ENTER2020 eTourism Conference presentation

1. 1
Enter2020
Panel: Privacy & Cybersecurity

2. 2
About Carnival
9 cruise lines
104 ships
237,000 lower berths
12.5M passengers carried
700 ports visited around the world
21 new ships scheduled to be delivered through 2025

3. 3
Threeof my largerPrivSec headaches
1. Rapidly changing regulatory environments
How to remain compliant
The effect of multiple applicable national laws
2. Data proliferation
Purpose of collection
Nature of data (operational, marketing, medical, criminal etc.)
Processing across international borders
Minimisation and risk-reduction
3. Human error?
Privacy-led culture
Root causes
Proactive vs reactive approaches

4. 4
Theregulatoryand legal environment
On a typical day, we have to take into account:
EU General Data Protection Regulation
Data
Protection
Code
BDSG
UK
Data
Protection
Act 2018
India
Data
Protection
Act 2019
USA
CA CCPA
ME LD946
NV Chap. 603
India
Cyber
Security Act
And all other EU Member States
Canada
7 Provincial
Privacy Laws
Plus many,
many others
Canada
Privacy Act
PIPEDA

5. 5
Dataproliferation
Often unhealthy tension between operational
and analytics needs
Our Insights teams say more data gives better
insight… so all data is collected “just in case”
Q: At what point does “for improving our
services” cease to be credible as a purpose
for retaining data?
Replicated across multiple systems, including
foreign-hosted cloud services
Risk reduction is our primary goal
Q: When do I go on holiday?
Mosaic Group Name Country Living
Mosaic Type Name Rural Vogue
Booking Propensity Model Class High
Fare Type Model Class Select Fare
Lead Time Model Class 0 to 3 Months
Lead Time Second Model Class Over 12 Months
Ship Model Class Ventura
Ship Second Model Class Britannia
Cabin Inside Model Class Low
Cabin Outside Model Class Low
Cabin Balcony Model Class Medium
Cabin Suite Model Class High
Trade Atlantic Islands Or Coast Model ClassHigh
Trade Baltic Model Class Low
Trade Norway Fjords Model Class Medium
“Number 5 need more input!”
Customer propensity model
(partial) of a VIP customer

6. 6
Humanerror?
Privacy-supporting culture is vital – no blame!
We investigate and classify root cause in three
high-level categories:
Human error
“I misheard their email address on the phone”
Human error controls could have prevented
“I wrote the wrong address on the envelope”
“We linked incorrect holidays” (back-to-back)
System error
“Accented characters are ignored”
Both proactive and reactive approaches
essential – light-touch Problem Management
0
5
10
15
20
25
30
35
Incidentvolume
Incident, near miss and identified opportunity by month
New Inc Closed Inc Open at EOM
Nature of incidents reported 2018-2019
Human error System error

7. 7
Thankyou!
Any questions?
