"No Privacy Act violation by TSA employees occurred in
connection with this incident. There is no evidence that any data
were provided directly to TSA or its parent agency at the time,
DOT. On the contrary, the evidence demonstrates that passenger data
were transferred directly by jetBlue’s contractor, Acxiom, to
Torch Concepts. As a result, the Privacy Act of 1974, which
regulates the Federal Government’s collection and maintenance
of personally identifiable data on citizens and legal permanent
residents, does not appear to have been violated by TSA actions.
Because TSA did not receive passenger data, no new system of
records under the Privacy Act was established within TSA, nor was
any individual’s personal data used or disclosed by TSA, its
employees or contractors,