Passenger name record

In the airline and travel industries, a passenger name record (PNR) is a record in the database of a computer reservation system (CRS) that consists of the personal information for a passenger and also contains the itinerary for the passenger, or a group of passengers travelling together. The concept of a PNR was first introduced by airlines that needed to exchange reservation information in case passengers required flights of multiple airlines to reach their destination (“interlining”). For this purpose, IATA and ATA defined standards for interline messaging of PNR and other data through the "ATA/IATA Reservations Interline Message Procedures - Passenger" (AIRIMP). There is no general industry standard for the layout and content of a PNR. In practice, each CRS or hosting system has its own proprietary standards, although common industry needs, including the need to map PNR data easily to AIRIMP messages, has resulted in many general similarities in data content and format between all of the major systems.

When a passenger books an itinerary, the travel agent or travel website user will create a PNR in the CRS, which may be an airline's database or typically one of the global distribution systems (GDSs), such as Amadeus, Sabre, or Travelport (Apollo, Galileo, and Worldspan). If a booking is made directly with of the airline's CRS, the PNR is called the Master PNR for the passenger and the associated itinerary. The PNR is identified in the CRS by a record locator. If portions of the travel itinerary are not to be provided by the holder of the Master PNR, then copies of the PNR information are sent to the CRSs of the airlines that will be providing transportation. These CRSs will open copies of the Master PNR in their own database to manage the portion of the itinerary for which they are responsible. Many airlines have their CRS hosted by one of the GDSs, which allows sharing of the PNR. The record locators of the copied PNRs are communicated back to the CRS that holds the Master PNR, so all records remain tied together. This enables exchanging updates of the PNR when the status of the trip changes in any of the CRSs.

Although PNRs were originally introduced for air travel airlines systems, they can also be used for bookings of hotels, car rental, airport transfers, and train trips. PNRs are now routinely shared with government agencies, such as customs and security or law enforcement agencies.

Parts

From a technical point, there are five parts of a PNR required before the booking can be completed.[1] They are:

Other information, such as a timestamp and the agency's pseudo-city code, will go into the booking automatically. All entered information will be retained in the "history" of the booking.

Once the booking has been completed to this level, the CRS will issue a unique all alpha or alpha-numeric record locator, which will remain the same regardless of any further changes made (except if a multi-person PNR is split). Each airline will create their own booking record with a unique record locator, which, depending on service level agreement between the CRS and the airline(s) involved, will be transmitted to the CRS and stored in the booking. If an airline uses the same CRS as the travel agency, the record locator will be the same for both.

A considerable amount of other information is often desired by both the airlines and the travel agent to ensure efficient travel, including:

In more recent times, many governments now require the airline to provide further information included to assist investigators tracing criminals or terrorists. These include:

The components of a PNR are identified internally in a CRS by a one character code. This code is often used when creating a PNR via direct entry into a terminal window (as opposed to using a graphical interface). The following codes are standard across all CRSs based on the original PARS system:

Storage

The majority of airlines and travel agencies choose to host their PNR databases with a computer reservations system (CRS) or global distribution system (GDS) company such as Sabre, Galileo, Worldspan and Amadeus.[3]

Privacy concerns

Some privacy organizations are concerned at the amount of personal data that a PNR might contain. While the minimum data for completing a booking is quite small, a PNR will typically contain much more information of a sensitive nature. This will include the passenger’s full name, date of birth, home and work address, telephone number, e-mail address, credit card details, IP address if booked online, as well as the names and personal information of emergency contacts.

Designed to “facilitate easy global sharing of PNR data,” the CRS-GDS companies “function both as data warehouses and data aggregators, and have a relationship to travel data analogous to that of credit bureaus to financial data.”.[4] A canceled or completed trip does not erase the record since “copies of the PNRs are ‘purged’ from live to archival storage systems, and can be retained indefinitely by CRSs, airlines, and travel agencies.”[5] Further, CRS-GDS companies maintain web sites that allow almost unrestricted access to PNR data – often, the information is accessible by just the reservation number printed on the ticket.

Additionally, “[t]hrough billing, meeting, and discount eligibility codes, PNRs contain detailed information on patterns of association between travelers. PNRs can contain religious meal preferences and special service requests that describe details of physical and medical conditions (e.g., “Uses wheelchair, can control bowels and bladder”) – categories of information that have special protected status in the European Union and some other countries as “sensitive” personal data.”[6] [7] Despite the sensitive character of the information they contain, PNRs are generally not recognized as deserving the same privacy protection afforded to medical and financial records. Instead, they are treated as a form of commercial transaction data.[6]

European Union

After years of debate, the European Parliament approved on 14 April 2016 the PNR directive.[8][9] This directive 2016/681 will oblige airlines to collect their passengers' data and hand them over to the EU member states.

The Belgian Chamber of Representatives approved on 22 December 2016 a draft law to transpose the European directive in a Belgian legislative framework.[10] This law goes further and aims the recording of train passengers' data as well.

International PNR sharing agreements

European Union to United States

United States–European Union Agreement on Passenger Name Records.

European Union to Australia

On January 16, 2004, the Article 29 Working Party released their Opinion 1/2004 (WP85) on the level of PNR protection ensured in Australia for the transmission of Passenger Name Record data from airlines.

Customs applies a general policy of non retention for these data. For those 0.05% to 0.1% of passengers who are referred to Customs for further evaluation, the airline PNR data are temporarily retained, but not stored, pending resolution of the border evaluation. After resolution, their PNR data are erased from the PC of the Customs PAU officer concerned and are not entered into Australian databases.

In 2010 the European Commission's Directorate-General for Justice, Freedom and Security was split in two. The resulting bodies were the Directorate-General for Justice (European Commission) and the Directorate-General for Home Affairs (European Commission).

On the 4th of May 2011, Stefano Manservisi, Director-General at the Directorate-General for Home Affairs (European Commission) wrote to the European Data Protection Supervisor (EDPS) with regards to a PNR sharing agreement with Australia,[11] a close ally of the US and signatory to the UKUSA Agreement on signals intelligence.

The EDPS responded on the 5th of May in Letter 0420 D845:

I am writing to you in reply to your letter of 4 May concerning the two draft Proposals for Council Decisions on (i) the conclusion and (ii) the signature of the Agreement between the European Union and Australia on the processing and transfer of Passenger Name Record (PNR) data by air carriers to the Australian Customs and Border Protection Service.
We understand that the consultation of the EDPS takes place in the context of a fast track procedure. However, we regret that the time available for us to analyse the Proposal is reduced to a single day. Such a deadline precludes the EDPS from being able to exercise its competences in an appropriate way, even in the context of a file which we have been closely following since 2007.

European Union to Canada

The Article 29 Working Party document Opinion 1/2005 on the level of protection ensured in Canada for the transmission of Passenger Name Record and Advance Passenger Information from airlines (WP 103), 19 January 2005, offers information on the nature of agreements with Canada.

See also

References

  1. "Guidelines on Passenger Name Record (PNR) Data" (PDF). IATA. Retrieved 12 June 2017.
  2. "EU: European Commission to propose EU PNR travel surveillance system". Retrieved 14 December 2012.
  3. Strauss, Michael (2010): Value Creation in Travel Distribution, http://www.amazon.com/dp/0557612462
  4. Electronic Privacy Information Center, Privacy & Human Rights – An International Survey of Privacy Laws and Developments 2004, 81.
  5. Privacy & Human Rights, 81.
  6. 1 2 Privacy & Human Rights, 80.
  7. “What’s in A Passenger Name Record (PNR)?,” https://www.pnrstatusbuzz.in/index.php
  8. Texts adopted, European Parliament
  9. EU Passenger Name Record (PNR) directive: an overview, European Parliament
  10. Wetsontwerp betreffende de verwerking van passagiersgegevens, Chamber of Representatives
  11. "Letter 0420 D845". European Data Protection Supervisor. 2011-05-05. Retrieved 19 September 2012.
This article is issued from Wikipedia. The text is licensed under Creative Commons - Attribution - Sharealike. Additional terms may apply for the media files.