Given the mistakes made by Going Places’ Market Street, Manchester branch in handling its customers’ data, it is clear that not all agents are familiar with data protection laws and how to apply to them.
Nearly all organisations recording and storing personal data must comply with the Data Protection Act 1998. To conform to the law, you must notify the Information Commissioner that you are processing information.
Many people assume ‘data’ is only information stored on computers, but the law also applies to paper forms, print-outs and handwritten notes.
Independent agents may want to take this opportunity to refresh their knowledge of data protection law. And while this responsibility falls at a company level with most multiples, it will do no harm for branch staff to brush up on corporate policy.
Information Commission tips
The Information Commission is the Government body responsible for data protection. Here are its top tips for travel agents:
- Appoint a member of staff to take responsibility for data protection practices.
- Provide Data Protection Act training for all staff to ensure they are fully aware and understand their responsibilities under the act.
- Agents often need access to sensitive information about individuals, such as information about customers’ disabilities or special needs. Staff need to be aware that information of this nature should be handled with extra care.
- Provide staff with individual user names and passwords when logging in to company IT systems.
- Encrypt sensitive information stored on laptops before allowing them to leave company premises.
- Dispose of personal information securely, for example by shredding sensitive documents.
- Ensure computer hard drives are cleared before disposing of computers.
- Conduct regular internal audits of information systems to ensure compliance with the act.
Access to information
- Store documents containing personal information securely and ensure these documents can only be accessed by members of staff when it is relevant to their role.
- When you take group bookings, make sure you are clear with customers. For example, when speaking to them and in your written booking conditions and procedures, explain which members of the group can amend the booking and obtain information about it. Make sure staff are aware of these procedures when dealing with enquiries.
In March this year, ABTA published guidance to help its members comply with data protection laws.
An ABTA spokesman said agents do not normally discuss data protection law during a sale, but they should clearly display their policy in shops and on websites.
ABTA has sent out A4 posters for members to display in stores, and cards for desks. “It says the company takes full responsibility for data protection and that information can be passed on to suppliers,” said a spokesman.