(a) In General.—The Secretary of Homeland Security shall establish a timely and fair process for individuals who believe they have been delayed or prohibited from boarding a commercial aircraft because they were wrongly identified as a threat under the regimes utilized by the Transportation Security Administration, United States Customs and Border Protection, or any other office or component of the Department of Homeland Security.

(b) Office of Appeals and Redress.—

(1) Establishment.—The Secretary shall establish in the Department an Office of Appeals and Redress to implement, coordinate, and execute the process established by the Secretary pursuant to subsection (a). The Office shall include representatives from the Transportation Security Administration, United States Customs and Border Protection, and such other offices and components of the Department as the Secretary determines appropriate.

(2) Records.—The process established by the Secretary pursuant to subsection (a) shall include the establishment of a method by which the Office, under the direction of the Secretary, will be able to maintain a record of air carrier passengers and other individuals who have been misidentified and have corrected erroneous information.

(3) Information.—To prevent repeated delays of a misidentified passenger or other individual, the Office shall—

(A) ensure that the records maintained under this subsection contain information determined by the Secretary to authenticate the identity of such a passenger or individual;

(B) furnish to the Transportation Security Administration, United States Customs and Border Protection, or any other appropriate office or component of the Department, upon request, such information as may be necessary to allow such office or component to assist air carriers in improving their administration of the advanced passenger prescreening system and reduce the number of false positives; and

(C) require air carriers and foreign air carriers take action to identify passengers determined, under the process established under subsection (a), to have been wrongly identified.

(4) Handling of personally identifiable information.—The Secretary, in conjunction with the Chief Privacy Officer of the Department shall—

(A) require that Federal employees of the Department handling personally identifiable information of passengers (in this paragraph referred to as "PII") complete mandatory privacy and security training prior to being authorized to handle PII;

(B) ensure that the records maintained under this subsection are secured by encryption, one-way hashing, other data anonymization techniques, or such other equivalent security technical protections as the Secretary determines necessary;

(C) limit the information collected from misidentified passengers or other individuals to the minimum amount necessary to resolve a redress request;

(D) require that the data generated under this subsection shall be shared or transferred via a secure data network, that has been audited to ensure that the anti-hacking and other security related software functions properly and is updated as necessary;

(E) ensure that any employee of the Department receiving the data contained within the records handles the information in accordance with the section 552a of title 5, United States Code, and the Federal Information Security Management Act of 2002 (Public Law 107–296);

(F) only retain the data for as long as needed to assist the individual traveler in the redress process; and

(G) conduct and publish a privacy impact assessment of the process described within this subsection and transmit the assessment to the Committee on Homeland Security of the House of Representatives, the Committee on Commerce, Science, and Transportation of the Senate, and Committee on Homeland Security and Governmental Affairs of the Senate.

(5) Initiation of redress process at airports.—The Office shall establish at each airport at which the Department has a significant presence a process to provide information to air carrier passengers to begin the redress process established pursuant to subsection (a).