Airport Business - 19

LANDSIDE SECURITY
stored in airport or third-party
vendor systems.

Know Where the Data
is Coming From
. Graphics below illustrate the type of
ground transportation data collected
by airports.
The definition of data considered
personal is evolving. This data can create
a complete picture of individuals and
their visits to the airport.

Enact Privacy
Safeguards
To address privacy issues, privacy
requirements are being enacted. Some
of the key areas airports need to
incorporate into privacy policy and
procedures include:
1. N on-Disclosure Agreements
(NDA): While having an NDA in
place will not thwart a cybercrime,
it will provide a confidentiality
agreement with third parties and will
help define actions if the information
is disclosed.

3. C
 alifornia Consumer Privacy Act
(CCPA): The CCPA went into effect
on Jan. 1, codifying enhanced privacy
rights. Consumer data privacy rights
allow residents to request from
businesses the categories and specific
elements of personal information the
business collects about the consumer,
the categories of sources from which
that information is collected, the
business purposes for collecting or
selling the information, and the
categories of third parties with which
the information is shared.
4. New York Privacy Act: If passed,
it will give New York residents
sweeping, comprehensive, and
empowering consumer privacy rights.
5. State privacy laws: Each state has
some level of privacy requirements
or breach/loss of data notification
guidelines, so understanding the
requirements by state is highly
recommended.

Data Security
Safeguards
Airport IT systems are growing in
complexity. Many airports are part of a
city, county, or other organization that
implemented programmatic links to
enterprise level systems that are a very
attractive target for cyber criminals.
Airports have to address the risk of
employees with access to systems to be
the source of a breach. This includes
accidental acts that transmit or publish
airport data to unintended recipients as
well as intentional acts.

Plan Ahead
2. 
G enera l Dat a P rotec t ion
Reg u l at ion (GDPR): The
European Union's General Data
Pr ivacy Reg u lation contains
important operational requirements
concerning data minimization,
accuracy, accountability, purpose
and storage limitations, and data
protection that will require impacted
organizations to make technology and
administrative changes. The GDPR
mandates companies demonstrate
compliance, which require the
existence of policies, procedures and
documentation mechanisms.

There is no reason to expect the risk
of a data security breach will go away.
A number of models have been
developed to guide organizations in
developing a comprehensive approach
for their cyber security programs.

Internal Efforts
There are steps every airport can take
to help secure their data.
1. 
I dentify where conf idential
data and Personally Identifiable
Information (PII) resides within
the airport environment. It's critical
to identify the types of information,
specif ically related to customer
PII data and identify where that

information is housed, what systems
interact with it, and where can it go.
A data flow diagram is a helpful tool
to identify these items.
2. Risk Assessment:
* Develop a data inventory and
systems with personal, confidential,
proprietary and/or operational data
and a list of the data being stored.
* Identify the purpose, use and
authorized users of the data and
systems.
* Identify the risks of privacy and
security threats information.
*
P er for m SWOT (Streng ths,
Weak nesses, Oppor t un it ies,
Threats) analysis for systems and
data considered in-scope to.
3. Communicate with employees
and vendors the importance of the
proper use and protection of airport
systems, as well as the policies and
procedures in place to minimize
threats.
4. Conduct a review of vendors and
corresponding access to data and
systems and evaluate the adequacy of
their privacy and security programs.
5. Adopt and publish a privacy
policy addressing the airport's
handling of personal data.
6. Develop and implement a "Privacy
& Security" policy for employees.

External Efforts/
Resources
There are external resources which can
secure data.
1. Obtain consultant assistance
when resources or experience is
required.
2. R equest vendor/third-party
security certifications such as ISO
27001, NIST CSF, HITRUST, and
FedRAMP.
3. C onsider completing System
and Organization Controls
Assessment (SOC) assessments
through a third-party independent
auditor.
4. Gain an understanding of state,
national, and international
legislation related to personal
information.
5. Consider performing Payment
Card Industry (PCI) assessment
activities based on the volume or
the need for securing card data. 

AUGUST | SEPTEMBER 2020 \ AVIATIONPROS.COM / 19


http://www.AVIATIONPROS.COM

Airport Business

Table of Contents for the Digital Edition of Airport Business

Inside the Fence: Statistically Speaking...
Industry Update
The FBO Customer Experience Beyond COVID-19
Switching Seats: COVID-19's Impact on the Terminal
Data Security and Privacy at Commercial Airports
A Private Affair
Creating Quality Customer Service
Designing the 'Airport of the Future'
Will Peer-to-Peer Car Sharing be the Next Disruptor?
An Airport Takes Off
Totally Boggus: Clearing the Air
Proactive Technology Strategies for Airlines to Succeed Post COVID-19
Looking to Upgrade Your Sustainability Practices? Ask These Questions First
Product Profile: Runway Reliability - Stable Soils Make the Difference
Airport Business - 1
Airport Business - 2
Airport Business - 3
Airport Business - 4
Airport Business - 5
Airport Business - Inside the Fence: Statistically Speaking...
Airport Business - 7
Airport Business - Industry Update
Airport Business - 9
Airport Business - The FBO Customer Experience Beyond COVID-19
Airport Business - 11
Airport Business - Switching Seats: COVID-19's Impact on the Terminal
Airport Business - 13
Airport Business - 14
Airport Business - 15
Airport Business - 16
Airport Business - 17
Airport Business - Data Security and Privacy at Commercial Airports
Airport Business - 19
Airport Business - A Private Affair
Airport Business - 21
Airport Business - 22
Airport Business - 23
Airport Business - 24
Airport Business - 25
Airport Business - Creating Quality Customer Service
Airport Business - 27
Airport Business - Designing the 'Airport of the Future'
Airport Business - 29
Airport Business - Will Peer-to-Peer Car Sharing be the Next Disruptor?
Airport Business - 31
Airport Business - An Airport Takes Off
Airport Business - 33
Airport Business - 34
Airport Business - Totally Boggus: Clearing the Air
Airport Business - Proactive Technology Strategies for Airlines to Succeed Post COVID-19
Airport Business - 37
Airport Business - Looking to Upgrade Your Sustainability Practices? Ask These Questions First
Airport Business - 39
Airport Business - Product Profile: Runway Reliability - Stable Soils Make the Difference
Airport Business - 41
Airport Business - 42
Airport Business - 43
Airport Business - 44
https://www.nxtbook.com/endeavor/airportbusiness/july-august-2022
https://www.nxtbook.com/endeavor/airportbusiness/may-june-2022
https://www.nxtbook.com/endeavor/airportbusiness/march-april_2022
https://www.nxtbook.com/endeavor/airportbusiness/january-february-2022
https://www.nxtbook.com/endeavor/airportbusiness/november-december-2021
https://www.nxtbook.com/endeavor/airportbusiness/september-october_2021
https://www.nxtbook.com/endeavor/airportbusiness/july-august_2021
https://www.nxtbook.com/endeavor/airportbusiness/airport-business_may-june_2021
https://www.nxtbook.com/endeavor/airportbusiness/marchapril2021
https://www.nxtbook.com/endeavor/airportbusiness/januaryfebruary2021
https://www.nxtbook.com/endeavor/airportbusiness/december2020
https://www.nxtbook.com/endeavor/airportbusiness/Airport_Business_November_2020
https://www.nxtbook.com/endeavor/airportbusiness/october2020
https://www.nxtbook.com/endeavor/airportbusiness/augustseptember2020
https://www.nxtbook.com/endeavor/airportbusiness/Airport_Business_June-July_2020
https://www.nxtbook.com/endeavor/airportbusiness/may2020
https://www.nxtbook.com/endeavor/airportbusiness/april2020
https://www.nxtbook.com/endeavor/airportbusiness/Airport_Business_February-March_2020
https://www.nxtbook.com/endeavor/airportbusiness/Airport_Business_December2019-January2020
https://www.nxtbook.com/endeavor/airportbusiness/november2019
https://www.nxtbook.com/endeavor/airportbusiness/october2019
https://www.nxtbook.com/endeavor/airportbusiness/augustseptember2019
https://www.nxtbook.com/endeavor/airportbusiness/Airport_Business_June-July_2019
https://www.nxtbook.com/endeavor/airportbusiness/may2019
https://www.nxtbook.com/endeavor/airportbusiness/april2019
https://www.nxtbook.com/endeavor/airportbusiness/februarymarch2019
https://www.nxtbookmedia.com