Airlines’ Sky-High Data Volumes Need Down-to-Earth Protection
Think you have regulatory and compliance issues? Be thankful you are not an airline (and if you are, we feel your pain).
Not only are airlines charged with securing personal data across multiple domestic and international jurisdictions. They have compliance requirements securing peoples’ physical safety, even their lives. State security regulations require that airlines enforce no-fly lists in the fight against terrorism, and be able to trace where individuals fly to or from at a moment’ notice. They’re monitored by the FAA, OSHA, EPA and Justice Department/ Disabilities Rights. No doubt there are more.
Then there is data. Lots of data, gathered from reservation and travel agents, airport kiosks and at boarding, when the airline sends an email notification or you use an airline’s mobile app to check flight status. Do you like to fly early morning, park remotely, prefer aisle seat, eat vegetarian meals, get a hotel room when you book your flight or check bags? Do you book two days ahead or two months, go to Atlanta every month, purchase items in-flight?
All this is a treasure trove of Big Data analytics for marketing and sales. Certain data also needs to be time-stamped so that it can be found quickly for investigative purposes.
The biggest concern may well be personally identifiable information ─ PII. Every U.S. state and most every country has laws regarding the use, handling and protection of personal data. The UK’s Data Protection Act and EU Data Privacy Directives have a similar purpose. Industries have regulations as well, such as the credit card industry’s PCI –DSS regulations (which apply directly to airlines) and the healthcare industry’s HIPAA/HITECH.
Backing up and storing data under normal circumstances pose an enormous risk for airlines. Failure to do so carries large financial penalties. Imagine the challenge – and opportunities ─ for missteps while integrating systems, databases and storage post-merger of two giant carriers. Who has what and where is it?
Given the enormous data volumes and complexities airlines are trying to manage, adhering to the PCI framework as a basis for PII protection is a positive step. Undergoing the PCI audits provides an annual sanity check that compliance is secure, at least for that moment in time. The challenge for airlines ─ and really any company required to adhere to PCI-DSS regulations – is to embrace the discipline as part of everyday operations, and not just an annual event.
Peak 10 is intimately familiar with the challenges presented by PCI-DSS compliance and the effort required to maintain it on a continuous basis. Our PCI-compliant data centers and PCI-compliant cloud services are key elements is what is the industry’s most comprehensive compliance program. Perhaps the airlines should stick to the clouds they know best.