Cathay Pacific is collecting images of passengers on aircraft

Cathay Pacific’s new privacy policy is brutally honest or very creepy. Or perhaps it is both as Cathay becomes the latest airline to straddle personalisation and privacy while complying with growing regulatory oversight. British Airways in July received a GBP 183 million fine for a data breach last year.

The Hong Kong carrier’s new policy says Cathay will “collect and process” personal information from passengers including images from onboard aircraft, use of the in-flight entertainment system, hobbies, and activity at airports. There is no explicit timeframe for retaining this data, with Cathay saying it keeps information “for as long as is necessary.”

In response to questions about the policy, Cathay told forbes.com that it needed two weeks to provide more details.

The policy appears to be in response to an order from Hong Kong’s privacy commissioner for Cathay to implement a data retention policy. That was one of eight actions in a June enforcement notice served on Cathay, which is the middle of a three-year restructuring, in response to a data breach affecting 9.4 million Cathay customers. Cathay wrote in an e-mail to passengers the policy is “part of our ongoing commitment to transparency.”

Much of the policy details information Cathay would be expected to retain or which passengers opt to have the airline save, such as by creating a profile that includes passport details and meal preference or a frequent flyer account that records travel history.