Tuesday, 10 April 2007

Privacy advice for travel managers

I'm featured in the cover story on How to protect travelers' personal data on pages 28-32 of the April 2007 issue of T & E [Travel and Entertainment] Magazine , a leading trade journal for corporate travel managers. (If you don't like the funky page viewer on the magazine's Web site, you can use it to download a selected range of pages as a PDF, at least in some browsers.)

The story focuses particularly on the data in PNR's , and includes sidebars with my recommendations on the contractual terms on data privacy that travel managers should negotiate for in their contracts with travel suppliers, and the lack of compliance with European Union privacy rules by USA-based travel companies, especially CRS's .

There's a lot more, of course, that could have been said, or that I did say but that didn't make it into the story. In particular, the "horror story" at the beginning of the article could have been even worse: As I've reported previosuly , it's easy for a stalker or identity thief to get your entire itinerary (including where you are staying, when you are returning, etc.) from a discarded luggage tag, boarding pass stub, or in other ways.

It's a positive sign of the (belated) attention being paid to the issue, and the growing recognition of the dangers of secret and/or nonconsensual "sharing" of reservation data. And it's especially timely with the European Union CRS regulations, including their privacy provisions, currently under review .

If you're a corporate traveller, show this article to your company's travel manager, and ask what they are doing to get clauses like these into their contracts, to protect your privacy and the company's trade secrets.

Link | Posted by Edward on Tuesday, 10 April 2007, 20:52 ( 8:52 PM) | TrackBack (0)
Comments

Very interesting information.

You mention the concept of using a travel agency as an 'anonymizing proxy' for personal contact information. Do you know of any agencies that will actually use their contact data, in place of our own, when making air or other travel plans?

Posted by: philtech, 12 April 2007, 09:03 ( 9:03 AM)

Travel agencies and agents don't generally think about what data they put in PNR's (reservations), and don't usually ask customers for their preferences. They follow agency procedures and/or personal habits. So you will have to ask, *before* the agency or agent makes reservations for you. Once a reservatio is created, notheing can be deleted: It can be "cancelled" or changed, but that really just means it is moved from the "face" of the PNR to the "history" (audit trail) section of the PNR. Likewise when the entire PNR is cancelled or "purged", that just means it is oved frokm live storage to permanent archival storage.

Posted by: Edward Hasbrouck, 18 April 2007, 10:57 (10:57 AM)
Post a comment









Save personal info as cookie?