Siemens Seeks Protection For Corporate Travel Data

Siemens Shared Services director of travel management Steven Schoen, alarmed at the extent to which his data is being sold to companies with which he does not even do business, is pursuing a solution with his preferred travel management and global distribution system companies to protect the privacy of employee travel patterns.

During the 2008 hotel request-for-proposals season, individual nonpreferred hoteliers contacted Siemens commodity specialists to ask about gaining more of their business, armed with the number of room nights Siemens booked in the hotels' zip codes. The hotel salespeople were using data purchased from hospitality business intelligence provider TravelClick's Hotelligence database. From the ARC designation and pseudo city codes representing the point of sale, the hoteliers were able to discern Siemens' local marketshare data.

Concerned by the loss of his company's data integrity, Schoen asked BCD Travel and Sabre to consider an unconventional solution: pooling Siemens travel data with other corporations' pseudo city codes and ARC information.

The move would further mask Siemens' corporate identity while neither upsetting BCD's travel management processes nor setting a roadblock for a valuable revenue stream for Sabre.

However, the proposed solution could create difficulties, as Siemens could lose some data accuracy and transparency, which could lead to trouble for travel management companies in reconciling hotel commission payments, increased GDS rate-loading efforts and negotiated rate piggybacking by other pool members.

"It's challenging enough today with the dedicated ARC and pseudo city codes for travel management companies to reconcile the whole hotel commission space," Schoen said. "If we start pooling it, it becomes that much more difficult."

Schoen also is pushing Sabre for further disclosure as to where his company's data is being sold and how it will ensure that travel patterns can't be used to analyze Siemens' broader business patterns.

Sabre Travel Network and Airline Solutions chief marketing officer Greg Webb said Sabre is transparent with its sales information.

Schoen has acknowledged that from what has been disclosed to him, the data is staying within the travel space. While selling Market Information Data Tapes that contain reservation information is legal as long as corporate identifiers are eliminated and individual traveler information is masked, Sabre restricts the use of that data solely to the "subscribing party," and it cannot be resold, Webb said.

The GDSs have said that they own the data, that they fulfill their legal data-privacy obligations and that MIDT sales generate a strong revenue stream. Airlines and hoteliers buy data directly from the GDS to measure market data and agency and corporate client marketshare agreements.

As for concerns that the masked data could be distinguished down to the level of a single corporation, Webb said it would take an "awful lot of work. There have been some mistakes made in the past in the way an agency may have a large number of pseudo city codes. In the past, there have been cases where agencies have in the naming of their pseudo city codes been given information that was recognizable to the airline as to the corporation that the pseudo was serving."

BCD Travel senior vice president of industry relations and global GDS Rose Stratford said, "A lot of it, unfortunately, is transparent because many of our clients do like to have dedicated ARCs or dedicated pseudos to be able to clearly identify their data, which makes it easier for reporting, hotel commission and pretty much provides total transparency. The problem is, once you have dedicated ARCs and dedicated pseudos it becomes pretty transparent to the vendor."

While data pooling is not a common practice, Stratford said, some smaller clients have opted for the pooling strategy. Global conglomerate Siemens, which had $170 million in U.S. booked air volume in 2007, would be one of its first large clients to do so.

"Some corporations are willing to do that and there some others that are not and they just weigh out the risk. It is an option and one that any travel management company can provide," said Stratford. "The question is whether the client is willing to give up some of the transparency that goes with having a dedicated ARC or dedicated pseudo city code."

Legality and common practice aside, Schoen said it should be the company's right to decide how its travel data is used and to whom it is being sold.

"For companies like mine that on an ongoing basis acquire or divest themselves of operating companies or who are working on huge commercial deals, if that data ends up in the wrong hands and with sophisticated software and algorithms, somebody can discern what's going on with a company by looking at their travel data, especially over time," Schoen said. "If you've got the history, and all of a sudden see a spike to a particular destination, you can start making some assumptions or doing some research to draw some conclusions. They shouldn't have that ability."

"I don't want to take a chance that anyone can slice and dice our data to gain business intelligence that is none of theirs to gather, especially through this supply chain," he said. "If everyone knows about it, lay it all out on the table."

Schoen said that by bringing attention to the "aircraft carrier-sized situation" and bucking conventional wisdom, the long-standing trend may change.

"I said to my executive management that we have a choice here," Schoen said. "We can resolve it for Siemens and make believe to the rest of the world that none of this ever happened, but my company and I believe we have a responsibility to the greater business community to make sure everyone knows what this practice is so they can determine how to deal with it within their own company."