Safe Travels: Prioritize Data Protection to Secure a Confident Customer Experience

July 28, 2022

Creating a delightful customer experience for travelers doesn’t always involve plush pillows and luxury linens, or boasting the latest in-flight flicks. Data security is most likely the last thing that comes to mind when one envisions extravagance, although it puts the peace in your customers’ peace of mind.  

Companies in the travel and hospitality industry must make data protection a priority in order to safeguard their own business and create a world-class CX for travelers.

Traveler data is at risk

Long gone is the era of booking your destinations with the family travel agent. Business travelers and vacationers globally resort to the world wide web when making travel arrangements — and that includes uploading personal information. This personal info goes beyond names, addresses, and birthdays to include passport numbers, credit card numbers, and — in the wake of the pandemic — health information like vaccination status or other medical details. 

The question is: Are businesses doing enough to keep sensitive customer data safe? 

Companies likely think so, until they find themselves the victim of a cyber incident. Over the past five years, EasyJet, Malaysia Airlines, British Airways, and Obitz all suffered breaches that put customer data in jeopardy, collectively affecting 10.5M+ everyday consumers across the globe. And while upscale hotels such as Marriott, MGM Resorts International, and the Ritz London promise a luxurious stay, they’ve all fallen victim to cyberattacks — exposing the data of their well-heeled guests. 

The consequences of data breaches 

Failing to properly secure customer data, at best, gives guests a headache, and, at worst, forces them to have to deal with stolen finances or identities. For companies, breaches can be quite costly. The UK’s data privacy watchdog Information Commissioner’s Office (ICO) fined British Airways £27.7m (~$35m) for failing to protect its customers’ data, and the hit to the company’s brand reputation is incalculable. The same agency also slapped Marriott with a £18.4m fine  (~$23m) for its data breach. 

Businesses found in violation of data security laws — such as the EU’s General Data Protection Regulation (GDPR) or the California Consumer Privacy Act (CCPA) — can face millions in stiff penalties from regulating agencies, and become the subject of costly class-action lawsuits. And once the trust of customers has been broken, it can be difficult to repair, resulting in the loss of future business. 

Travel and hospitality brands must take all steps to ensure they are in compliance with government data security regulations. Doing so requires not only training staff on best security practices, but also implementing technology that’s engineered with guardrails to protect customer data — and here is where things can get tricky. 

The problem with free, online translators 

While you can take all the requisite precautions to ensure your company’s own website provides robust and compliant data security — have you considered third-party platforms you use during business operations? And if you’re an airline or hotel using a free, online translator while communicating with foreign guests, then you may be putting customer data at risk without even knowing it.    

Using online translators (e.g., Google Translate) could mean granting the company behind it permission to harvest information from translated texts, which they could use to sell targeted advertising. If a customer service agent quickly copies and pastes a message into an online translator, they could be transmitting sensitive contact, payment, or healthcare data, inadvertently violating government regulations such as HIPAA. 

Machine translation engineered with data security in mind

Unbabel is an AI-powered, human-refined, multilingual translator purpose-built for customer service. The machine translator can translate 29 languages and features localization capabilities to identify idioms, slang, and differentiate between the French spoken in Paris and the French spoken in Quebec. Human translators constantly refine the AI so that it’s always evolving, growing smarter and staying updated with the latest lingo. 

But apart from delivering exceptionally accurate translations, Unbabel was engineered for data security and compliance with government regulations including GDPR and CCPA. Here’s how: 

  • Pseudonymization: All content undergoes an automated pseudonymization process to remove sensitive data and then restore it before delivery. 

  • Redacting: Unbabel uses a tool called Eraser to automatically hide sensitive data from our human editor community, including email addresses, phone numbers, and credit card information. It redacts specified classes of personal information from messages before they enter our translation pipeline.

  • Access control: Access to Unbabel’s technology is encrypted and firewall protected. All access credentials are segregated by work-group areas, provided to staff on a need-to-know basis, and audited based on internal security heuristics.

  • Two-factor authentication: Access to administration applications is secured by 2FA on top of standard user account authentication.

  • Audits and external validation: Unbabel has established internal security policies to increase digital and physical penetration barriers, and we regularly contract third-party information security audits to ensure compliance with best practices and relevant regulations.

  • Encryption: Customer data is encrypted using industry-standard and up-to-date cryptographic mechanisms.

  • Compliance and Certifications: Unbabel is fully compliant with GDPR, CCPA, and is certified under the EU-US Privacy Shield. To enhance our data security posture even further, we comply with key standards such as ISO 27001 and PCI DSS implementation.

Outstanding CX starts with security 

Travelers looking to close a business deal or enjoy a much-needed vacation never want to return home to find that data they provided to an airline or hotel has been stolen by malicious actors. 

Forget lost luggage, nothing takes the joy out of traveling like being the victim of a data breach. To really put the ‘safe’ in ‘safe travels’, travel and hospitality companies must first ensure their guests’ data is protected before they can help deliver magical customer experiences and cherished holiday memories.

Learn more about the rigorous steps Unbabel takes to keep data secure.

About the Author

Profile Photo of Jonathan Sowler
Jonathan Sowler

Jonathan Sowler is the Vice President of Engineering, Customer Apps at Unbabel. Jonathan leads Unbabel’s R&D teams, with a sharpened focus on delivering the translation service into a broad range of use cases, from document translation to the translation of customer service conversations. Prior to Unbabel, Jonathan was a founder Chief Technology Officer at JCP, an internet security pioneer that was acquired by Sun Microsystems. Since then, Jonathan has built a strong track record as an engineering and product lead, delivering compelling products and providing engineering and delivery for companies at different stages of development, from startups to enterprise technology companies including Microsoft. Jonathan joined Unbabel in 2019 after working with machine learning and alternative data teams at a London hedge fund.