There tends to be perceived concerns from many companies when their data leaves a country or region. For many industries, it is possible to have data reside locally. When it comes to travel data however, it's an illusion because no one can really do it. Why? Because of the nature of travel data, and the vast number of companies involved.
Travel Data has Become Multinational
We have been seeing for a number of years now that the location of your data matters, and companies will ask the question, “where is the data stored?” I am sure some of you have had the question within RFPs amongst other topics such as security or privacy. And sometimes, this becomes not a question but a mandate as to where the travel data must reside. But is that possible with travel data?
Data Location
Let’s step back for a moment to determine why companies are asking this question. Often data location is buried in questionnaires or attached to other standard security questions like GDPR, which gives the impression that GDPR has some requirements for data storage in a region. However, that is not the case. McAfee, the cybersecurity experts, has indicated that neither GDPR nor its predecessor has any storage location requirements and that often it is local laws that may request it. Perhaps it is because of unfamiliarity with GDPR or even local laws that the request is made for local hosting. Or there might be a sense that if the data is hosted locally, it covers a number of legal and regulatory requirements - but it isn’t that simple.
Data Transmission Overlooked
Unlike with actual security questions, the path to which transmission of data occurs is not usually a concern for some reason. While data in transit is more difficult to acquire, it is still possible, and often companies do not route their data traffic. For instance, a company with offices in Buffalo, New York, and San Diego, California, could have its data traffic bounce through Canada before reaching the other destination.
And although that can happen during a normal course of business, it is also possible for hackers to reroute traffic to their servers before having it go to their final destination. A routing attack like a Border Gateway Protocol (BGP) can create a new route that may not be the fastest path for data and send the route to hackers' servers where the data can be accessed and copied.
One of the best ways to protect against this attack is not to prevent the rerouting, but to encrypt the traffic so that it is more difficult to see even if it is captured. However, traffic routing can also provide more control in terms of the path of the data. Traffic routing can select the data packets through desired paths - but that often is not asked in questionnaires regarding data locations.
Cloud Providers and Backups
Many organizations today are leveraging Cloud technologies in some form. And many of the Cloud providers have also adapted to the needs of customers by providing instances of their services in many regions of the planet. There are also optimization and geo-redundancy reasons for doing so, but one of the primary reasons is to satisfy local or legal concerns where the data resides. And while that might on the surface seem like it is adhering to local laws and protection, a closer look may mean that it isn’t the case.
One of the benefits of the Cloud is that the data can be stored with a third party whose core business is infrastructure and who would have the ability to operate multiple instances, separated geographically so that in the event of a power outage or disaster in one region, the backup or redundant server could take over to for no disruption to service or your business. But where are those servers located?
Because of geo-redundancy, it likely is not in the same cluster location as your primary servers. A little more probing reveals that a Cloud provider like Microsoft has its primary location for data is based on where you signed up. Still, the company doesn’t reveal exactly where data could be copied to for resilience. So it could be that your data storage is "mostly" accessed in your location of choice, but your backup or redundant data is actually outside of your borders. However, in fairness to the Cloud providers, they acknowledge the challenge, and address the concern in statements on their website. From Microsoft Azure, for example: Microsoft may replicate to other regions for data resiliency, but Microsoft will not store or process customer data outside the selected Geo. You and your users may move, copy or access your customer data from any location globally.
Laws and Jurisdiction
Another concern is that even if all the data is residing in your local region, including backup, that your data could still be subject to the laws of another nation. Governments are often aware of these issues as national security is a larger concern than corporate security. An example of such concern from the Canadian government: As long as a Cloud service provider that operates in Canada is subject to the laws of a foreign country, Canada will not have full sovereignty over its data. This is because there remains a risk that data stored in the cloud could be accessed by another country. Data sovereignty is complex and continuously evolving as foreign laws are being tested in foreign courts.
Partner data - Travel
TMCs, like most companies, submit RFPs for their clients that request having data reside in a specific region or nation. Often great care and diligence are taken to ensure that all information is accurate and meeting or exceeding the client’s needs.
However, the travel industry has many different providers involved in the making of a trip. And those providers can change depending on where the traveler is located and where they are traveling to. As a hypothetical example: A TMC in Mexico could be booking a flight and a 3-night hotel for a client traveling from Santiago, Chile to Bogota, Columbia. The travel is all in South America, but three nations are already involved in this transaction: Mexico, Colombia, and Chile. So in this one transaction, data could potentially be crossing the borders of three countries for this one traveler.
However, it could still be much more than this. For instance, if the flight was LATAM, the data will additionally go to the US since the underlying reservation system for LATAM is Sabre, based in Texas. The data could also be going to Europe if the Mexican TMC is using one of the popular GDSs, Amadeus, a Spanish company. And possibilities can be more significant with the hotel property management system. Unlike the GDS, there are many providers of property management systems. The hotel in Bogota could have its data hosted by an Indian property management system like eZee.
So in this example, the data crossed several borders and four continents. And that can vary from booking to booking as well.
Partner Data - Technology
Unlike travel partners, technology partners have much more control of travel data. Software-as-a-Service (SaaS) providers are generally providing services on data that just happens to be travel data. Those services can be for analysis, benchmarking, consolidating, etc. A website host in the cloud (Microsoft Azure, AWS, and others), as an example, can have content sources from a variety of inputs that a client determines beneficial, but that does not mean the output of the website resides across the globe. It can reside in one or more locations that a client chooses, but the data is not 'traveling' like with partners who are executing travel (GDS, airlines, hotels).
Final Thoughts
It might be the case that the RFP sections around data hosting is simply attempting to take the most restrictive approach to cover off all possibilities. Having the data locally may provide a false sense of security and allow a respondent to check off that they are complying. However, in the case of data security, the data may still be vulnerable as travel data is very much global and often is without borders. Rather than a ‘yes’ or ‘no’ answer on those RFPS, perhaps it is better to inform clients on the nature of travel data, the number of global systems involved in a booking, and that sometimes travel data will still need to travel.
For a downloadable PDF of this whitepaper, download below!
