SportsTravel

Why Data Privacy Matters in Sports

Posted On: February 22, 2019 By : Amit Khanna

Whether fans are interested in football, baseball, NASCAR or major events like the Masters or the Olympics, they follow their teams or favorite athletes around the nation or even around the world. As a result, the sports-event industry ranks pretty high when it comes to the amount of personal data being exchanged en masse with third-party vendors.

Photograph: iStock Getty Images Plus

The General Data Protection Regulation (GDPR) came into effect in May 2018, a binding European Union legislative act that places greater obligations on how organizations in the United States handle EU citizens’ personal data. The dust from the introduction of the GDPR has not yet settled and now the sports-event industry must brace itself for the new California Consumer Privacy Act (CCPA) that takes effect in 2020. Driven by the continued rise in consumer data breaches and growing privacy concerns, the CCPA is a landmark policy comprising the most stringent data protection regime in the United States. And it is likely to force significant changes on organizations not already caught by the GDPR.

For most sports organizations, travel and events are a major component of a larger chain. This chain involves complex workflows where data originates, is transformed and pushed elsewhere. This means that the data doesn’t live in silos and can be quite pervasive. As a result, the impact of data privacy regulations affects your organization’s entire ecosystem and workflow.

The core of the CCPA consists of five new rights awarded to Californians:

The CCPA also contains less obvious rights embedded in the legislation, such as the right to data portability and the right for consumers to benefit from the sale or disclosure of their data to third parties.

Organizations anywhere in the world that receive personal data from California residents will be bound by new regulations if they (or their parent company or a subsidiary) meet just one of the following thresholds:

The law will significantly strengthen privacy in the United States when it goes into effect on January 1, 2020. And several other states are preparing to introduce their own sweeping consumer privacy laws, following in the footsteps of the GDPR and CCPA. If you’ve worked hard to comply with GDPR, you now have additional work to prepare for CCPA.

Your journey to comply with these privacy laws will go smoothly if you are operating in a well-architected software, maintain a process-driven environment and have an effective data governance program in place. Most of us aren’t operating in this ideal. Complying with the GDPR and/or CCPA is a business-wide challenge that takes time, tools, processes and expertise—and may require significant changes in your privacy and data management practices.

As a first step, you should learn about the new law, and work with a professional data privacy third party to interpret the new rules and monitor any changes. Then, do the following:

The GDPR and CCPA dimension goes beyond the sports-event industry. Data protection compliance is the “new normal,” and the way organizations respond to new rules and regulations can make or break customer relationships. With the GDPR and CCPA, customers hold all the cards when it comes to their personal information and companies must treat all consent relationships with the respect they deserve if they expect to maintain long-term trust.


FileOM is a data and privacy management consultancy that helps businesses meet compliance with data legislation, including the General Data Protection Regulation (GDPR) and the California Consumer Privacy Act (CCPA). Amit Khanna is CEO and co-founder of FileOM and maintains overall responsibility for business strategy, partnerships, and operations.

Posted in: Expert Advice, Perspectives


Copyright © 2024 by Northstar Travel Media LLC. All Rights Reserved. 301 Route 17 N, Suite 1150, Rutherford, NJ 07070 USA | Telephone: (201) 902-2000