Included in the data Cathay Pacific collects on its passengers is the “use of our inflight entertainment system and inflight connectivity and your images captured via CCTV in our airport lounges and aircraft”.
It confirmed that this information would be stored for “as long as is necessary”, and its security cannot be fully guaranteed.
“However, we maintain commercially reasonable physical, electronic and procedural safeguards to protect your personal data in accordance with the requirements of data protection legislation.”
“Your personal data may be transferred outside the country in which you are located, including to countries with a lower level of data protection than in the country in which you are located.”
“We may disclose your personal data to third parties so they can provide marketing services or conduct marketing or social interaction activities on our behalf such as campaigns, contests, sweepstakes, market research, customer survey and data analytics,” it said.
A Cathay Pacific spokesperson denied that there are any recording devices inside the inflight entertainment devices, and that the camera on the aircraft refers to one camera positioned near the cockpit door for “security purposes”.
“We will retain the personal data as long as is necessary to fulfill business needs,” the spokesperson said. “The information that is no longer needed is either irreversibly anonymised or securely destroyed.
“In line with standard practice and to protect our customers and frontline staff, there are CCTV cameras installed in our airport lounges and onboard aircraft for security purposes. All images are handled sensitively with strict access controls. There are no CCTV cameras installed in the lavatories.
“Our inflight entertainment systems do not have any cameras, microphones or sensors to monitor passengers, nor have they in the past.”
Cathay Pacific has a checkered history with personal data after a massive data breach involving 9.4 million passengers was revealed last year.
The airline confirmed that the personal data of more than 9 million passengers, including their names, nationalities, phone numbers, addresses and passport numbers were exposed as part of the breach.
The airline first identified suspicious activity in its network in March last year and confirmed “unauthorised access to certain personal data” in early May, but did not inform the impacted passengers until October, six months after it was detected.
Cathay Pacific said it took “immediate action to contain the event”, that there was no evidence the personal data was misused and there was no impact on flight safety.