Who and What can you Trust - Travel Industry - Julia Harris - Information Security Assurance and Compliance Director - Corporate 21 April 2022 - IDC
←
→
Page content transcription
If your browser does not render page correctly, please read the page content below
Who and What can you Trust – Travel Industry Julia Harris – Information Security Assurance and Compliance Director - Corporate 21 April 2022
Every journey has a beginning
Born different. Born on a bus, we’re part of a family with a track record for doing things differently.
PART OF CORPORATE
FLIGHT CENTRE BUSINESS
TRAVEL GROUP
TURNOVER
FCM ESTABLISHED
$12.5B
2004
CLIENT CUSTOMER
RETENTION SATISFACTION
98% 95%
GLOBAL
FOOTPRINT
Not your
97
COUNTRIES
8,000+
EMPLOYEES average TMC
MULTI AWARD WINNING
GLOBAL TRAVEL MANAGEMENT COMPANY
CLIENT GROWTH RATE
131%
WORLD’S LEADING TMC
10 YEARS RUNNING – WORLD TRAVEL AWARDSFlight Centre Travel Group
“ The Flight Centre Travel Group (FCTG) is one of the world’s largest
travel retailers and corporate travel managers. The company, which is
headquartered in Brisbane (Australia), has company-owned leisure and
corporate travel business in 24 countries, spanning Australia, New
Zealand, the Americas, Europe, the United Kingdom, South Africa, the
United Arab Emirates and Asia. FCTG also operates the global FCM
corporate travel management network, which extends to more than 90
countries through company-owned businesses and independent
licensees. The company opened its first leisure travel shop in Sydney
(Australia) in 1982 and listed on the Australian Securities Exchange in
1995.
”•More 01 flexible.
Interconnections in the Travel Industry
3rd Party Systems
Risk Finance
Airlines Providers System
Global
Distribution
Hotels System
Online
Others Booking Tool BANKs
Traveller
Web App
Reporting
Mobile
System
App
TMC Systems
Reservation TMC Traveller Third party
PII Financial
data controller
Mixed Data TMC s data Traveller s data
processor processor•More 01 flexible.
What Trust is there?
• Controller to Controller Relationships
- The (third-party) controller has overall control over the purposes and means of processing personal data.
- The controller has the highest level of compliance responsibility – they must comply with, and demonstrate compliance
with, all the data protection principles within their jurisdiction. In Europe this is GDPR, but elsewhere it will be the local
privacy legislation. The majority of countries in the world now have some form of privacy legislation – with the newest often
seeking to be 'as tough or tougher' than GDPR.
- Reliance on standard contractual clauses as the second most efficient international transfer mechanism for business.
- Excellent relationships with the major entities – less supported in current privacy regimes – there is no proof in this case.
• Controller to Processor Relationships
- Processors have responsibility for meeting legal privacy obligations to their controller(s). Wide list of responsibilities here
(e.g., security, data breach notification, audits, documentation, etc.). This is true in Europe and other jurisdictions with
robust privacy legislation but varies in countries outside the EU/EEA.
- Controllers have accountability for actions of their processors when processing controller's data. Hence annual
questionnaires and on-site visits for highest risk companies plausible.
- Standard Contractual clauses often in place for international data transfer from controller to processors.
- Annual questionnaires add little value in this relationship, beyond being a tick-box burden.
- SOC2 Type II and or ISO27001/ISO27701 are excellent options and are likely to become more prevalent.•More 01 flexible.
Data Sovereignty?
• We can retain data in specific jurisdictions for the majority of occasions.
• A number of key pieces of data protection legislation contain data sovereignty requirements, either requiring
data is retained in a specific geolocation or placing barriers to the transfer of that data to third countries.
Examples include China's Personal Information Protection Law, Russia's Law on Personal Data, India's draft
Personal Data Protection Bill, and of course Europe's GDPR.
• However:
- In the Travel Industry Data Sovereignty is an increasingly tricky issue, because unless you only travel within
one single country, or region, data has to flow outside that country or region.
- In order to fly, your personal data, including passport details, dates of birth, and some data which may
show health or religious affinities will reach your destination before you do.
- Also, the passenger manifest of every flight is shared with every country the plane flies over under
international treaties.•More 01 flexible.
Travel Life
• In June 2016, Flight Centre joined the Travelife Sustainability System, an internationally recognised certification
programme run by ABTA to promote sustainability within the tourism industry.
• On 17 Jan 2022 Flight Centre appointed Michelle Degenhardt as its global sustainability officer. She reports to
a member of the senior management team. More will happen in this space.
• Carbon Offsetting
- Air travel releases gases, including carbon dioxide (CO2), that contribute to global warming with flight
causing the largest environmental impact of any holiday. Carbon Offsetting is a reduction in CO2 in one place
in order to compensate for emissions made elsewhere.
• Carbon Removal
- Pay companies to extract carbon from the environment equal to what is created through travel. i.e. the future
of aviation fuel is being investigated to use Direct Air Capture and produce clear fuel rather than ‘black’ fuel.
• Reducing Energy Consumption
• Recycling
• We need to do this as everyone is more aware, we report on CO2 usage in our reporting. That is not why we
do it though, we are committed to ensuring the future of the planet, alongside facilitating our explorations of it.Discover the alternative
You can also read
