Is Confidential Business Information Safe At 30,000 Feet?

It will soon be easier to conduct business on airline flights, and a lot riskier from a privacy perspective.  The New York Times ran a story the other day – “Some Airlines to Offer In-Flight Internet Service” – describing Jet Blue’s plans to begin offering free in-flight e-mail and instant messaging service.  Several other airlines also have announced plans to offer Internet service on their planes.  While the convenience may be welcome news to busy executives who criss-cross the country on non-stop business trips, employers should be concerned about the security of private workplace communications and confidential business information in the cramped confines of an airline cabin.  

Consider the number and proximity of work-related travelers —especially in business class.  Now imagine linking the traveler’s laptop or Blackberry to seat-back entertainment systems (Virgin America has plans to implement a system that allows passengers to send messages during a flight).  And now envision your company’s strategic business plan, or non-public profit figures, on display, like an in-flight movie.  Add to this the passenger’s oblivion to his surroundings and the scrutiny of other bored and seemingly harmless passengers.  Without determined efforts, inadvertent in-flight disclosure of confidential business information could become as commonplace as data breaches caused by stolen laptops.

Internet and email communications are not the only high altitude privacy hazards.  A colleague of mine recalls sitting on the tarmac during a flight delay and listening as a nearby passenger discussed very sensitive business information over a cell phone.  Although the passenger did not identify his high-profile company by name, the content of the call made the identity easy to guess.  This passenger might as well have been broadcasting his company’s non-public, business tactics over the airplane’s intercom. At the end of the flight, my colleague turned to the blabbermouth and said, “If I were your boss, I’d fire you, and if I were a shareholder in your company, I’d sell your stock.”

Before business executives start using on-board Internet access to conduct business, employers should examine the risks that this latest wave of technological conveniences creates.  Bear in mind that the risks will include not just the possible inadvertent disclosure of confidential business information but also, for example, the possible continued storage of that information on the airline’s e-mail servers and the possible increased risk of interception during transmission.  Once the service and the attendant risks are better understood, employers can modify existing electronic resources policies, or prepare new policies, to address the most recent risk to privacy in the wired business world.

Information contained in this publication is intended for informational purposes only and does not constitute legal advice or opinion, nor is it a substitute for the professional judgment of an attorney.