American Airlines recently learned that in June 2002, at the request of
the Transportation Security Administration (TSA), some passenger travel
data was turned over by an American Airlines vendor to four research
companies vying for contracts with TSA.
The discovery came as American reviewed whether it had turned over such
data to the TSA following the announcement of data releases by other
carriers. American authorized passenger names records (PNRs) held by its
vendor, Airline Automation Inc., to be given directly to the TSA. Instead,
AAI gave the data to four vendors.

American agreed to provide one week’s worth of PNRs—approximately 1.2
million records—to the TSA because of the heightened interest in
aviation security at the time and American’s desire to ensure its
passenger and crew safety following the unprecedented attacks on the World
Trade Center and Pentagon only nine months earlier. “Our desire to assist
TSA in the aftermath of the events of Sept. 11, was consistent with our
focus on safety and security,” said John Hotard, spokesperson for
American. “No passengers were harmed by the transfer of the data.”

A passenger name record is created when a passenger makes a travel
reservation and includes itinerary information. AAI required each vendor
to execute nondisclosure agreements that governed the use of the PNR data
and required the destruction or the return of the data after the project
was completed.
——-