< ? php //If there is analytic campaign data, attempt to get the campaign_guid from that cookie if ( 1 === preg_match( '/pk10mkto-([0-9]+)/', $_COOKIE[ '__utmz' ], $match ) ) { $campaign_guid = $match[ 1 ]; } ?>

Airlines Have the Highest Standards for Compliance

March 3, 2014

Airlines’ Sky-High Data Volumes Need Down-to-Earth Protection

Think you have regulatory and compliance issues? Be thankful you are not an airline (and if you are, we feel your pain).

Not only are airlines charged with securing personal data across multiple domestic and international jurisdictions. They have compliance requirements securing peoples’ physical safety, even their lives. State security regulations require that airlines enforce no-fly lists in the fight against terrorism, and be able to trace where individuals  fly to or from at a moment’ notice. They’re monitored by the FAA, OSHA, EPA and Justice Department/ Disabilities Rights. No doubt there are more.

Then there is data. Lots of data, gathered from reservation and travel agents, airport kiosks and at boarding, when the airline sends an email notification or you use an airline’s mobile app to check flight status. Do you like to fly early morning, park remotely, prefer aisle seat, eat vegetarian meals, get a hotel room when you book your flight or check bags? Do you book two days ahead or two months, go to Atlanta every month, purchase items in-flight?

All this is a treasure trove of Big Data analytics for marketing and sales. Certain data also needs to be time-stamped so that it can be found quickly for investigative purposes.

The biggest concern may well be personally identifiable information ─ PII. Every U.S. state and most every country has laws regarding the use, handling and protection of personal data. The UK’s Data Protection Act and EU Data Privacy Directives have a similar purpose. Industries have regulations as well, such as the credit card industry’s PCI –DSS regulations (which apply directly to airlines) and the healthcare industry’s HIPAA/HITECH.

Backing up and storing data under normal circumstances pose an enormous risk for airlines. Failure to do so carries large financial penalties. Imagine the challenge – and opportunities  ─ for missteps  while integrating systems, databases and storage post-merger of two giant carriers. Who has what and where is it?

Given the enormous data volumes and complexities airlines are trying to manage, adhering to the PCI framework as a basis for PII protection is a positive step. Undergoing the PCI audits provides an annual sanity check that compliance is secure, at least for that moment in time. The challenge for airlines ─ and really any company required to adhere to PCI-DSS regulations – is to embrace the discipline as part of everyday operations, and not just an annual event.

Peak 10 is intimately familiar with the challenges presented by PCI-DSS compliance and the effort required to maintain it on a continuous basis. Our PCI-compliant data centers and PCI-compliant cloud services are key elements is what is the industry’s most comprehensive compliance program. Perhaps the airlines should stick to the clouds they know best.

Fine tune your content search

About Peak 10

"Our values are the foundation for everything we do at Peak 10, and are ultimately what enable us to earn our customers' business and their trust."
David H. Jones,
Board Member, Peak 10 + ViaWest