Privacy Policy

The Canadian Air Transport Security Authority (CATSA) is committed to protecting your personal information and your right to privacy. 

This privacy policy describes how we collect, use and disclose personal information, as well as your rights over your information.

Our Chief Privacy Officer is responsible for overseeing what we do with your information and for monitoring compliance with this policy and the Privacy Act

If you have questions or concerns regarding our privacy policy or practices, you can contact CATSA’s Privacy Office by email at priv@catsa.gc.ca

Policy Statement

The purpose of this privacy policy is to explain how personal information is collected, used or disclosed by CATSA, as well as outline CATSA’s commitment to protecting personal information with the utmost responsibility and care.

In the course of its daily activities, CATSA, a federal Crown corporation, may gather personal information from individuals in order to fulfil its mandate of aviation security.

CATSA is committed to protecting personal information in accordance with Canada’s Privacy Act, its regulations, and applicable Treasury Board of Canada Secretariat policies, directives and guidelines. This policy was developed according to these requirements and the privacy principles underlying Canadian and international privacy protection laws.

CATSA recognizes the importance of the protection of personal information as an essential element in maintaining public trust.  CATSA achieves this through the implementation of this policy, through sound personal information handling and management practices, and the delegation of clear accountabilities in the administration of CATSA’s privacy program. 

What CATSA doesn’t collect:

CATSA does not collect personal information from passengers and non-passengers who walk though metal detectors or undergo a full body scanner.

Metal detectors are designed only to alert screening officers if non-permitted items are detected. Similarly, full body scanners only alert screening officers of areas of interest where objects may be revealed under clothing, but do not collect images containing identifiable personal information. These images are generic, immediately and permanently deleted, and cannot be used to identify individuals.

What personal information does CATSA collect and why?

CATSA may collect the following types of personal information from passengers and non-passengers in order to perform its mandate as Canada’s civil aviation security screening authority responsible for delivering screening services.

Detailed information on CATSA’s personal information holdings including legal authorities, purposes of collection, uses, who / what entities CATSA shares personal information with and for how long personal information is retained, is published in CATSA’s InfoSource.

Temperature Screening - As of July 30, 2020 and September 23, 2020 CATSA is mandated by the Interim Order Respecting Certain Requirements for Civil Aviation Due to COVID-19 No. 4 and any amendments thereto (“Interim Order”) pursuant to section 6.41(1) of the Aeronautics Act, to conduct temperature screening at the airports listed in the Interim Order. 

This activity applies to anyone who presents themselves at a passenger or non-passenger screening checkpoint, other than: an infant; a person who provides a medical certificate certifying that their elevated temperature is not related to COVID-19; a member of emergency response provider personnel who is responding to an emergency; or a peace officer who is responding to an emergency.

The purpose of temperature screening is to limit the spread of COVID-19.  This activity is a key element in the Government of Canada’s multi-layered approach to protecting public health and ensuring passengers and non-passengers entering the restricted area do not exhibit symptoms of COVID-19 in order to limit the spread of COVID-19.

Any person who presents themselves at a screening checkpoint for the purpose of entering into a restricted area at the designated airports and has an elevated temperature as set out in the Transport Canada Temperature Screening Standards will be denied access to the restricted area.  They will be notified that they are not permitted to board an aircraft for a flight originating in Canada or enter a restricted area at any airport in Canada for a period of 14 days after the denial, unless they provide a medical certificate certifying that their elevated temperature is not related to COVID-19. For more information about the screening process, please see: Measures taken in response to COVID-19,

Personal Information will only be collected, used, disclosed and/or retained if the individual has an elevated temperature following the second of two temperature screenings. 

Type of personal information
Description
Why it is collected
Passenger Temperature Screening Name, flight information, checkpoint location and that the passenger has an elevated temperature. 
  • Your name, flight information and checkpoint location are collected so that they may be disclosed to your air carrier to retrieve your checked baggage and to notify them that you have been denied access to the restricted area. 
Non-Passenger Temperature Screening Name, Restricted Area Identity Card (RAIC) number of other document of entitlement identifier, checkpoint location and that the non-passenger has an elevated temperature. 
  • Your name, RAIC number or other document of entitlement identifier and checkpoint location are collected so that they may be disclosed to the airport authority (or to the air carrier, in the case of crew members) to notify them that you have been denied access to the restricted area due to an elevated temperature reading. 
Boarding Pass Information Passenger name, flight information and scan information such as time of  scan, screening checkpoint location, etc.
  • To verify the validity of boarding passes used by the travelling public at Canadian airports.
  • To investigate and respond to aviation security incidents, passenger complaints and claims.
  • To improve operational and security related decisions.

Closed-Circuit Television (CCTV)

Video recordings of individuals captured in CATSA security screening checkpoints, and at our corporate offices
  • To investigate and respond to:

• Aviation security incidents

• Complaints and claims

• Screening-related performance events

  • To manage testing program and audits.
  • Oversight and operational compliance.
  • To monitor passenger volumes and/or assess the number of screening lines in operation.
  • To ensure the security, health and safety of screening personnel, passengers, non-passengers, CATSA employees and members of the public, as well as the security of their property.
  • To develop and support training and certification of screening personnel.
  • To monitor access to and security of corporate offices.
X-ray images X-ray images of items, including carry-on and checked baggage, belonging to passengers and non-passengers
  • To ensure the security and safety of screening personnel, passengers, non-passengers, CATSA employees and members of the public, as well as the security of their property.
Aviation Security Incident Information

Passenger personal information, such as  name, flight information, boarding pass information, incident details (e.g., x-ray images of baggage, CCTV footage, incident details).

Non-passenger personal information including employer information.

  • To investigate and review aviation security incidents that occur at one of CATSA’s security screening checkpoints.

Claims, complaints and inquiries

Name, contact information, complaint / claim, incident details.
  • To support the resolution of passengers' and non-passengers’ claims (loss of property, injury), complaints and inquiries.
Access to information / privacy requests Requestor name and contact information 
  • To process requests made by individuals for CATSA records or for access to their own personal information.

 

Mandatory Privacy Policy Requirements

CATSA is a federal Crown corporation committed to protecting personal information in accordance with Canada’s Privacy Act.

CATSA recognizes and accepts its responsibility to protect the privacy of individuals who interact with CATSA and to safeguard their personal information with adherence to, and respect for the following privacy principles:

Collection

  • CATSA does not collect more personal information than necessary to fulfil the purpose for which it is collected.
  • Personal information is collected directly from individuals, or otherwise with the individual’s consent or as permitted by law.

Accuracy

  • CATSA takes all reasonable steps to ensure that personal information used in a decision-making process is accurate, up-to-date, and complete as possible.

Use and Disclosure  

  • Personal information may only be used for identified purposes or consistent purposes as outlined in InfoSource.
  • CATSA will only disclose personal information with the consent of the individual or as permitted by the Privacy Act or any other applicable law (e.g., disclosures to law enforcement agencies as per Section 8(2) of the Privacy Act). 
  • Personal information collected for temperature screening will be used for the purposes outlined in the Interim Order, pursuant to section 6.41(1) of the Aeronautics Act.  It will be disclosed for the purpose of notification to air carriers and airport authorities, or reporting or notifications as otherwise required by law as permitted by the Privacy Act and other applicable legislation.

Safeguarding Personal Information

  • We treat your personal information strictly confidential and we have implemented appropriate physical, organizational and technical security measures designed to help protect your personal information against loss or theft, unauthorized access, disclosure, copying, use or modification.
  • CATSA restricts access to personal information on a need-to-know basis and provides training to ensure safeguarding measures are followed.

Retention and Disposal of Personal Information

  • CATSA retains personal information for only a period of time that is necessary, to meet legal, business and legislative requirements for CATSA, the Government of Canada, and Canadians, after such time, it is permanently destroyed in a secure manner. 
  • Standard retention periods for CATSA’s personal information holdings are as follows, unless information is related to an aviation security incident, subject to a legal action, audit, investigation, or an access to information and / or privacy request:
    • CCTV images and video footage: 30 days
    • Boarding pass information: 30 days
    • Personal information related to aviation security incidents: 6 years after resolution
    • X-ray images: images are overwritten, therefore retention periods vary depending on the volume of images processed at each particular checkpoint, (e.g., the busier the checkpoint, the faster the images are overwritten)
    • Passenger complaints, claims or enquiries: 6 years after resolution
    • Access to Information / Privacy Requests: 2 years
    • Temperature Screening: 2 years

Individual Access

You may submit a privacy request to access personal information that CATSA collects and retains about you or to request a correction to your personal information. Click here to learn more about how to submit a privacy request.

Monitoring, Reporting and Reviews

CATSA conducts monitoring activities to ensure compliance with this policy.

CATSA fulfils annual reporting obligations. Annual Reports on the Administration of the Privacy Act can be found on the CATSA website, as well as the Government of Canada’s website.

Changes to the Privacy Policy

This Policy is reviewed regularly for effectiveness against legislative compliance.

Last updated on March 30, 2020. 

Need More Information?

Questions about this policy or other CATSA privacy questions may be sent to priv@catsa.gc.ca.

If you are not satisfied that we have adequately respected your privacy, you may wish to contact the Office of the Privacy Commissioner at www.priv.gc.ca.

CATSA’s Website

CATSA is committed to respecting the personal privacy of individuals who visit our website. This section summarizes CATSA’s privacy policy and practices when individual’s visit our website.

  • CATSA does not automatically gather any personal information from you, such as your name, phone number, e-mail or street address during your visit to its website. This information is only obtained if you supply it voluntarily by contacting us via e-mail and completing an on-line form.
  • All personal information you do provide is protected under the Privacy Act. This means that, at the point of collection, you will be informed that your personal information is being collected, the purpose for which it is being collected and that you have a right of access to the information.
  • CATSA employs software programs to monitor network traffic to identify unauthorized attempts to upload or change information, or otherwise cause damage. This software receives and records the Internet Protocol (IP) address of the computer that has contacted our website, the date and time of the visit and the pages visited. We make no attempt to link these addresses with the identity of individuals visiting our site unless an attempt to damage the site has been detected.
  • Information on individual visitors (when supplied through an on-line form) is used by CATSA employees to respond to claims, complaints and inquiries. We only share the information you give us with other government departments if it relates to that department. We do not use the information to create individual profiles, nor do we disclose this information to anyone outside of the federal government unless permitted by law.
  • CATSA uses Google Analytics, a Web analytics service provided by Google Inc. to help measure traffic patterns to, from, and within its public websites.  This analytics measurement tool uses "session" and "persistent" cookies to collect standard Internet log information and to track visitor behaviour information anonymously.  This information is collected under the authority of the Financial Administration Act, and in accordance with the Communications Policy of the Government of Canada. To protect the privacy of our website visitors, we require Google to subject Internet Protocol (IP) addresses to an anonymization process during the data collection stage.  For additional information, refer to IP Anonymization in Google Analytics.  Google receives non-personal visitor use information, which is generated by the cookies.  We use this anonymous aggregate data and statistical information to evaluate visitors' use of the website.  This information, which helps us make our website more useful to visitors, is only available to Web managers and designated staff who require this information to perform their duties.  If you wish, you may opt out of being tracked by Google Analytics by disabling or refusing the cookies.  Visiting our website with cookies disabled will have no significant impact on your browsing experience.  You can set your browser to detect and reject cookies.  Please consult your browser's Help Menu for instructions. As Google Inc. is an American company it is subject to the USA Patriot Act and it is possible that information collected via Google Analytics could be made available to law enforcement. For further information, consult Google Analytics and its privacy policy.