What data protection measures does TSA have in place to protect PII?

TSA will collect the passenger’s photo, along with certain biographic information from the passenger’s identity document, which will be converted into a format that de-identifies the individual. TSA will store this data on a removable TSA-owned encrypted hard drive attached to the CAT-C. S&T will delete the data no later than 180 days following receipt. Additional information regarding data protection procedures for the test is available in TSA’s Privacy Impact Assessment.