Feeds

BA staff to google for snaps, dirt on biz-class passengers

Airline denies building secret dossiers on VIPs

High performance access to file storage

British Airways has denied "compiling secretive data" about its business-class passengers after launching its "Know Me" programme to personalise customers' travel plans.

The Evening Standard today reported that BA staff will be given Apple iPads and told to use Google to research key frequent flyers. The employees are encouraged to download individuals' pictures, provided by a Google Images app, to help them identify the VIPs as they arrive.

A spokeswoman at the company told The Register that BA was not holding customer dossiers in some sinister fashion, but instead described "Know Me" as a loyalty programme for those people travelling business class with the airline.

Nonetheless, it's difficult not to question the company's data-handling strategy when it offers up nuggets such as this in its press release announcing "Know Me":

Its purpose is to collate a wealth of data from every experience the customer has with the airline and translate that into meaningful service for that individual.

Which, here on the networks desk at Vulture Central, sounds an awful lot like an identity database.

The scheme is limited in scope at the moment, but BA told us that it may be rolled out to other passengers if it proves a success with punters.

In the meantime, BA staff are focussing on what the company's spokeswoman described as "captains of industry coming through the airport". The airline wants its staff to bone up on biz leaders who may already have a big media profile online.

Looking at images of those individuals on Google will apparently aid that process.

However, when quizzed, the BA spokeswoman said that no facial recognition technology (software that, for example, is already used to greet hotel guests) was being used by the international people-carrier to pinpoint top businessmen and women.

She declined to clarify exactly whether customers could opt in or out of being stalked online by BA crew ahead of them taking their seat on the plane.

"There's no tick box involved," the BA spokeswoman told us, but added that passengers uncomfortable with the service could request not to be tracked in quite such a "personalised" manner.

Add to that the fact that most business class travellers do not book their flights themselves and it becomes difficult to see how those individuals might prevent such personalisation ahead of boarding their BA flight.

The BA spokeswoman assured El Reg in an emailed statement that the company is "entirely compliant with the UK Data Protection Act" and added that the airline "would never breach that".

She added:

Know Me is simply another tool to enable us to offer good customer service, similar to the recognition that high street loyalty scheme members expect. For example, it could flag up that a customer is travelling in business class for the first time so our crew can approach them and check if they need any information about the seat.

Alternatively, if someone has experienced a delay due to weather in the past then our customer service staff can apologise for that and thank the customer for continuing to fly with us. It could also advise our staff if a customer prefers not to be approached with messages when onboard.

That final comment may concern privacy campaigners because it appears to suggest that a "personalised" database on each biz class passenger is indeed maintained by BA, but if a customer declines such a service then the crew will simply be prompted NOT to use the information on the passenger that readily flashes up on their fondleslabs.

BA hasn't updated its main privacy policy since 2009. Among other things the airline states in the meaty small print:

We retain the data you provide from time to time, including your purchase history and data we collect when you use our services and facilities. Your data may be used and retained for the following purposes: accounting, billing and audit, credit or other payment card verification and anti-fraud screening (which may, for example, involve the use of credit reference agency searches and nominal payment card revalidation checks), immigration and customs control, safety, security, health, administrative and legal purposes, statistical and marketing analysis, operation of frequent flyer programmes, systems testing, maintenance and development, customer surveys, customer relations and to help us in any future dealings with you, for example by identifying your requirements and preferences.

For these purposes we may disclose your data to any of the following who may retain that data in accordance with applicable laws: other companies in the British Airways group, airlines and other companies involved in meeting your requirements, our oneworld partner airlines and franchisees, data processing companies, travel agents, government and enforcement agencies, credit and charge card companies, credit reference agencies and screening service providers. This may involve sending your data between different countries, including countries outside the European Economic Area, including countries where under their local laws you may have fewer legal rights.

It's nearly all there: data retention, third party access etc, but sadly there's no mention whatsoever of Googling for pictures of passengers ahead of them boarding their flight. ®

High performance access to file storage

More from The Register

next story
Obama allows NSA to exploit 0-days: report
If the spooks say they need it, they get it
OpenSSL Heartbleed: Bloody nose for open-source bleeding hearts
Bloke behind the cockup says not enough people are helping crucial crypto project
Web data BLEEDOUT: Users to feel the pain as Heartbleed bug revealed
Vendors and ISPs have work to do updating firmware - if it's possible to fix this
One year on: diplomatic fail as Chinese APT gangs get back to work
Mandiant says past 12 months shows Beijing won't call off its hackers
Call of Duty 'fragged using OpenSSL's Heartbleed exploit'
So it begins ... or maybe not, says one analyst
Heartbleed exploit, inoculation, both released
File under 'this is going to hurt you more than it hurts me'
Experian subsidiary faces MEGA-PROBE for 'selling consumer data to fraudster'
US attorneys general roll up sleeves, snap on gloves
Bad PUPPY: Undead Windows XP deposits fresh scamware on lawn
Installing random interwebs shiz will bork your zombie box
prev story

Whitepapers

Mainstay ROI - Does application security pay?
In this whitepaper learn how you and your enterprise might benefit from better software security.
Five 3D headsets to be won!
We were so impressed by the Durovis Dive headset we’ve asked the company to give some away to Reg readers.
3 Big data security analytics techniques
Applying these Big Data security analytics techniques can help you make your business safer by detecting attacks early, before significant damage is done.
The benefits of software based PBX
Why you should break free from your proprietary PBX and how to leverage your existing server hardware.
Mobile application security study
Download this report to see the alarming realities regarding the sheer number of applications vulnerable to attack, as well as the most common and easily addressable vulnerability errors.