Christopher Airey, CEO of DGI, explains why sovereignty, transparency and trusted ownership now more pressing than ever
_w=800_h=533.png?v=20230522122229)
Guest Post: Data security in travel management matters
The travel industry is no stranger to disruption.
In an era where cyberattacks are growing in frequency, data has become one of the most valuable and therefore vulnerable assets for organisations.
The latest warnings from MI5 regarding state-linked cyber interference, alongside Minister Dan Jarvis’s announcement of new measures to safeguard government and academic data, underscore a shift with direct implications for travel management.
MI5 further warns that data stored in China is exposed to heightened cyber risks, including intellectual property theft, and may not comply with UK GDPR or higher education standards.
Travel data is more than itineraries and ticketing details. It is a form of intelligence that if mishandled, can expose sensitive personal information, compromise business operations and reveal strategic plans.
Malicious actors see travel data as an increasingly attractive target. Travel itineraries for example, can map the movements of key people, highlight collaboration patterns and even hint at sensitive research or initiatives.
Minister Dan Jarvis said: “The mindset for businesses should not be ‘if’ we get attacked but ‘when’ we get attacked.
“That means our cyber defences and technical resilience must evolve to cope with the threat.”
This reinforces the reality that cyber threats are inevitable, and a proactive risk management plan is the way to stay secure.
At its core, data security begins with transparency around ownership and governance.
Travel management companies (TMCs) must operate with data transparency, clearly demonstrating how their information is structured, governed and protected.
Equally critical is data residency. Keeping sensitive travel data within UK or EU jurisdictions offers clear advantages over storing information in countries like China. Beyond meeting GDPR requirements, storing data within the UK or EU strengthens compliance, reduces exposure to foreign surveillance and provides organisations with direct legal recourse in the event of a breach.
Recent regulatory actions, such as the EU’s €530 million fine against TikTok for transferring personal data to China, illustrate the risks for travel management companies. Even indirect foreign control can introduce significant exposure, particularly for organisations handling sensitive information.
Transparency and strong governance are increasingly key differentiators when selecting a TMC. Clearly defined data processes for access, encryption and ownership demonstrate reliability and foster the trust that is essential in today’s environment.
TMCs that demonstrate independence from unpredictable foreign influence, robust compliance frameworks and meticulous record-keeping offer an added layer of assurance.
MI5’s recent statement serves as a stark reminder: cyber threats are real, increasing in frequency and impact, and no sector is exempt. Travel data, by revealing the movements and connections of people and programmes, can act as a vector for targeted threats.
Key considerations for TMCs to safeguard their data include:
Rigorous due diligence on suppliers examining direct supplier ownership structures, so organisations can ensure accountability and minimise hidden risks.
Storing data in the UK or EU given the strong regulatory frameworks and proven reliability, so legal protection, compliance, and operational confidence are maintained.
Clear transparency with clients about where their data is stored and who has access, so trust is built and expectations are managed.
Robust access and security controls including strict permissions, regular auditing, and comprehensive encryption protocols, so sensitive information is protected from unauthorised access or breaches.
Supply chain resilience planning through assessing risks associated with ownership changes, subcontractors, and potential cybersecurity incidents, so organisations can maintain continuity and reduce exposure to disruptions.
For the travel industry, particularly within the TMC space, this represents an opportunity to lead with integrity.
By prioritising transparent governance and secure storage, travel management companies can not only protect sensitive data but also strengthen trust with clients and partners in an increasingly complex digital landscape.
