A Privacy Tsunami May Be Coming to Retail Travel

by Paul Ruden
A Privacy Tsunami May Be Coming to Retail Travel

Travel advisors should begin to think about how they will comply with the central concepts that are likely to be part of any state or federal privacy legislation. Photo: Shutterstock

In April, we wrote about recent developments with the California Consumer Privacy Act (“CCPA”). We indicated that the legislation was subject to numerous amendments and to the issuance of implementing regulations.

The California legislative calendar provides that the Senate will remain in session with committees active until the summer break that starts July 13 (if the budget has been passed), resuming Aug. 12 and wrapping up with final passage of all bills by Sept. 13. The governor must sign or veto passed bills by Oct. 13. The legislature will reconvene on Jan. 6, 2020. The General Assembly schedule is almost identical.

Much time remains, therefore, for the California legislature to lighten or worsen the burdens imposed by the CCPA. But that’s not all. A recent editorial in the New York Times entitled “Where is America’s Privacy Law?” lays out the problem. The U.S. does not have a national privacy policy akin to the General Data Protection Regulation (GDPR) adopted by the European Union. Multiple states are considering their own privacy laws to curb abuses in the handling of consumer personally identifiable information that is collected, and sometimes sold, in the course of many types of commercial transactions, including, of course, retail travel.

One overall solution would be a realistic federal law that sets a single national standard for privacy controls. Ideally, that federal law would preempt all state laws so that, for example, travel advisors would not be forced to comply with multiple and variable state laws governing, in some cases, a single transaction and usually in interstate commerce. Time is running out for this year, however, and Congress is locked in multiple partisan quagmires that may prevent a single workable privacy bill from being adopted. California and other major states are not going to wait for a comprehensive federal solution.

The best present course of action for travel advisors seems to be this: Begin thinking about how you will comply with the central concepts that are likely to be part of any state or federal privacy legislation. It still seems premature to invest in a particular approach until the legal path ahead is clearer. The following questions, at least, should be on that thinking list:

1. What specific types of personally identifiable data (“PI data”) do you collect?

2. Of the PI data you collect, which specific data items do you transfer to other businesses in order to conduct your own business?

3. What notice do you give consumers as to the specific purposes for obtaining and sharing their information?

4. Is any of your information sharing avoidable; that is, it is not essential to completing transactions on behalf of the person providing the information?

5. If a consumer asked you to avoid/stop sharing her information, how would you assure that the request was honored?

6. If a consumer requested deletion of her personal information from your systems, which data elements could you delete entirely and still complete the business for which the data was provided?

7. If you actually sell consumer information to third parties, how important is that to your business?

8. Are you interested in paying consumers for the right to sell their information and, if so, how would you give notice and process these transactions?

9. What industry-standard practices do you use to encrypt or otherwise protect personal information of consumers; if none, how will you go about installing such protections into your office workflows?

Having the answers to those questions will go a long way toward preparing your business to comply with the coming wave of consumer data protection rules, whatever their ultimate source and whenever they become law.

TMR Recommendations
Top Stories
What Does Your Out-of-Office Message Say?

In the dog days of summer, some travel advisors try to take a vacation. While you’re gone, what does your out-of-office message say about you and your business?

California Independent Contractor Status Still In Jeopardy as State Senate Debates Bill

On Monday, legislators discussed a broad bill that could eliminate the ability for travel advisors to be engaged as ICs in California.

With Political Unrest Growing, What Protection Does Travel Insurance Offer?

Recent civil unrest in Puerto Rico and Hong Kong once again raised the issue about what insurance travelers should purchase for the best protection.

What Advisors Should Know About Succession Planning for a Small Business


The existence of an estate plan that provides for proper handling of the business in the event of the death of the owner is an essential legal document to put in place.

Travel Agent Popularity on the Rise Yet Again

MMGY study shows travel agent popularity is again on the rise as more consumers seek them out for their international expertise and knowledge of tours and lodging.

Look-a-Like Travel Booking Websites Could Cost Consumers

Legitimate looking websites appear to represent popular airlines and hotel chains, but they are costing travelers money and creating customer service nightmares.

News Briefs
Tip of the Day

As travel advisors, we have to be curious. Curiosity leads to impactful connections that pave our road to success. - Jenn Lee, VP of Sales and Marketing, Travel Planners International

Daily Top List

U.S. Airports with Shortest Security Wait Times

1. Salt Lake City International

2. Washington Dulles International

3. Boston Logan International

4. Minneapolis-St. Paul International

5. Charlotte Douglas International

Source: TMR

TMR Outlooks