Skip to navigation Skip to content
click here to view our 'Why' videos

Privacy Act FAQs

Privacy Act

What follows is a discussion of the Privacy Act and its application to TSA's work in a series of questions and answers set forth below.

What is the Privacy Act?

The Privacy Act is a statute that regulates the collection, use, and disclosure of personal information collected by federal agencies. We act in accordance with the Privacy Act requirements when TSA collects and stores information about individuals in records that are retrieved using their names or other personal identifiers. Agencies publish notices describing their systems of records in the Federal Register. These notices, often referred to as SORNs (systems of records notices), tell the public the name of the system, the categories of individuals whose records are included in the system, the purpose for collecting the information, the types of information included in the system, the legal authority that allows the agency to collect the information, and the situations in which the agency may disclose the information (known as routine uses). TSA has published many SORNs which cover information it collects from its employees and the public.

The Privacy Act also contains a provision, section (e)(3), that requires an agency to provide a notice to individuals when collecting personal information directly from that individual, which will be kept in a system of records. This notice, often called a Privacy Act Statement, includes, among other pieces of information; the authority under which the agency is collecting the information; the purpose for the collection; and the routine uses which may be made of the information. For example, the comment card TSA provides to passengers at screening checkpoints contains a Privacy Act Statement that informs the public that TSA collects the information in order to improve customer service and may share the information with the airport operator for those purposes. It also explains that the comment card is part of TSA's SORN, DHS/TSA 006 Correspondence and Matters Tracking Records. See 68 FR 49503-49504 (Aug. 18, 2003).

There are some instances in which personal information will be collected without providing a Privacy Act Statement. Agencies may exempt a system of records from the notice requirement pursuant to exemption (j)(2) of the Privacy Act. This exemption allows agencies to collect information for purposes of investigations into potential criminal violations without providing the (e)(3) notice. Attempts to circumvent security regulations may constitute a criminal violation. For example, if an individual enters the screening checkpoint with a concealed weapon, collection of information from the individual upon discovery does not require provision of a Privacy Act Statement.

Are TSA's Privacy Act Systems of Records exempt from certain provisions of the Act?

The Privacy Act, 5 U.S.C. § 552a(j) and (k), does allow agencies to exempt portions of systems of records from specific provisions of the Privacy Act. In order to do this, agencies must issue a Notice of Proposed Rulemaking (NPRM) in the Federal Register and the public has an opportunity to comment on the NPRM. TSA has claimed exemptions from specific provisions of the Privacy Act for some of its systems of records. See Privacy Act of 1974: Implementation of Exemptions, 71 FR 44223. For example, TSA has exempted portions of its enforcement system of records, DHS/TSA 001 Transportation Security Enforcement Record System (TSERS) from the access provisions of the Privacy Act pursuant to 5 U.S.C. § 552a(k)(1), (k)(2) and (j)(2). We've claimed these exemptions because some of these records relate to criminal investigations and access to the records could inform the subject of the records of the investigation or could permit the individual to impede the investigation or avoid detection or apprehension, which undermines the entire system.

This does not mean that every record in the system is exempt from access. For example, if you have been involved in an incident at a TSA checkpoint and you believe a report has been made by TSA, you can make a Privacy Act request to ascertain whether any records exist and, if so, obtain a copy of the records. Requests for records can be made to the TSA FOIA Office at Transportation Security Administration, Freedom of Information Act Office, TSA-20, 601 South 12th Street, Arlington, VA 22202-4220 or

Does the Privacy Act apply when I show my boarding pass and government-issued identification to TSA personnel before entering the screening checkpoint?

As a general rule, the Privacy Act does not apply when you show your boarding pass and government-issued identification to TSA personnel before entering the screening checkpoint because TSA is not collecting any of your personal information for future use. The Privacy Act only applies when TSA takes your personal information and stores it in a system of records for future use.

Does the Privacy Act apply when TSA keeps a record of my personal information?

If you are asked to provide your ID to TSA personnel and they write down your name/personal identifier on a report that we retrieve by your name /personal identifier, we keep that information in accordance with the Privacy Act. In some instances, however, the information may be recorded on a report retrieved by the date, not by personal identifier. In these instances the Privacy Act would not apply.

What are some of the common circumstances under which TSA will collect personal information about a traveler?

Personal information about a traveler may be collected under circumstances such as the following: upon presentation of false or fraudulent identification; upon discovery of a weapon or other unlawful item; after response by law enforcement to handle a disturbance or make an arrest; when a member of the public is injured or sick; when there is a claim of damaged, lost or stolen property; when there is a disputed screening determination, or when there is any incident at the checkpoint for which screeners may make an incident report.

Are comment cards available at the checkpoints?

At present, comment cards are available at some screening checkpoints and we are exploring options for making the comment card more widely available. If a comment card is not available at your checkpoint, you may always forward your comments to the TSA Contact Center at at any time.

Are travelers required to provide ID when they request a comment form at a TSA checkpoint?

Travelers may always submit anonymous comments to TSA either by filling out a comment card or by forwarding comments to the TSA Contact Center at Travelers should keep in mind that TSA personnel are authorized to collect personal information in connection with screening checkpoint incidents. If the TSO would ordinarily collect identifying information in connection with an incident, the traveler's request for a comment card will not insulate the traveler from the need to provide the information.