§ 191.5 - Records and information protected by others.  

(a) Each airport operator, air carrier, indirect air carrier, foreign air carrier, and person receiving information under § 191.3(d) of this part; and each individual employed by, contracted to, or acting for an airport operator, air carrier, indirect air carrier, or foreign air carrier; and each person receiving information under § 191.3(d) of this part, shall restrict disclosure of and access to sensitive security information described in § 191.7 (a) through (g), (j), (k), and as applicable (l), to persons with a need-to-know, and shall refer requests by other persons for such information to the Administrator.

(b) A person has a need-to-know sensitive security information when the information is necessary to carry out FAA-approved or directed aviation security duties; when the information is necessary to supervise or otherwise manage the individuals carrying out such duties; to advise the airport operator, air carrier, indirect air carrier, or foreign air carrier regarding the specific requirements of any FAA security related requirements; or to represent the airport operator, air carrier, indirect air carrier, foreign air carrier, or person receiving information under § 191.3(d) of this part, in connection with any judicial or administrative proceeding regarding those requirements. For some specific information the Administrator may make a finding that only specific persons, or classes of persons, have a need-to-know.

(c) When sensitive security information is released to unauthorized persons, any air carrier, airport operator, indirect air carrier, foreign air carrier, or individual with knowledge of the release shall inform the Administrator.

(d) Violation of this section is grounds for a civil penalty and other enforcement or corrective action by the FAA.