Date
20 November 2018
The massive data breach at Cathay Pacific shows us the potential risk of  not having an adequate data management mechanism and capability. Photo: AFP
The massive data breach at Cathay Pacific shows us the potential risk of not having an adequate data management mechanism and capability. Photo: AFP

Data can be both a valuable asset and a huge liability

It’s widely known that customer data is a valuable asset in the digital era. But it’s also a double-edged sword: massive data could become a ticking time bomb if the company that owns it does not have proper data governance mechanism and capability.

As case in point is the massive data leak at Hong Kong’s flag carrier Cathay Pacific (00293.HK), which affected up to 9.4 million passengers.

Cathay is well aware of the business opportunities arising from big data. That could be part of the reason why the carrier has lowered the entry threshold for its Marco Polo Club, a frequent flyer loyalty program.

For example, to renew the green card membership, a passenger only needs to fly two round trips to Taipei, instead of 10 times previously. Also, the minimum age for joining the Marco Polo Club has been lowered to 12 from 18.

By expanding the program’s membership and thus its customer database, Cathay can better understand people’s consumption habits and have a better way to reach them, both of which have great value that can be monetized.

Most companies, however, have only seen the value of customer data, but may not fully understand the huge responsibility of protecting such data.

As big data specialist Herbert Chia said, in order to bring out the value of big data, one has to properly organize and analyze the data and define the parameters by which such data is shared internally or with third-party organizations.

During this process, the company must protect customer privacy and prevent data leakage, and that involves complex and sophisticated data governance.

Regulators worldwide have tightened regulation over data protection.

The European Union’s latest General Data Protection Regulation (GDPR), which took effect from May this year, is by far the most stringent.

The GDPR imposes stiff fines in cases of non-compliance. Companies could face fines of up to 20 million euros (US$22.8 million), or 4 percent of their worldwide annual revenue in the previous financial year, whichever is higher. 

It remains unclear whether the carrier has violated the GDPR. Given that Cathay has a global revenue of HK$97.3 billion last year, 4 percent would certainly be a huge amount.

This will give us an idea of how much is at stake.

This article appeared in the Hong Kong Economic Journal on Oct 29

Translation by Julie Zhu

[Chinese version 中文版]

– Contact us at [email protected]

RT/CG

Hong Kong Economic Journal columnist

EJI Weekly Newsletter

Please click here to unsubscribe