If it involved classified data as opposed to public data, there would not be a foreign, uncleared person in the loop. That would mean an organizational structure with only cleared US citizens in operations like security and plant protection.
A general security alert in any company would of course go to everyone, cleared or not, and you'll find that in any company.
The original concern was one of classified or privileged data being given to foreigners inappropriately, and that "firewall" stuff goes on all the time.
In a US airport today, the tower handles classified data relating to national security, and they don't need to share it with the guy who runs the shoe shine or the girl at the pretzel kiosk, or the general manager of the airport if he is not cleared or eligible.