Purpose
Reduce privacy and cyber risk in charter brokerage operations.
Scope
- • All processing of personal and passenger data.
Core requirements
- Publish a privacy notice.
- Apply reasonable technical and organisational safeguards.
- Have a documented incident response process.
Recommended evidence
- Privacy notice.
- Access control policy.
- Incident register.
Examples of acceptable practice
- Role-based access, encryption in transit and at rest.
Examples of problematic practice
- Sharing passenger manifests with unrelated third parties.
Jurisdiction notes
- GDPR, UK GDPR, CCPA and similar regimes may apply.
Change history
| Version | Date | Note |
|---|---|---|
| 1.0 | 2025-01-01 | Initial public draft. |
This standard is educational and does not constitute legal advice. Members must comply with applicable law and regulation in every jurisdiction in which they operate.
Feedback
Standards evolve through public consultation. Share comments, dissenting views or proposed revisions.
Contribute to this standard →