Definitely: all sectors of society have been impacted by the General Data Protection Law. Regardless of the strategies and precautions adopted, airlines are no exception.
They collect, store, use, and process various personal information every day, whether the data is received via the internet or physically. For this reason, they must comply with the... LGPDSo, what is the relationship between LGPD (Brazilian General Data Protection Law) and airlines?
What information do airlines request?
When creating an account with an airline, personal data is requested. This data will remain there, even if the user who created the account never goes so far as to purchase a ticket or use any other service.
Among the most common:
Full name
- Date of birth
- Gender
- Nationality
— CPF
- Telephone
In addition to other extra information and documents that may be requested as the user progresses through the purchase process.
Finally, sensitive data may also be requested at times. The same applies to employees. Some companies adopt facial biometrics and collect various data during the hiring process.
From the customer's perspective, the airline may request other sensitive health-related information about the person boarding their flight. It is extremely important to be aware of any special needs and to offer customized services to ensure that person's well-being and better manage the situation.
Considering the potential monitoring of minors, another concern arises. The LGPD (Brazilian General Data Protection Law) outlines specific behavioral guidelines for this age group, requiring special attention. Therefore, a significant flow of data is already evident, from the digital to the physical realm.
Furthermore, there is the arrival of people from abroad, not born in Brazil, who also need to go through a series of legal requests and obligations.
Data leaks involving airlines
In 2022, a cyberattack resulted in instability issues on TAP's website and app, affecting passengers who had difficulty accessing their booking information.
Although the company stated that operations were not affected and that the responsible department was working to correct the security flaws, there was no confirmation as to whether the attackers gained access to customer data. On August 31, the group responsible for the attack announced on its website that they had indeed managed to breach the airline's systems and that customer data had been extracted.
Also in 2022, American Airlines, one of the world's leading airlines, reported suffering a cyberattack that resulted in the exposure of its customers' personal information. This information possibly includes name, date of birth, postal address, phone number, email address, driver's license number, passport number, and medical details provided to the company.
According to the website CISO Advisor, the company sent a letter titled “Security Incident Notification” to customers on September 16. American Airlines reported that it discovered the attack in July 2022, when it realized that an “unauthorized agent had compromised the email accounts of a limited number of team members.”
What precautions should airlines take?
In short, airlines handle a vast amount of personal data every day, both digitally and physically. Information keeps coming in, and it's crucial to prevent leaks or misuse.
Therefore, investing in cybersecurity, raising employee awareness of the issue, and understanding the General Data Protection Law is undeniable.
All the precautions mentioned should be implemented in all areas of airlines, in addition to several others, which are equally important for fostering a culture of privacy.
Similarly, strengthen your privacy policy and only comply with what is clearly stated somewhere for everyone to see.
Ideally, have a professional accompanying you and someone prepared to handle all customer requests, as they seek to exercise their rights as legally provided for in the General Data Protection Law.
In conclusion, the LGPD (Brazilian General Data Protection Law) should have a positive impact on airlines, provided that all precautions are consistent and conscientious.
