, it will be deleted."
And about those refunds? Forget it -- your money's in limbo, especially since the company not actually in bankruptcy. Limbo everywhere, it seems -- sort of like being stuck at the airport between flights.