mailing list archives
Clear Privacy Update
From: David Farber <dave () farber net>
Date: Thu, 7 Aug 2008 09:43:42 -0700
From: Paul Robichaux [PaulR () 3sharp com]
Sent: Thursday, August 07, 2008 12:37 PM
To: David Farber
Subject: FW: Clear Privacy Update
For IP if you wish-- Clear's response to their breach.
------ Forwarded Message
From: "Steven Brill, Clear CEO" <clearsupport () flyclear com>
Reply-To: "clearsupport () flyclear com" <clearsupport () flyclear com>
Date: Thu, 7 Aug 2008 09:30:07 -0700
Subject: Clear Privacy Update
About your clear account
We take the protection of your privacy extremely seriously at Clear.
That's why we announced on Tuesday that a laptop from our office at the San
Francisco Airport containing a small part of some applicants'
pre-enrollment information (but not Social Security numbers or credit card
information) recently went missing. None of your information was in any way
implicated. However, we were prepared to send those applicants and members
who were affected the appropriate notice on Tuesday detailing that
situation. Before we could send out that notice, the laptop was recovered.
And, we have determined from a preliminary investigation that no one logged
into the computer from the time it went missing in the office until the
time it was found. Therefore, no unauthorized person has obtained any
personal information. Again, none of your personal information was on the
computer in any form, but we nonetheless wanted to give you details of the
incident that could have affected others applying for Clear memberships
because the incident involves Clear's privacy and security practices and
policies. We are sorry that this theft of a computer containing a limited
amount of applicant information occurred, and we apologize for the concern
that the publicity surrounding our public announcement might have caused.
But in an abundance of caution, both we and the Transportation Security
Administration treated this unaccounted-for laptop as a serious potential
breach. We have learned from this incident, and we have suspended
enrollment processes temporarily until all pre-enrollment information is
encrypted for further protection. The personal information on the enrollment
system was protected by two separate passwords, but Clear is in the
process of completing a software fix - and other security enhancements - to
encrypt the data, which is what we should have done all along, just the way
we encrypt all of the other data submitted by applicants. Clear now expects
that the fix will be in place within days. Meantime, all airport Clear
states that we will notify you of any compromise of your personal
information regardless of whether any state statute requires it. This letter
is a good example of our policy: no law requires that we notify you of this
incident because our investigation of the recovered laptop revealed no
breach and because in any event none of your own information was affected.
But we think it's good practice to err on the side of good communication
with all Clear members, especially when, in this case, we did make a
mistake by not making sure that limited portion of information was
encrypted. Please call us toll-free with any questions at (866) 848-2415.
Again, we apologize for the confusion. Sincerely,
P.S. A reminder: One of Clears unique privacy features is that all members
and applicants are given an identity theft protection warranty which
provides that, in the unlikely event you become a victim of identity theft
as a result of any unauthorized dissemination of your private information
by - or theft from - Clear or its subcontractors, we will reimburse you for
any otherwise unreimbursable monetary costs directly resulting from the
identity theft. In addition, Clear will, at its own expense, offer you
assistance in restoring the integrity of your financial or other accounts.
So had there been any actual compromise of your personal information, you
would have been additionally protected.
------ End of Forwarded Message
RSS Feed: https://www.listbox.com/member/archive/rss/247/
Powered by Listbox: http://www.listbox.com
- Clear Privacy Update David Farber (Aug 07)