Air New Zealand is changing its systems after email addresses used on Fuji Xerox machines in Koru lounges were inadvertently stored - and visible to anyone who looked.
The photocopiers are offered for Koru lounge customers to use, and they can send scanned documents to an email address.
The addresses are stored in an address book by default for later convenience - a feature which can be turned off, but had not been.
A TVNZ staff member noticed the privacy issue at Dunedin Airport's Koru lounge on October 18, when they were able to view numerous email addresses used by previous customers.
The staff member emailed Air New Zealand the same day, alerting them to the issue, but had not received a response more than two weeks later.
A spokesperson today told 1 NEWS "we take privacy very seriously and build data security into all of our systems that collect, process or store our customers’ personal information."
"Members of the public are voluntarily entering their information into the photocopier/scanner which is a public resource situated in a public place and Air New Zealand does not use any information customers enter into the copier."
Air New Zealand confirmed it has spoken with Fuji Xerox and has "confirmed it is possible to remove visibility of email addresses", and said it is working on doing so.
A spokesperson for the Privacy Commission said the disclosure of email addresses is at the "low end of the range" in terms of sensitive information, "but some people may expect a high degree of privacy around the fact they are a Koru lounge user.
"The email address may in itself not reveal much, but the metadata around it could allow more inferences to be made to a person browsing the list – such as when the person might have been at that location and on what day," the spokesperson said.
"It is positive that Air New Zealand has addressed the issue in order to better protect the privacy of the travelers."