Specifications include, but are not limited to: Develop guidelines to help airports of all types and sizes to: (a) identify customer data that is subject to protection; (b) implement compliant data protection management practices, policies, and systems; and (c) develop trust and accountability around data privacy practices for their individual customers. For the purpose of this study: a. Customer data includes, but is not limited to, personal identifiable information (PII) (e.g., medical, biometric, credit card, license plate information); b. Compliance requirements and cybersecurity considerations should reference documents noted in Special Note A; and c. Trust includes instilling confidence in the airport’s uses and protections of customer data (e.g., published disclosure statements, transparency and associated customer communication).
