Building on Europe’s GDPR, the California Consumer Privacy Act goes into effect January 1, and OhDoctor wonders whether the requirement for companies to share the data they collect on consumers with consumers will require American Airlines to share the Helix score (or ‘eagle rating) assigned to a passenger?
With California’s Consumer Privacy Law going into effect soon, will AA be compelled to release Helix scores on request? The law specifically mandates that “(a) A consumer shall have the right to request that a business that collects personal information about the consumer disclose to the consumer the categories of personal information it has collected about that consumer.” Wouldn’t Helix information fall under this umbrella?
Here’s how American Airlines scores its customers. American Airlines has a system called Helix that it uses to tell employees when to go ‘above and beyond’ for a customer. It’s used by reservations, agents at the airport, customer relations, baggage services and others as a way to know when it’s ok to spend more on a customer.
The goal of the system is to accommodate high value customers who are at risk of defecting to a competitor. Helix will display an Eagle ranking from 1-5 for each customer. This ranking is updated each day and depends on a combination of revenue and how badly you’ve been treated by the airline. You’re only going to get special treatment if your ranking is 3 or higher.
American won’t tell you your Eagle rating. Will the California Consumer Privacy Act make them at least for California residents? No, it will not because the rating is not personal information gathered about a customer, but rather the airline’s own proprietary algorithm based on the data they’ve collected. Your name, address, and date of birth may be ‘yours’ under the Act, but what American thinks about you is not.
The takeaway here is that personal information isn’t valuable, it’s the predictive models brands build that’s what’s valuable, and those aren’t covered by disclosure rules and you receive nothing when that data is hacked.