The Canadian Air Transport Security Authority (CATSA) is committed to protecting your personal information and your right to privacy.
This privacy policy describes how we collect, use and disclose personal information, as well as your rights over your information.
Our Chief Privacy Officer is responsible for overseeing what we do with your information and for monitoring compliance with this policy and the Privacy Act.
If you have questions or concerns regarding our privacy policy or practices, you can contact CATSA’s Privacy Office by email at priv@catsa.gc.ca.
Policy Statement
The purpose of this privacy policy is to explain how personal information is collected, used or disclosed by CATSA, as well as outline CATSA’s commitment to protecting personal information with the utmost responsibility and care.
In the course of its daily activities, CATSA, a federal Crown corporation, may gather personal information from individuals in order to fulfil its mandate of aviation security.
CATSA is committed to protecting personal information in accordance with Canada’s Privacy Act, its regulations, and applicable Treasury Board of Canada Secretariat policies, directives and guidelines. This policy was developed according to these requirements and the privacy principles underlying Canadian and international privacy protection laws.
CATSA recognizes the importance of the protection of personal information as an essential element in maintaining public trust. CATSA achieves this through the implementation of this policy, through sound personal information handling and management practices, and the delegation of clear accountabilities in the administration of CATSA’s privacy program.
What CATSA doesn’t collect
CATSA does not collect personal information from passengers and non-passengers who walk though metal detectors or undergo a full body scanner.
Metal detectors are designed only to alert screening officers if non-permitted items are detected. Similarly, full body scanners only alert screening officers of areas of interest where objects may be revealed under clothing, but do not collect images containing identifiable personal information. These images are generic, immediately and permanently deleted, and cannot be used to identify individuals.
What personal information does CATSA collect and why?
CATSA may collect the following types of personal information from passengers and non-passengers in order to perform its mandate as Canada’s civil aviation security screening authority responsible for delivering screening services.
Detailed information on CATSA’s personal information holdings including legal authorities, purposes of collection, uses, who / what entities CATSA shares personal information with and for how long personal information is retained, is published in CATSA’s InfoSource.
Type of personal information |
Description |
Why it is collected |
|---|---|---|
| Boarding Pass Information | Passenger name, flight information and scan information such as time of scan, screening checkpoint location, etc. |
|
|
Closed-Circuit Television (CCTV) |
Video recordings of individuals captured in CATSA security screening checkpoints, and at our corporate offices |
• Aviation security incidents • Complaints and claims • Screening-related performance events
|
| X-ray images | X-ray images of items, including carry-on and checked baggage, belonging to passengers and non-passengers |
|
| Aviation Security Incident Information |
Passenger personal information, such as name, flight information, boarding pass information, incident details (e.g., x-ray images of baggage, CCTV footage, incident details). Non-passenger personal information including employer information. |
|
|
Claims, complaints and inquiries |
Name, contact information, complaint / claim, incident details. |
|
| Access to information / privacy requests | Requestor name and contact information |
|
| Visitor or contractor |
Name, associated organization, CATSA employee name responsible for visitor, purpose of visit, visitor pass number, dates and times of visits. |
|
| Job application information | Applications for employment at CATSA that could include: name, address, contact information, work history, reference information, etc. | To allow you to apply for jobs and to assess your suitability for a career at CATSA. Information may also be used for reporting and statistical purposes. |
Mandatory Privacy Policy Requirements
CATSA is a federal Crown corporation committed to protecting personal information in accordance with Canada’s Privacy Act.
CATSA recognizes and accepts its responsibility to protect the privacy of individuals who interact with CATSA and to safeguard their personal information with adherence to, and respect for the following privacy principles:
Collection
- CATSA does not collect more personal information than necessary to fulfil the purpose for which it is collected.
- Personal information is collected directly from individuals, or otherwise with the individual’s consent or as permitted by law.
Accuracy
- CATSA takes all reasonable steps to ensure that personal information used in a decision-making process is accurate, up-to-date, and complete as possible.
Use and Disclosure
- Personal information may only be used for identified purposes or consistent purposes as outlined in InfoSource.
- CATSA will only disclose personal information with the consent of the individual or as permitted by the Privacy Act or any other applicable law (e.g., disclosures to law enforcement agencies as per Section 8(2) of the Privacy Act).
Safeguarding Personal Information
- We treat your personal information strictly confidential and we have implemented appropriate physical, organizational and technical security measures designed to help protect your personal information against loss or theft, unauthorized access, disclosure, copying, use or modification.
- CATSA restricts access to personal information on a need-to-know basis and provides training to ensure safeguarding measures are followed.
Retention and Disposal of Personal Information
- CATSA retains personal information for only a period of time that is necessary, to meet legal, business and legislative requirements for CATSA, the Government of Canada, and Canadians, after such time, it is permanently destroyed in a secure manner.
- Standard retention periods for CATSA’s personal information holdings are as follows, unless information is related to an aviation security incident, subject to a legal action, audit, investigation, or an access to information and / or privacy request:
- CCTV images and video footage: 30 days
- Boarding pass information: 30 days
- Personal information related to aviation security incidents: 6 years after resolution
- X-ray images: images are overwritten, therefore retention periods vary depending on the volume of images processed at each particular checkpoint, (e.g., the busier the checkpoint, the faster the images are overwritten)
- Passenger complaints, claims or enquiries: 6 years after resolution
- Access to Information / Privacy Requests: 2 years
Individual Access
You may submit a privacy request to access personal information that CATSA collects and retains about you or to request a correction to your personal information. Click here to learn more about how to submit a privacy request.
Monitoring, Reporting and Reviews
CATSA conducts monitoring activities to ensure compliance with this policy.
CATSA fulfils annual reporting obligations. Annual Reports on the Administration of the Privacy Act can be found on the CATSA website, as well as the Government of Canada’s website.
Changes to the Privacy Policy
This Policy is reviewed regularly for effectiveness against legislative compliance.
Last updated on October 25, 2022.
Need More Information?
Questions about this policy or other CATSA privacy questions may be sent to priv@catsa.gc.ca.
If you are not satisfied that we have adequately respected your privacy, you may wish to contact the Office of the Privacy Commissioner at www.priv.gc.ca.
CATSA’s Website
CATSA is committed to respecting the personal privacy of individuals who visit our website. This section summarizes CATSA’s privacy policy and practices when individual’s visit our website.
- CATSA does not automatically gather any personal information from you, such as your name, phone number, e-mail or street address during your visit to its website. This information is only obtained if you supply it voluntarily by contacting us via e-mail and completing an on-line form.
- All personal information you do provide is protected under the Privacy Act. This means that, at the point of collection, you will be informed that your personal information is being collected, the purpose for which it is being collected and that you have a right of access to the information.
- CATSA employs software programs to monitor network traffic to identify unauthorized attempts to upload or change information, or otherwise cause damage. This software receives and records the Internet Protocol (IP) address of the computer that has contacted our website, the date and time of the visit and the pages visited. We make no attempt to link these addresses with the identity of individuals visiting our site unless an attempt to damage the site has been detected.
- Information on individual visitors (when supplied through an on-line form) is used by CATSA employees to respond to claims, complaints and inquiries. We only share the information you give us with other government departments if it relates to that department. We do not use the information to create individual profiles, nor do we disclose this information to anyone outside of the federal government unless permitted by law.
- CATSA uses Google Analytics, a Web analytics service provided by Google Inc. to help measure traffic patterns to, from, and within its public websites. This analytics measurement tool uses "session" and "persistent" cookies to collect standard Internet log information and to track visitor behaviour information anonymously. This information is collected under the authority of the Financial Administration Act, and in accordance with the Communications Policy of the Government of Canada. To protect the privacy of our website visitors, we require Google to subject Internet Protocol (IP) addresses to an anonymization process during the data collection stage. For additional information, refer to IP Anonymization in Google Analytics. Google receives non-personal visitor use information, which is generated by the cookies. We use this anonymous aggregate data and statistical information to evaluate visitors' use of the website. This information, which helps us make our website more useful to visitors, is only available to Web managers and designated staff who require this information to perform their duties. If you wish, you may opt out of being tracked by Google Analytics by disabling or refusing the cookies. Visiting our website with cookies disabled will have no significant impact on your browsing experience. You can set your browser to detect and reject cookies. Please consult your browser's Help Menu for instructions. As Google Inc. is an American company it is subject to the USA Patriot Act and it is possible that information collected via Google Analytics could be made available to law enforcement. For further information, consult Google Analytics and its privacy policy.