Browse Definitions:

passenger name record (PNR)

Contributor(s): Ivy Wigmore

A passenger name record (PNR) is a collection of data pertaining to an individual traveler or a group of individuals travelling together. Airlines use PNRs for security, management of customer data and customer valuation for situations such as overbooked flights. 

PNR data is maintained in one of several centralized databases for sharing among airlines and other organizations such as hotels, travel agencies, cruise lines, tour operators, car rental companies and railroads. PNR data may also be shared with government agencies. Within the United States, the Department of Homeland Security (DHS) retains PNR data.

Each time a traveller books an itinerary, a PNR is created in the carrier's computer reservation system (CRS). The data included in a PNR varies from one airline to another but common fields include whole or partial itineraries, passport details, credit card numbers, email addresses, IP addresses and telephone numbers. Other data elements in a PNR include the name and age of the person booking, ticket price, whether the seat was discounted or booked with points, if the traveller typically books late, the traveller's booking history with the airline and whether the traveller paid an extra fee to reserve a seat. 

PNRs also include references to other PNRs; for example, if someone who travels with a group has previously travelled alone and with other groups, all those PNRs can be linked. That makes it possible to access and coordinate customer-related data from all previous bookings.

According to air travel expert William McGee, PNR data allows airlines to make a quick decision on which travellers to bump, based on algorithms that calculate their potential value to the corporation's revenue. Formerly the editor for Consumer Reports airline-specific content, McGee is also the author of a 2012 book exposing common but not widely-known industry practices, Attention all Passengers.

The content and use of passenger name records came to public notice recently as a result of media response -- social media in particular -- to incidents in which passengers were widely perceived to be mistreated by airlines. In April 2017, for example, United Airlines ordered several seated passengers to deplane to accommodate airline employees. One of the passengers was forcibly removed from the aircraft when he refused to leave. In the struggle with guards, the man's nose was bloodied. Several other passengers recorded the incident on their mobile phones and the video went viral across Facebook, Twitter, Reddit and news sites.

The incident occurred on a Sunday and the video was posted on Monday. By Tuesday morning, United stock had dropped by $1.4 billion dollars.

This was last updated in April 2017

Continue Reading About passenger name record (PNR)

Join the conversation

1 comment

Send me notifications when other members comment.

By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy

Please create a username to comment.

Have you ever been bumped? How did the airline handle the situation?


File Extensions and File Formats


  • risk map (risk heat map)

    A risk map, also known as a risk heat map, is a data visualization tool for communicating specific risks an organization faces. A...

  • internal audit (IA)

    An internal audit (IA) is an organizational initiative to monitor and analyze its own business operations in order to determine ...

  • pure risk (absolute risk)

    Pure risk, also called absolute risk, is a category of threat that is beyond human control and has only one possible outcome if ...


  • federated identity management (FIM)

    Federated identity management (FIM) is an arrangement that can be made among multiple enterprises to let subscribers use the same...

  • cross-site scripting (XSS)

    Cross-site scripting (XSS) is a type of injection security attack in which an attacker injects data, such as a malicious script, ...

  • firewall

    In computing, a firewall is software or firmware that enforces a set of rules about what data packets will be allowed to enter or...



  • business continuity and disaster recovery (BCDR)

    Business continuity and disaster recovery (BCDR) are closely related practices that describe an organization's preparation for ...

  • business continuity plan (BCP)

    A business continuity plan (BCP) is a document that consists of the critical information an organization needs to continue ...

  • call tree

    A call tree -- sometimes referred to as a phone tree -- is a telecommunications chain for notifying specific individuals of an ...


  • all-flash array (AFA)

    An all-flash array (AFA), also known as a solid-state storage disk system, is an external storage array that uses only flash ...

  • volume manager

    A volume manager is software within an operating system (OS) that controls capacity allocation for storage arrays.

  • external storage device

    An external storage device, also referred to as auxiliary storage and secondary storage, is a device that contains all the ...


  • hybrid hard disk drive (HDD)

    A hybrid hard disk drive is an electromechanical spinning hard disk that contains some amount of NAND Flash memory.