Privacy Statement for LAANC/B4UFLY and USS Providers Collection of Information
This Unmanned Aircraft System (UAS) Service Supplier (USS) is authorized to collect the information described in this statement on behalf of the FAA. The following statement provides additional information regarding USS collection of information, including Personal Identifying Information (PII), on behalf of the FAA from individuals who are requesting authorizations in accordance with Public Law 112-95, § 333 and its implementing regulations at 14 CFR Part 107 and under 49 U.S.C. § 44809(a). Information provided to this USS that is not listed herein is collected on behalf of the USS, and not on behalf of the FAA, and will not be provided to the FAA.
Collection of Your Personal Information
This USS collects the following personally identifiable information on behalf of the FAA for individuals requesting an authorization under in Public Law 112-95, § 333 and its implementing regulation at 14 CFR Part 107 and under 49 U.S.C. § 44809(a): Name of operator (first and last), contact phone number during flight, and UAS registration number. Additionally, this USS collects the following non-PII information on behalf of the FAA regarding authorizations: start date and time; duration of flight; maximum altitude; geometry (center point with radius or one GeoJSON polygon); applicable UAS Facility Maps (UASFM) grid object IDs; Applicable UASFM grid object effective dates; Airspace class(es); and submission reference code. Individuals using the B4UFLY mobile application offered by approved USSs can voluntarily provide the following PII when the user reaches out to the FAA’s UAS Support Center for operational questions or the USS with technical questions about the application; email address. The following non-PII information is collected by USSs through the B4UFLY mobile app; geolocation.
Once collected by the USS, this information is provided to the FAA. This information is collected under the authority of the FAA Modernization and Reform Act of 2012, Pub. L. 112-95 §§ 333; 49 U.S.C. §§ 106(f), 106(g), 40101, 40103, 40106, 40113, 44701, 44721, 44809(a), and 46308.
In addition, the USS may collect information that is not required by the FAA, and is not transmitted to the FAA. Any information collected by the USS that is not listed above as required by the FAA is not being collected on behalf of the FAA. Once collected, this information is not provided to the FAA. It is used, maintained, and protected in accordance with the USS's privacy policy.
Use of Your Personal Information
The information required by the FAA to receive an authorization for entry into controlled airspace is mandatory, pursuant to in Public Law 112-95, § 333 and its implementing regulation 14 CFR § 107.41 and 49 U.S.C. § 44809(a). Information that is collected by the USS on behalf of FAA is collected for and used for the following purposes:
• Contact information is provided to the FAA associated with authorizations so that the FAA can provide information about potentially unsafe conditions to UAS owners and operators and to educate them regarding possibly risks that may be relevant to their operation.
• The FAA will also use this system to support FAA safety programs and agency management, including safety studies and assessments.
• Lastly, the FAA will use this system to ensure safety of the National Airspace System (NAS).
For authorizations under in Public Law 112-95, § 333 and its implementing regulation at 14 CFR Part 107 and 49 U.S.C. § 44809(a), incomplete submission of information through the USS (and ultimately to FAA through LAANC) will result in a delay in receiving an authorization or denial of the requested authorization.
Submission of additional information to the USS that is not required by the FAA is not required by law, and if provided, will not be submitted to the FAA. Refer to the USS for the basis for requiring the submission of any other information for their use of non-FAA related services.
Small UAS operators who wish to seek an authorization to enter into controlled airspace can also request such authorizations through the FAADroneZone.
The information that is transmitted to the FAA becomes part of the FAA Privacy Act system of records, DOT/FAA-854, Small Unmanned Aircraft Systems (sUAS) Waivers and Authorizations, as published in the Federal Register at 88 FR 59566, also available at https://www.govinfo.gov/content/pkg/FR-2023-08-29/pdf/2023-18289.pdf (PDF). These records and information in these records may be disclosed in accordance with the routine uses that appear in DOT/FAA 854, which include the following:
- To the public, waiver and airspace authorization applications and decisions, including any history of previous, pending, existing, or denied requests for waivers and authorizations applicable to the small UAS at issue for purposes of the waiver, and special provisions applicable to the small UAS operation that is the subject of the request. Email addresses and telephone numbers will not be disclosed pursuant to this Routine Use. Airspace authorizations the FAA issues pursuant to 14 CFR 107.41 also will not be disclosed pursuant to this Routine Use, except to the extent that an airspace authorization is listed or summarized in the terms of a waiver.
- To law enforcement, when necessary and relevant to a FAA enforcement activity.
- Disclose information to the National Transportation Safety Board (NTSB) in connection with its investigation responsibilities.
- The Department has also published general routine uses applicable to DOT Privacy Act systems of records. The majority of these routine uses were incorporated into SORN 854, which is published in the Federal Register at 88 FR 59566, August 29, 2023 (available at https://www.govinfo.gov/content/pkg/FR-2023-08-29/pdf/2023-18289.pdf (PDF))
Security of Your Personal Information
Properly securing the information the FAA receive from the USS in connection to Part 107 and § 44809(a) Authorizations is a primary commitment. To help the FAA do this, the FAA takes the following steps, once data is submitted to it, to: (a) employ internal access controls to ensure the only people who see your information are those with a need to do so to perform their official duties; (b) train relevant personnel on our privacy and security measures to know requirements for compliance; (c) secure the areas where we hold hard copies of information we collect online; (d) perform regular backups of the information we collect online to insure against loss; (e) use technical controls to secure the information we collect online, including but not limited to Secure Socket Layer (SSL), encryption, firewalls, and password protections; (f) periodically test our security procedures to ensure personnel and technical compliance; (g) employ external access safeguards to identify and prevent unauthorized attempts of outsiders to hack into, or cause harm to, the information in our systems. Tampering with FAA's website is against the law. Depending on the offense, it is punishable under the Computer Fraud and Abuse Act of 1986 and the National Information Infrastructure Protection Act. The USS has entered into an agreement with the FAA to take identical steps to protect your information while your data is in its possession. Note that this applies only to information that is described in this notice. Additional information that is collected by the USS provider but not required by or transmitted to the FAA and LAANC will be secured under policies of the USS.
Changes to this Statement
The FAA will occasionally update this Statement of Privacy to reflect FAA and customer feedback, or if there are changes in the information collected or the manner in which the information is used or maintained. The FAA encourages you to review periodically this statement to be informed of how the FAA is protecting your information.