For Your Eyes Only: Keeping Information Confidential

Even before the Facebook data scandal occurred earlier this year, we all have known how vital it is to protect clients’ personal and financial information. But it’s a good idea to remind ourselves from time to time about important practices we must incorporate every day.

Maintaining client confidentiality is crucial because it builds trust between travel professionals and their clients. And when clients trust their agents, they are more willing to share important and necessary information, making it easier for travel professionals to do their jobs effectively.

Travel counselors, clients, and suppliers all have an ethical obligation to respect confidential information. An advisor should not disclose information gained from a client to anyone except others in the industry who need it to provide services. (By requesting your services, the client has given implied approval for these disclosures.) Clients’ travel plans should not be discussed outside the office, and information about their plans should not be given over the telephone to anyone except the client. Particular care should be taken with voicemails and all other telephone messages. Details concerning confidential information should not be left in a message or other recording because someone other than the client may have access to messages. Leaving your name and contact information should be sufficient to encourage the client to call you back.

In addition, travel professionals should never discuss with the public the cost of travel benefits received from suppliers, and supplier representatives should treat information about travel counselors as confidential.

Additionally, credit card information must be handled with special care and in compliance with the Payment Card Industry Security Standards Council (PCI SSC) standards. If you keep information on your computer, PCI security standards require it to be on a safe, encrypted server. If you absolutely must keep a paper copy of credit card information, it must be in a locked drawer. However, the better practice is to shred the paper upon completion of the transaction. The PCI SSC warns that clients and agents should never send credit card information via email. And you must advise your clients to never email financial or other confidential information to you but to phone you instead. More information on keeping your systems secure can be found on the PCI SSC’s website at pcisecuritystandards.org.

But it’s not just credit card, financial, and banking data that should be locked up. Other information to safeguard for clients and their family, guardians, friends, partners, emergency contacts, employees, and travel companions include:

• Personal information (name, gender they identify with, address, date of birth, age, social security number)
• Identifying information needed for travel (numbers for passports, known traveler identification, TSA pre-check, global entry, driver’s license)
• Medical, personal care and special needs information and any related medical histories
• Travel itineraries and other travel documents
• Correspondence, messages, and other communication with clients
• Information regarding religion, political preference, race or ethnicity, sexual preference or lifestyle, and any other protected information
• Anything your clients consider confidential and non-disclosable

Here are more tips on keeping client information confidential:

Never discuss client information in any public location where you can be overheard, including a hallway at your workplace, in Starbucks, or on a phone at your child’s soccer practice.

When not in use, always keep client information in a locked and secured location in your office. Shred documents when you are finished with them.

Never leave information visible on your laptop screen when you are not at your desk.

Never leave documents unattended at fax machines, copiers, on your desk, or in any other location where they might be seen by others.

Always use caution when sending information over the internet. Don’t respond to unsecured or suspicious emails or visit suspicious websites.

Never share your passwords. This not only is bad practice; it typically violates most companies’ policies because of a risk of data breach.

If you don’t have a cell phone designated exclusively for business, always be diligent in deleting text messages, emails, voicemails, etc. to prevent others from seeing them on your personal phone.

Before posting on your website or on any social media page, always seek permission and obtain waivers from clients and everyone else who appear in your photos and videos. This is especially important when children may be visible.

The bottom line is that it’s critical to take your ethical obligations seriously in protecting your client every day. Using your common sense and good judgment will go a long way toward keeping your clients safe.

Today’s Hot Tip Tuesday was based on information in The Travel Institute’s Certified Travel Associate (CTA) course.