Is eight enough for data?

The scope of the Transportation Security Administration's efforts to gather personal data about commercial air passengers is broader than lawmakers initially believed.

Sensitive passenger data from at least eight airlines and airline reservation services were given to contractors working on a computerized screening program, a Homeland Security Department official told the Senate Government Affairs Committee earlier this week. Committee members had thought TSA officials only requested passenger data from two airlines. But new information from TSA Acting Administrator David Stone revealed that officials requested more airlines' data.

Stone's confirmation to the position of assistant secretary of DHS is currently before the Senate Government Reform Committee. If confirmed by the Senate, Stone will continue to oversee TSA.

The possibility that TSA violated the Privacy Act is not expected to complicate his nomination because the practices began before he took his job.

The agency entered into cooperative agreements with four companies -- HNC Software Inc., Infoglide Software Corp., Ascent Technology Inc. and Lockheed Martin Corp. -- to perform proof of concept testing on passenger data. Company officials obtained data on passengers who flew on specific airlines, according to TSA officials.

TSA contractors have gathered data about passengers of Delta Air Lines, Continental Airlines Inc., America West Airlines and Frontier Airlines Inc. or those who had booked through Galileo International.

Stone said TSA officials did not access any of the passenger records, although they did view company presentations that included personal data.

"We are still considering what steps to take," said Andrea Hofelich, Republican spokeswoman for the committee. "We will be asking Administrator Stone some more post hearing questions."

The Privacy Act applies to government contractors that work on records systems for federal agencies. Therefore, companies must post public notices about the contents of those record systems and instruct people about how to access their own information. Those requirements were not met in this case.

"These revelations cause concern because the information was obtained without any public notice or clear guidelines for protecting the passengers' privacy," said Sen. Susan Collins (R-Maine). "Implementation of the new Computer Assisted Passenger Pre-Screening System will require similar data from airlines in order for TSA to begin testing. If TSA is to move ahead with this new system, it must ensure that data are obtained in a way that protects privacy and ensures public trust in the process."

Lawmakers also questioned whether the handling of the data violated the Privacy Act.