Data Protection, timescales and aeroplanes

S

(Shovel)

Guest
Ello all, after a bit of help with a Uni project.

We've got a big development project based around a ficticious Flight Operator. It's essentially to design a complete computerised system for customer bookings through to flight and fare management and marketing.

It's marketing where things get a little legal. Data Protection is something I'm trying to cover, since we have to provide a presentation on the project, but not from a "technical" angle (more for the perspective of the company itself).

Now, DP principal number 5 says that data should not be held for "longer than is necessary". Nice an exact.

1) So, this system takes the name and contact details of passengers, once they've been on their flight, so far as I can see there is no need for the company to keep their details. However, this is dedicated to air travel, so are there any police requirements to keep hold of passenger details for a length of time after they fly?

2) There is a club for frquent fliers - usual points means prizes type set up. Now, my understanding is that joining the club would include opting in to keeping the link between you and your flights for longer than this, which for the company provides direct mail oppotunities etc. Is this correct? Or would even club members be protected to have their details separated from their flights after a length of time?

3) Payment: Payment details get stored, after the money has been taken, is there any reason to keep this? I've been told that there may be company tax reasons to hold on to it, if that's true, does that mean holding on to the whole hog - names, addresses, card numbers everything? Or just some specific key information?

4) Is it correct that once a link between a flight and a passenger is broken (the flight information made anonymous) there is no problem with keeping the flight info forever?


Essentially, I'm after knowing how long each section of data needs to be/can be kept for, so that this can be made part of the design, and presented to the company.

Thanks very much,

Ben
 
B

bids

Guest
We cover alot of DP issues at work with patient information (NHS), but I'm not sure how this relates to your airline stuff. But with my limmited knowledge:

1) As far as DP goes, there is no longer a need to keep personal data, but there were special provisions made for the retention of data under the prevention of terrorism act (re. Sept. 11) - not sure if the security services/police may require you to keep the info longer.

2) As long as they are made aware in the joining 'bumf' that there flight usage info is kept with their membership details, they have 'opted in' and therefore shouldn't be a problem. However, multiple bookings, etc, - you cannot store personal information that relates to other individuals not opting in (where they are in a party/group booking).

3) In the NHS, we have a five year retention schedule for finance info - dunno whether this applies, but the finance bods should be able to answer this one.

4) As long as it is anonymous, correct.

Hope this helps :)
 
T

Tom

Guest
1) Doesn't the passenger manifest contain their details?
 

Users who are viewing this thread

Top Bottom