Data privacy and information security: What travel buyers need to know
The security of data and information security is a priority for all companies, but particularly for corporate travel management teams. Changes in privacy laws and high profile data breaches, along with the proliferation of mobile devices and cloud technologies have made it a frequent discussion and concern - in the media and in the board room.
As technologies evolve, the ways that data is accessed and where it is stored is also impacted. Smartphone usage has grown at a staggering rate, with more than 4 billion smartphone users expected by 2020, up from 1.91B in 2015.
Estimates indicate that by 2018 more than 60% of enterprises will have at least half of their infrastructure on cloud-based platforms. With this kind of rapid evolution, security measures and regulations are also having to evolve quickly to keep pace with the changing risks and threats.
Security – the biggest concern
The 2015 CWT Travel Management Institute’s study ‘Faster, Smarter, Better?’ highlighted data security as the top concern for travellers and travel managers, particularly when it comes to mobile technology and customization of offerings. And, in CWT’s Travel Management Priorities 2015, 83% of travel managers rate data security risks as the highest impact trend in mobile technology for managed travel programs today.
Some of the primary concerns and questions travel buyers have raised include how Travel Management Companies (TMCs) protect their travellers’ data privacy, the types of data collected by a TMC, how the data is used, where it is stored, and how third-party vendors are monitored and assessed. The privacy question is heightened in the European Union (EU), where there are additional concerns over less stringent US privacy laws and related hosting data on United States-based servers.
Data breaches – an evolving threat
Despite significant emphasis on data privacy and information security across all industries, high-profile data breaches are now too common. The New York Times had 572 articles related to data breaches in 2015 compared to just 125 in 2013. And while the data incidents and breaches that make the news are often perpetrated by those with criminal intent, the real reason behind many data privacy incidents and breaches are often much more mundane.
While TMCs have legal obligations, they are also motivated ethically and financially to protect the security and privacy of client and traveller data. Travel buyers must understand how their data is used, who has possession of it when, and what responsibilities they have themselves, including their own company’s data protection measures, policies, standards and procedures while also ensuring travellers are aware of potential risks and adhere to policies and practices to mitigate.
Given the many risks and the incredible costs associated with data breaches, technology is continually developed in an effort to keep in front of it. At the same time, data-related laws are also continuously evolving to further protect data and to provide clarity and guidance across industries and geographies alike.
Data privacy and security are the collective responsibility of all participants in travel management—from the traveller to the client to the TMC, suppliers and third-party providers. All stakeholders in the travel management process must ensure the security and privacy of client and traveller data while corporate buyers must further mitigate risk by ensuring they partner only with organizations who have a demonstrated knowledge of and commitment to protecting their data and staying ahead of any existing and emerging threats. Working together, the industry can be more successful at deterring bad actors, to the benefit of the industry and its many clients.