• News
  • Key issues

Going places? Pack your data securely!

With summer just around the corner and thoughts turning to the joy of that summer break, think about how much personal information you are sharing for you and your family, who’s going to have access to it and how you can protect yourself from your data falling into the wrong hands.

By Rightly

Mon 14 Mar 2022

7 min read

Travel blog

For two years, booking and going on holiday has been something of a challenge.

As we emerge from the pandemic, many are thinking it's finally time to resume those long hot summer days lazing on the beach, drinking sangria and soaking up the sun. They’re frantically looking online for the best offers and travel destinations to visit this summer.

But beware - booking a holiday online comes with data risks.

Imagine you’ve just found the perfect holiday on a website you don’t recognise, and it sounds great. In seconds you’re busy entering highly personal information, willingly handing over your age, your bank details, your passport number, your children's names, your address. You can see where this is going, right?

Take a moment to think about what that information could be used for. Assuming it’s a reputable company, your data certainly can and is used to build a profile of you – which has value to the travel company and the people they often pass this information on to – be it airlines, car hire companies, hotels, and resorts. And of course we experience the benefits when things are joined up. To ensure continuous profits and organisational success, the businesses operating in the travel industry must keep up with this changing environment and data analytics is the key measure that helps them to stay at the top of their game.

But it’s a fact that many of these companies sell on your data to ‘data brokers’ who in turn sell this information online, sometimes ending up on the dark web and in the hands of criminals. So, if you’ve submitted a raft of personal data, now or in the past, it’s out there and can be vulnerable. And even more so if the data has been handed straight to the unscrupulous.

By collecting, analysing, and interpreting data, travel companies gain useful and valuable data insights and convert them into a functional action plan to stimulate their business growth and to establish their name in the market.

So, what are the dangers of booking a holiday online and what can we do to alleviate potential harm from these companies harvesting our personal information?

First, how do travel companies use data?

Travel companies are experts in using bookings data to create products, competitive tools, and targeted promotions. The vast quantity of data captured during the bookings process enables these industries to create ultra-personalised emails for their customers. It’s basically how the travel industry works and has grown significantly over the years. And it’s helpful to us.

As you ponder where your summer holiday is going to be, don't be surprised to receive some emails a few minutes later with suggested packages, hotels or excursions as those travel companies use your data to deliver a targeted campaign directly to your inbox based purely on your search history.

Centre Parcs, for example, email all guests in advance of their holiday, asking for personalised information. Not only does this personalised targeting foster excitement and generate interest, but it provides the company with data regarding their customers' interests, plus it's a handy way to boost sales by encouraging pre-booking or incentivising products. Remember, the more they know about their customers before they set foot through the door, the better level of service they will be able to provide. And the more valuable the data they hold about you.

Travel bosses make informed decisions based on analytics and number-driven data. They identify targeted groups of potential customers at every stage in the trip planning process. This data can even be used to predict which new products might work well in their market. This includes the ability to anticipate future demand more accurately, optimise pricing strategies, target marketing more precisely and improve the customer experience.

How do travel companies get your data?

Travel booking data is collected through various sources, including online bookings, agency-based bookings, surveys, app and ticketing services. These sources record and analyse the information and then apply filtering methods to eliminate duplication and other irrelevant data.

When you’re booking you may be asked to give your identity, contact and financial information by filling in forms or by corresponding with them by post, phone, email or otherwise. This includes personal data you provide when you:

  • make a booking or enquiry for use of travel services
  • subscribe to a newsletter or other publications
  • request marketing including requesting a brochure to be sent to you
  • enter a competition, promotion, or survey
  • giving feedback.

Be vigilant because every step of the way travel companies are collecting data.

As you interact with travel websites, be aware that they automatically collect technical data about your equipment, browsing actions and patterns. They collect this personal data by using cookies and other similar technologies.

Why is tourism data important and how is analytics used in tourism?

Tourism analysis is an important tool for optimising tourism marketing. Today's analytics-based approaches can leverage new alternative datasets to identify who their visitors are, pinpoint where they should focus their marketing efforts, and answer other important questions about their tourism sector.

Data tracks changes in the number of visitors, provides the breakdown of tourists, and ranks destinations. It also gives the demographic profile of domestic tourists—their gender, age, and where they are from. It can identify the nationality of foreign tourists. All valuable intelligence for decision making at our data expense.

How is social media used in the tourism industry?

Social media has made a huge impact on the tourism industry. Consumers engage with social networking sites to research trips, make informed decisions about their travels and share their personal experiences of a particular hotel, restaurant, or airline. They also provide valuable feedback – which provides a complete profile of who you are and what you like. All good fodder for marketers to target you. So, be mindful of what personal information about you and your family you share.

Can travel companies use the personal data they collect on me?

General Data Protection Regulation (GDPR) applies to all travel businesses that collect and use the personal data of EU citizens. GDPR requires that they have a lawful basis for the processing of personal information. For now, GDPR law is still valid in the UK too.

GDPR requires all organisations to review how they collect, hold and process personal information and how they communicate with individuals. Travel businesses need to demonstrate their compliance with GDPR.

But let’s not forget, for a travel business, data is often their most valuable asset - without a list of existing and past customers, the impact on a business's ability to generate repeat customer sales will have a seriously detrimental effect on its value when it comes to a potential sale.

How long can a travel company hold personal data?

Despite the apparent strictness of the GDPR's data retention periods, there are no rules on storage limitations. Organisations can instead set their deadlines based on whatever grounds they see fit, which means it’s important to take back control of data.

How can you restrict travel companies automatically harvesting your data?

First read the Privacy Policy - it’s helpful to understand what a company actually says it's going to do with your data. Other things you can do include using a Private Messaging Platform or use ‘ad blockers’ and ‘tracking blockers’. You could also go private with a VPN which prevents your IP address being seen. Some browsers, such as Apple’s Safari, use blocking technology to prevent websites tracking what else you're looking at.

What is the right to get your data deleted?

The right to get your data deleted is also known as the 'right to erasure' and this right is enshrined in the GDPR legislation. You can ask any organisation that holds data about you to delete that data. They have thirty days to comply.

Can I ask a travel company to delete the information they hold on me?

Yes, you can ask for your data to be deleted when, for example, the data the company holds on you is no longer needed or when your data has been used unlawfully. Personal data provided when you were a child can be deleted at any time.

How do I ask travel companies for my data to be deleted?

You should contact the travel firm and let them know what personal data you want them to erase. You can make your request verbally or in writing. We recommend you follow up on any verbal request in writing because this will allow you to explain your concern, give evidence and explain what you want to happen. You will also have clear proof of your actions if you decide to challenge the organisation's response.

What to do if the travel company does not respond or you're not happy with the outcome!

If you're unhappy with how the travel company has handled your request, you should first raise a concern with them and allow them to resolve the matter. If you remain dissatisfied you can make a complaint to the ICO. Go to: https://ico.org.uk/make-a-complaint/

Time to take back control of the data travel companies hold on you!

Travel and tourism will no doubt see a post-pandemic steady and vibrant growth in demand, owing to the pent up demand. Thus, there is a need for the industry to safeguard their customers' trust by ensuring that personal information remains secure against data theft.

So, don't forget it's important for you to constantly review your digital travel footprint – to see what companies have your data and to ask those companies you don't regularly engage with to delete it. Companies can obtain legal access to your data easily, often before users even realise they've given their approval. In doing so, users may not realise that they’ve effectively “signed” a legal agreement that allows businesses to do whatever it is they have included in the terms.

Rightly Protect

The best and most efficient way to get your data deleted is to use 'Rightly Protect'. This will analyse your email box to identify just how many companies have your data. Then within a few minutes you can decide from the list of companies generated, who you want to ask to delete your data, with one click.

This will help you reduce the size of your digital footprint by reducing the number of companies, including travel firms, that have your data. In turn, that will help reduce the numbers of UK consumers being targeted and falling victim to hacks, scams, and unwanted marketing and spam each year.

To find out more about Rightly Protect, and to start the reduction of your digital footprint, go to right.ly.

Related Articles