The United States has classified some types of data as sensitive security information (SSI) since 1974. This began upon the passage of the Air Transportation Security Act that was passed to guard certain air-travel information like trade secrets and passenger identity as well as infrastructure and scheduling information that could compromise security. A year after 11 September 2001, a new Homeland Security Agency (HSA) took over the Department of Transportation’s (DOT) also new Transportation Security Administration (TSA) that was just tasked with overseeing the protection of SSI, expanding its definition and scope vastly. As always, this stamped information must contain a statement about the specific people who are allowed to view it, and even those individuals must have a “need to know.”
Federal regulations spell out specifically how sensitive security information is handled — from files, photos and videos stored in a cabinet to others stored on computers. This includes not just how SSI must be stamped, stored and guarded, but also how and to whom it can be disclosed. According to a logistics report from the Federal Aviation Administration, SSI must be marked as such in a bold, 16-point font size or larger, preferably in a no-nonsense style like Times New Roman.
The scope of material that is considered sensitive is vast. According to a Government Accountability Office report to Congress in 2005, sensitive security information related to air, rail, harbor and other types of mass transit are grouped into three basic categories. Of the 16 definitions of SSI, 11 types of data require a special committee’s determination of SSI. Four categorical types of data are always SSI, and one requires a written SSI determination from appropriate personnel.
Though many citizens understand the need for tightened security, others also lament the added lack of oversight on the public’s time and dime. The Coalition of Journalists for Open Government calls sensitive security information too wide-reaching in an online statement. Agencies like the TSA, HSA, DOT and even the Coast Guard are able to deem any files it desires sensitive to security and, thus, exempt from federal public records laws.
The regulations defining how sensitive security information is handled demands that any personnel who creates SSI, even contracted workers, immediately stamp it as such, safeguarding it in a locked container or password-protected computer when not in view. If another worker comes into possession of SSI that is not marked, it should be done so immediately. Also, the previous employee should be informed of his or her mistake.