If you are a corporate travel manager, then you probably start each day with a scan of the latest news on data privacy, or rather the lack of data privacy. We are due for a major breach in the corporate travel vertical, judging by the relentless bad data practices in other areas. The travel industry is vulnerable to data breaches, given that each booking must include enough personal data to identify the traveler for security and service delivery and that numerous legacy systems each require a copy of certain data.
Why does data quality not feature more prominently on the list of key performance indicators for the corporate travel manager? I hear talk about service level agreements specifying how many seconds a phone can ring before it should be answered, but I don't hear anyone talk about an SLA for data security and accuracy. Apparently, they are not important enough to be included, or are they not considered measurable?
As quality data becomes a critical raw material and enabler for smart new services, we must improve our ability to manage and protect data, both internally and externally, and that requires new ways of thinking about the problem. Look at profile data as an example:
Step 1: Establish a meaningful SLA definition that can be included in a corporate travel service contract. Create a clear and easily measurable definition of a profile record, and then specify where it can be stored digitally—meaning nowhere else—and establish daily, weekly or monthly reporting of the total number of profiles stored.
Step 2: Describe the technical and operational environment: cloud versus on-premises, database type, encryption method, other systems accessing the data and number of database administrators.
Step 3: This is where the challenges start. We need a way of reporting and validating the above elements, and this can only be done via self-reporting by the supplier or via an expert appointed by the travel manager with the appropriate mandate to investigate the data environment inside the supplier setup.
Step 4: Establish the financial penalty associated with an SLA breach. It can be based on a combination of fixed fees—significant numbers please—for technical and operational breaches in general and a unit-based cost for each profile stored without authorization.
If you don't have any of the above in your travel services contract, you are exposing yourself to a major risk, but an SLA for data management can reduce the risk, whether the SLA is for profiles only or for other items like negotiated prices and policy compliance.