WASHINGTON (Reuters) - Some government employees helped convince JetBlue Airways to secretly transfer personal data on about 1.5 million passengers to an anti-terrorism screening program but their agency did not violate the Privacy Act, a Homeland Security internal audit showed on Friday.

Nuala O'Connor Kelly, chief privacy officer for the Department of Homeland Security, issued a report that found the Transportation Security Administration did not violate the 1974 Privacy Act.

But for the first time, the department admitted that some TSA employees were involved in the transfer of data to a Defense Department contractor.

Lawmakers, privacy advocates and civil rights groups had criticized the government for the secret program, sparking the privacy investigation and internal audits at the Pentagon.

O'Connor Kelly said one to six mid-level TSA employees were involved in persuading JetBlue to provide archived passenger data to the Pentagon for a program aimed at flagging potential terrorists arriving by air near military bases.

"This request by TSA to JetBlue to retrieve personal records from its database and to share such data with DOD (Department of Defense) was significant, particularly as no airline had otherwise previously agreed to share data directly with DOD," O'Connor Kelly wrote in the report.

She told reporters the TSA employees involved failed to identify the privacy impact on the airline passengers whose information was being shared with the Defense Department.

She said the employees had abused their authority to encourage the data sharing.

Lawmakers said the report showed the need for department-wide training on the Privacy Act.

"I am very troubled TSA requested, in writing, that JetBlue turn over passenger information to a defense contractor without appropriate regard for individual privacy and in defiance of the spirit of the 1974 Privacy Act," said Sen. Joseph Lieberman, the senior Democrat on the Senate Government Affairs Committee.

"We need to be assured that TSA, in handling airline passenger information, will be forthright and scrupulous about protecting passenger privacy. I support the recommendation for department-wide privacy policy training."

Some groups of passengers have filed lawsuits against JetBlue for secretly providing the data.

The low-cost airline has apologized for sharing 5 million pieces of information including the names, addresses and phone numbers of about 1.5 million people. The data were used in a project run by Torch Concepts, a Pentagon contractor that specializes in pattern-recognition and data-mining technology that can be used to identify potential terrorist threats.

In addition to using the data for the Pentagon's program, the company turned the information into a presentation on airline risk that included the social security number of one customer. JetBlue, which has admitted to violating its own privacy policy, said Torch used the data in the presentation without the airline's knowledge.

O'Connor Kelly said the TSA employees involved will have to take Privacy Act training. She also referred the case to the department's inspector general to determine whether the employees may have exceeded the "normal scope of TSA" operation to determine whether any action will be taken against them.