closer to home
the right to
the confidentiality, integrity
Anvil head of
research & techni-
Many organizations now view itinerary tracking as an absolute necessi- ty for travel risk man- agement, but to keep
their personnel safe, are companies opening themselves up to
potential data security risks? In
passing the General Data Protection Regulation in May, the
EU shined a light on responsible
data handling and forthcoming penalties to organizations
that don’t comply with the rules
within the next 12 months. With
that and a number of high-pro-file data hacks over the last 12
months and even U.K. travel association ABTA itself falling foul
of a cyberattack in March, data
security and the individual’s
right to privacy also have risen
on travel management agendas.
Of course, travelers themselves
play an important role in protecting
both personal and corporate data,
but companies and their suppliers
must look closer to home to ensure
data security, the right to privacy
and adherence to the confidentiality, integrity and availability triad—
or CIA—particularly when handling
data for travel risk management.
Adding Risk to TRM Integration
To keep their people safe, compa-
nies need to be able to obtain and
track the travel itineraries of their
personnel. But companies also need
to ensure that tracking systems do
not add unnecessary privacy or
security risks to the data supply
chain. Consider these questions:
• Where is the passenger name
record data coming from?
• Who owns this data, and could
they use it for other purposes?
• Is the data transferring through
other third parties or countries?
• What legal jurisdictions apply?
• If there were a data breach, how
and when would you be notified
and who would take ownership
of the resolution?
Impact of Aggregators
TRM firms collect their clients’
PNR data either by setting up
direct connections with global
distribution systems or by using
the services of third-party data
aggregators. The aggregator route
is cheaper, thanks to economy of
scale, though it comes with additional risks:
1. A Numbers Game—An aggregator represents an additional link to
the data supply chain. The longer
the chain, the weaker it becomes.
As a general rule, the fewer attack
surfaces you have, the more robust
data security you have.
2. Who’s in Control?—An aggre-
gator in the supply chain means a
third party is receiving personally
identifiable data. That third party
could store it on servers in various
locations, introducing data res-
idency and legal jurisdiction is-
sues. Although official ownership
of the data always sits with the
original company, as does the ul-
timate liability, every addition to
the supply chain reduces the com-
pany’s direct control over its data.
3. Data Integrity—Data segregation is a critical requirement for
security within the social technical system. Even if a TRM firm
assures that it provides each of
its clients its own dedicated da-tabase to enable truly segregated
data and prevent data leakage
between clients, can the firm provide the same assurances about
any aggregators they use?
4. Recovery—GDSs can recover
from a disaster more quickly than
an aggregator can. U.S. government surveillance agencies use
metadata within the PNRs on
GDSs to help protect U.S. borders,
allowing them to identify suspects, enforce no-fly policies and
establish travel patterns. Because
of this, GDS systems are secure.
Should the unlikely happen, they
have extremely robust processes
in place to ensure confidentiality,
integrity and availability, far surpassing anything an aggregator
Any company implementing
TRM should review its own data
risk appetite and ask all potential
providers serious questions about
processes, data sources and the
data supply chain risk-mitigation
measures they have in place before contracting for services.
Has Data Security Risk
Undercut the Role of Third-
Party Aggregators in TRM?