The 2018 IATA Global Passenger Survey (GPS) reveals that passengers are significantly less willing to share personal data in exchange for personalized services.

The study, based on more than 10,000 passenger responses, was published during its recent Global Airport and Passenger Symposium (GAPS) in Athens.

Only 65% of participants surveyed said they were comfortable sharing additional personal information (such as the address of their destination, their purpose of travel, or a picture) to simplify their journey through the airport, compared to 70% of respondents last year.

The results follow a number of high-profile data breaches in the travel sector and beyond. There was also the public backlash following the manipulation of user data by Cambridge Analytica which  helped spread disinformation on Facebook.

Trust is not likely to recuperate quickly. At the end of September, Facebook announced a data breach compromising the personal information of 50 million users, including Mark Zuckerberg and Sheryl Sandberg. This week Google announced that it would shut down its Google+ social media platform after failing to disclose a data breach on its API that may have exposed 500,000 users.

These events, when occurring in a cascade of news as they have been of late, can shake consumer confidence in how well companies gather and store their data.

A drop of five percentage points in consumer confidence when it comes to how airlines and airports  manage their information is notable, but it doesn’t take away from the fact that the majority of respondents still wanted to benefit from personalization.

Other results from the GPS survey suggest that consumers want the benefits of personalized services even if they are uncertain about data sharing.

For example, GPS respondents said that they do want to be notified of flight status (82%) and the status of their bags (49%) as well as the wait time at security/border control (46%). As many as a quarter of all respondents said they would like to have offers related to their destination and 19% said they would want airlines to make them offers for services that they could purchase during their trip. An increasing number of passengers said that they prefer to receive notifications via the airline app.

Consumers also said they would want personal services to manage disruption that include automatic flight re-booking and re-issuance of boarding passes (46%).

Furthermore, 51% of survey respondents said they would like to have their bag delivered directly to their final destination rather than collect it at baggage claim, if they could track the bag throughout the journey.

This is not the first time that we have seen a disconnect between passengers wanting the benefits of data-enabled personalization without having to share the data. A survey of over 2,000 British travelers, conducted by YouGov for Pegasystems, revealed that 73% of consumers would not be willing to give airlines more personal data for personalized services, while 43% wanted airlines to remember their personal interests and preferences when they travel.

One can conclude that least 16% of British travelers don’t have any idea how any of this works. But they are probably not alone.

The attraction of digital interfaces is that they are simple and quickly become habit forming. Consumers may embrace these platforms and only really think about the data implications when the headlines remind them. It’s a similar dynamic with the illusion of anonymity online that some exploit, others take for granted and none possess. For companies, this data disconnect may prove problematic.

If the testimony of Mark Zuckerberg before the US Senate this April showed us anything, it is that lawmakers may also be clueless about the workings of the digital realm. But that won’t stop them from making laws.

The best companies can do is to have sound security practices in place to protect consumer data, and to own up right away when something goes wrong. British Airways did so recently, for example, taking a PR hit for its data breach but also reaching out to customers immediately to make amends.

Heathrow recently learned the costs of lax security practices. In its case, a £120,000 fine from the Information Commissioner’s Office for the incident of a lost USB containng sensitive data which was found by a member of the public. Perhaps the most damning finding from the ICO in this case wasn’t the loss of the USB itself, but rather the lack of sound security training.

Steve Eckersley, ICO director of investigations, told the BBC: “Data protection should have been high on Heathrow’s agenda. But our investigation found a catalogue of shortcomings in corporate standards, training and vision that indicated otherwise.”

The ICO found that only 2% of the airport’s 6,500 employees have had any training on data protection.

One might expect that this training would not apply to some airport functions, but a much larger share than that 2% of airport employees handle passenger information in one form or another, from personal identification to travel records to payment data. The world’s second busiest airport in terms of international passengers should be embarassed that it has has such a lax attitude to training its staff about data protection.