Q&A: Balancing Data Privacy and Personalization in Travel & Hospitality

Both data privacy and personalization are essential customer experience (CX) considerations for the travel and hospitality industry, yet balancing the two presents a complex yet crucial challenge.

Against increasing regulatory scrutiny and advancing technological capabilities, travel and hospitality brands and business process outsourcing (BPO) providers like Inspiro are finding innovative ways to synergize.

In a recent interview, we sat down with Inspiro’s veteran subject matter experts, Chris Fajardo and Mike Ignacio, to uncover the nuanced data privacy and personalization strategies deployed in the travel and hospitality sector. Their experiences reveal a sector in transformation, grappling with the adoption of tools like generative AI and comprehensive CRM systems, all while adhering to stringent data privacy standards like the GDPR.

Meet Our Subject Matter Experts

Chris Fajardo, Vice President, Operations

Chris is a seasoned leader at Inspiro with a proven track record in CX management. He has over 30 years of experience in customer service across various industries such as retail, technology, banking, and travel and hospitality. He currently oversees several key accounts including two of Asia’s largest airline operations and Australia’s leading travel innovator with more than 800 CX experts across three global sites.

Michael Oliver Ignacio, Vice President, Information Security and Data Privacy

Michael Ignacio is a seasoned IT professional with over 20 years of experience in the BPO, Telecoms, Government, and financial institutions. He is a certified DPO, Comp TIA CysAT, Lean Six Sigma Green and Yellow belt, CMM oracle 8: PL/SQL Programming, Developer and Database Administrator. In 2022, he was recognized as the Best Data Protection Officer of the Year (BPO Sector) by the Information Security Officers Group (ISOG).

From the nuanced challenges of data collection in conservative markets to the cutting-edge automation in data security, their perspectives offer a candid look at the realities and future possibilities in the travel industry.

Join us as we examine how these developments reshape customer interactions and redefine the boundaries of data privacy and personalization in travel and hospitality.

In your experience, Chris, what have been the most transformative ways personalization has reshaped the travel industry in the last few years?

Chris: It has evolved the sector significantly, especially regarding non-agent-assisted interactions. For instance, when visiting airports in the US, simply swiping your identity card at check-in can lead to a personalized experience. The system recognizes you by name and assigns your seat based on preferences stored in the CRM record. This extends to in-flight services, too, like meal preferences on international flights, which are noted and addressed.

Furthermore, airlines are now adept at sending personalized emails regarding flight disruptions or changes, guiding passengers to their websites for alternative arrangements or cancellations. This level of personalization is consistent across various airlines.

In the hotel sector, similar trends are emerging. Guests can check in before arrival, eliminating the need for passport or ID verification at the reception, as these details are sent in advance. This streamlines the check-in process significantly.

Additionally, after each service—a flight or a hotel stay—customers receive a personalized Customer Satisfaction Survey (CSAT). The feedback from these surveys is tied to the customer’s record, reflecting their unique perceptions and experiences.

This attention to detail in personalization rapidly transforms how the travel industry interacts with and understands its customers.

Mike, regarding using data to personalize the industry, have you seen any effective technologies or strategies in using customer data for personalization?

Mike: From a broader perspective, the relationship between personalization and data privacy is complex. Initially, personalization was not a concern because accessing personal information like a customer’s first name or phone number was straightforward. However, this was when there were fewer security threats globally.

With the increase in global adversaries, the focus of personalization has shifted towards ensuring customer data protection. Although technologies that aid in customer service personalization are available, they often fall short when securing information. This is why we have seen the introduction of regulations and security standards. These standards are designed to balance the need for personalization with privacy requirements. They dictate what information can be extracted and used, ensuring that it aligns with business needs and complies with privacy laws.

So, while technology facilitates customer service personalization, maintaining data security and privacy is essential.

The choice of technology should be guided by its ability to help a business comply with [privacy regulations] requirements rather than its sophistication or popularity. It’s about finding the right tools that meet the specific needs of the business and the stringent demands of security and privacy standards.

Chris, could you elaborate on some challenges travel and hospitality brands face in personalizing their services?

Chris: One of the main challenges, especially in flight disruptions, is the balance between automation and manual processes. While automated systems can generate disruption notifications and send them to customers, there are cutoffs beyond which the system can’t operate, so there needs to be an effective, efficient, and empathetic call center team available to take over.

For example, when notified about a flight disruption for one of our airline clients, we receive a file with customer records, including their names and booking information. This file is password-protected to ensure data privacy, a crucial aspect of our approach to personalization. Having personal information within a system’s confines is one thing, but stringent measures are essential once it moves to external entities.

The heart of personalization goes beyond just addressing the customer by name. It’s about understanding and anticipating their preferences without them having to specify them repeatedly. This includes knowing their seat preferences and being aware of their allergies, especially regarding in-flight meals, whether on international or domestic flights.

Brands should look to reduce the amount of effort required from the customer. For instance, they shouldn’t need to re-enter their preferences whenever they travel. This level of service requires a comprehensive database that accurately records and applies these preferences across all their journeys, another challenge the industry faces.

A travel brand that recognizes and addresses these needs is efficient, positions itself as a customer-centric organization, and differentiates itself from competitors.

Mike, how can travel brands ensure ethical data collection and use in the context of personalizing services? What safeguards against privacy infringements should they consider?

Mike: The foundation of ethical data handling in the travel industry, or any industry, starts with acknowledging and complying with privacy regulations, such as the General Data Protection Regulation (GDPR) in Europe.

GDPR compliance is not just a legal requirement; it’s a marker of a company’s commitment to protecting customer data. This compliance earns respect from clients and end-users, ensuring their information is handled carefully and protected from unauthorized use, like unwanted telemarketing calls. Adherence to these regulations is vital to maintaining the privacy and security of client information.

Plus, while various technologies are available for data protection, the focus should not be on the technology itself but on how it aligns with data privacy impact assessments and security risk assessments. These assessments ensure compliance with privacy and security requirements, which can often be challenging. Therefore, the choice of technology should be guided by its ability to help a business comply with these requirements rather than its sophistication or popularity. It’s about finding the right tools that meet the specific needs of the business and the stringent demands of security and privacy standards.

Chris, can you provide insights on how data privacy regulations like GDPR have impacted the travel industry and operations? Have there been any positive or negative impacts on travelers and customers based on your experience?

Chris: The impact has been positive, albeit with some operational challenges. At Inspiro, we’ve implemented several measures to ensure the security of customer data entrusted to us by airlines or travel companies. This includes routine desktop audits to verify that our agents don’t have access to tools that could lead to data leakage, like writing tools or screen capture software. We also ensure that agents don’t save customer information on their desktops.

To further safeguard privacy, our agents are not permitted pens, paper, or cell phones at their workstations—only managers are allowed cell phones in the production area. This discipline, while positive in maintaining data integrity, does add a layer of complexity to our operations. We conduct regular monthly audits and work closely with clients to ensure compliance with each client’s specific Data Processing Agreements (DPAs).

Additionally, when it comes to data disposal, we have established processes in place. These include activities and exercises performed in the presence of clients to dispose of recordings and other sensitive materials securely. These heightened data privacy procedures, significantly reinforced over the past five years, are a testament to our commitment to protecting customer data in an increasingly privacy-conscious world.

Our role as BPOs extends beyond mere support; we’re integral partners in technology development for the travel industry, ensuring that any tools we develop are versatile and can be utilized across all customer interaction channels.

With emerging technologies like generative AI reshaping data management in the travel industry, what concerns do you have about data security and privacy?

Mike: Generative AI and related technologies are increasingly challenging to monitor regarding data flow. For example, generative AI could extract and publish data without our knowledge. Therefore, our cybersecurity strategies are evolving to maintain visibility within and outside our perimeters.

Just last week, we had a briefing about AI for our operations. While it offers significant benefits for personalization and operational efficiency, there must be more concern about controlling information flow. To address this, we’re exploring advanced cybersecurity technologies, like data leak protection, that can complement AI, ensuring data security as AI evolves.

Chris: Echoing Mike’s concerns, our focus when utilizing AI is to ensure that data remains confined within our servers or database.

We’ve created a knowledge base that feeds information directly to our internal deployment of ChatGPT, preventing it from sourcing data externally. It’s a secure way to improve CX by providing quick, accurate, and efficient responses. For instance, it can instantly provide details about bulkhead seats on our clients’ aircraft, which used to require extensive literature review.

While these technologies are beneficial and positively impact the customer journey, we’re continually working on backend strategies to ensure that all information remains secure and confined within our organization.

How have travel and hospitality customers responded to data collection initiatives like Know Your Customer (KYC) for frequent flyer programs?

Chris: Initially, we witnessed hesitations from customers in disclosing things like emails, phone numbers, and birthdays, especially in the Philippine market, which is traditionally quite conservative regarding the sharing of personal information. However, as digital transactions became more commonplace in sectors like finance and retail, customers gradually became more open to sharing their information.

The key was explaining the purpose and benefits of data collection, especially for fraud prevention and validation. For instance, personal identification questions help us verify the authenticity of a member to prevent misuse of their miles. Over time, we’ve noticed increased customer flexibility and openness to sharing personal data, recognizing its benefits in facilitating various transactions.

Mike: In a recent discussion with data privacy officers and CISOs from airlines, including one of the largest operators in Asia, we agreed that privacy is a double-edged sword. On one hand, if we don’t gather enough information, customers might feel underserved due to the limitations imposed by data privacy laws. On the other hand, if we ask for too much information, customers might perceive it as an intrusion and use data privacy regulations to challenge our practices. This situation requires us to perform a balancing act between respecting privacy and delivering quality customer service.

How can travel companies and BPO providers like Inspiro collaborate to enhance data privacy and personalization in the travel industry?

Chris: The role of contact centers and BPOs is crucial in bridging travel companies with their customers, especially with the advent of new technologies.

BPOs, being technology-driven entities, play a pivotal role in developing and refining these tools, offering expertise that might not be as readily available in more traditional travel industry departments like ticketing or airport services. This technical proficiency allows us to troubleshoot, refine, and polish these processes before they’re rolled out wider.

We recently launched a CRM tool to gather comprehensive customer data, enhancing the personalization process. Technologies like ChatGPT and various non-voice tools, which we’ve also implemented, streamline services and significantly contribute to personalization efforts.

Our role as BPOs extends beyond mere support; we’re integral partners in technology development for the travel industry, ensuring that any tools we develop are versatile and can be utilized across all customer interaction channels.

Mike: Automation has been a game-changer in terms of data security. Manual processes were standard in the early stages of automation, and data leaks were a significant concern. However, as automation has advanced, we’ve seen a substantial reduction in manual processes, leading to more secure and effective data management.

This evolution has allowed us to fulfill our contractual obligations to our clients in the airline industry by safeguarding their data more efficiently. The collaboration between operations and BPOs is critical in this regard, as it ensures the implementation of robust data protection methods.

Our focus is, and will always be, on enhancing data security while maintaining the fluidity and effectiveness of customer personalization and enhanced CX services for travel and hospitality brands.

Contact Us

Drop us a line, and let's see what we can do for you!

Contact Form

Japan

HEAD OFFICE

Kanto Head Office

Odakyu Southern Tower 16F 2-2-1 Yoyogi, Shibuya-ku, Tokyo 151-8583

*with our parent company, Relia

BRANCH OFFICE

Hokkaido Branch

Sapporo Sosei Square 1-6 Kita-Ichijo Nishi, Chuo-ku, Sapporo-shi, Hokkaido 060-0001

*with our parent company, Relia

 

Tohoku Branch

Sendai Honcho Bldg 2-3-10 Honcho, Aoba-ku, Sendai-shi, Miyagi2-3-10 Honcho, Aoba-ku, Sendai-shi, Miyagi 980-0014

*with our parent company, Relia

 

Chubu Branch

Nagoya Lucent Tower 6-1 Ushijima-cho, Nishi-ku, Nagoya-shi, Aichi 451-6007

*with our parent company, Relia

Kansai Branch

Harvis ENT Office Tower 2-2-22 Umeda, Kita-ku, Osaka-shi, Osaka-shi, Osaka 530-0001

*with our parent company, Relia

Chugoku & Shikoku Branch

Hiroshima Diamond Bldg 7-19 Hondori, Naka-ku, Hiroshima-shi, Hiroshima 730-0035

*with our parent company, Relia

Kyushu Branch

Tenjin Twin Bldg 1-6-8 Tenjin, Chuo-ku, Fukuoka-shi, Fukuoka 810-0001

*with our parent company, Relia

Okinawa Branch

Naha Shintoshin Media Bldg East 1-3-31 Omoromachi, Naha-shi, Okinawa 900-0006

*with our parent company, Relia

OPERATION CENTER

Sapporo Center

ORE Sapporo Bldg 1-1-7 Kitanijo Nishi, Chuo-ku, Sapporo-shi, Hokkaido 060-0002

*with our parent company, Relia

 

Sapporo-Kita Center

Sapporo Kita Bldg 2-8-1 Kita-Shichijo Nishi, Kita-ku, Sapporo-shi, Hokkaido 060-0807

 

 

Sapporo Mega Center

Maruit Sapporo Bldg 1-1 Kita Nijo Nishi, Chuo-ku, Sapporo-shi, Hokkaido 060-0002

 

Sapporo IT Front Center

Sapporo IT Front Bldg 15-28-196 Kita-kujo Nishi, Chuo-ku, Sapporo-shi, Hokkaido 060-0009

China

DALIAN

Room 502, Building 23, Dalian Software Park, No. 40 Software Park East Road, Dalian High-tech Park, Liaoning Province

*with our parent company, Relia

Thailand

BANGKOK

3rd Floor, Siripinyo Bldg, 475 Sri-Ayudthaya Rd, Thanon Phayathai, Rajthevee, Bangkok, 10400 Thailand

*with our parent company, Relia

Vietnam

HANOI

Floor 10, Detech II building, 107 Nguyen Phong Sac Street, Dich Vong Hau Ward, Cau Giay District, Ha Noi, Viet Nam

*with our parent company, Relia

HO CHI MINH

222-226 Hoang Hoa Tham, Ward 12, Tan Binh District, HCMC, Vietnam

*with our parent company, Relia

Philippines

PASIG CITY

Robinsons Cyberscape Alpha

5F Robinsons Cyberscape Alpha
Sapphire and Garnet Roads
Ortigas Center, Pasig City 1600
Metro Manila

Robinsons Cyberscape Beta

23F Robinsons Cyberscape Beta, Topaz and Ruby Roads, Ortigas Center, Pasig, Metro Manila

MAKATI CITY

Global Headquarters

6F LV Locsin Building
6752 Ayala corner Makati Avenues
Makati City 1200
Metro Manila

 

Insular Life Building

Ayala cor. Paseo de Roxas Avenues
Makati City 1209
Metro Manila

 

QUEZON CITY

Mega One Building
España Boulevard corner Mayon Street
Quezon City 4329
Metro Manila

 

Jackman Plaza Muñoz
4th Floor, 1038 Epifanio de los Santos Ave, Bago Bantay, Quezon City 1105, Metro Manila

MANDALUYONG CITY

Mandaluyong

418 Domingo Guevara corner Arayat Streets,
Mandaluyong City 1550
Metro Manila

ILOILO CITY

Molo

2F Iloilo Supermart Building,
San Jose corner Avanceña Streets,
Molo, Iloilo City 5000

DUMAGUETE CITY

LP Information Technology Park
Jose Romero Sr. Street, Bagacay
Dumaguete City, Negros Oriental 6200

Australia

SYDNEY

Suite 3, Level 27

Governor Macquarie Tower
1 Farrer Place
Sydney NSW 2000 Australia

Romania

BUCHAREST

Headquarters

3 Avrig Street, First Floor, District 2, 021571 Bucharest, Romania

*with our partner, Global Remote Services

PIATRA NEAMT

Office

11 Republicii Boulevard,
610005 Piatra Neamt, Neamt County

*with our partner, Global Remote Services

SUCEAVA

Office

Str. Narciselor, nr. 33, Suceava, Jud. Suceava

*with our partner, Global Remote Services

Nicaragua

MANAGUA

Invercasa

Centro Financiero Invercasa Torre 2,
4to Piso, Managua

Cobirsa

2nd floor, Edificio Cobirsa I, KM 6 1/2 Carretera A Masaya, Plaza Santo Domingo, Managua

 

United States

COEUR D’ALENE

Coeur d’Alene

Silver Lake Mall,
200 W Hanley Avenue,
Coeur d’Alene, ID 83815

Send Us a Message

Learn how we helped 100 top brands gain success