Republican Senators Question the Security of Collecting Health Information from Airline Passengers

A group of Senators Tuesday questioned the security of the Centers for Disease Control and Prevention’s continued order to collect personal data from airline passengers in an effort to contract trace COVID-19 cases.

“We write to express concerns about the impact this policy could have on the privacy and data security of the American flying public,” the senators wrote in a letter to White House COVID-19 Response Coordinator Jeffrey Zients. “It is unclear at this time whether the aviation industry is equipped to collect and retain more personal information from passengers than it does today and share it across multiple proprietary systems before responsibly and securely transmitting it to the CDC.”

Several Republican senators on the Senate Committee on Commerce, Science, and Transportation, including Sens. Roger Wicker, R-Miss., John Thune, R-S.D., Deb Fischer, R-Neb., Marsha Blackburn, R-Tenn., and Rick Scott, R-Fla., signed the letter. 

The order, signed by CDC Director Rochelle Walensky on Oct. 25, requires all airlines arriving into the U.S. from a foreign point of departure to collect five passenger data elements. The data, including passenger names, U.S. address, email address, and primary and secondary phone number, builds on a previous rule issued by the CDC in February 2020.

Airline passengers arriving to the U.S. from foreign locations will be required to report this information to the CDC. 

Other eligible data the CDC could request from passengers includes dates of birth, departure and arrival locations, airline and flight numbers, passport numbers, and seat numbers.

Pursuant to the order, all airlines shuttling international flights into the U.S. will be required to submit this data to the CDC within 24 hours following a formal request from the agency. They will also need to retain passenger data for 30 days following the flight’s departure. 

The order also noted that if the requested data is transmitted from the airline to an “established” Department of Homeland Security system, it will be entered in Homeland’s Automated Targeting System, where it can remain for up to 15 years. 

The senators’ letter cites criminal hackers and spies from foreign governments as two primary threats to American data stored on CDC and Homeland Security networks. The senators also ask how long the data will be retained by CDC officials, and if it will be used for purposes aside from contract tracing. 

The CDC wrote in the order that these data “are necessary for identifying and locating passengers and crew members who may have coronavirus disease 2019 (COVID-19) or may have been exposed to a person with COVID-19 or another communicable disease of concern.” 

The agency also added that it intends to use the designated data elements solely for public health follow-up purposes with federal and local government agencies. 

Regardless, the senators say that the American public should be thoroughly informed of the required data collection on international flights. 

“The traveling public must be informed of the potential costs this order could impose on their privacy,” the press release stated. 

Nextgov reached out to the CDC for comment.