In the rush to secure a good deal, travellers sometimes overlook the importance of protecting their personal information, says the writers.
Image: Meta AI
WITH the upcoming Easter break and school holidays approaching, many travellers are already securing flights, accommodation, and tour experiences. Online bookings tend to surge during this period as families and holidaymakers rush to confirm their plans before popular destinations fill up. While the convenience of online reservations has transformed how people travel, cybersecurity experts warn that the busy booking season is also when online scams and data breaches tend to increase.
In the rush to secure a good deal, travellers sometimes overlook the importance of protecting their personal information. Protection of personal information is not only a matter of personal responsibility but also a legal right. In South Africa, the Protection of Personal Information Act 4 of 2013 (Popia) provides a framework for how personal information must be collected, stored, and used, placing obligations on organisations to ensure that customer information is handled securely.
Personal information (PI) is any data that identifies you or can be used to contact or recognise you. This includes your name, email address, phone number, ID or passport details, payment information, and even travel preferences. In the context of online bookings, protecting your PI means being careful about what you share, who you share it with, and how it is stored, because once it’s out there, it can be misused if not properly safeguarded.
Booking a holiday should be exciting, not a gateway for identity theft! One of the safest ways to reduce risk is to book through reputable travel platforms or directly with established travel providers. Well-known booking platforms such as Booking.com, Expedia, and accommodation marketplaces like Airbnb generally have stronger security systems and encrypted payment gateways.
Travellers should also check the website address carefully. Secure sites usually begin with “https” and display a small padlock icon in the browser bar, indicating that information sent through the site is encrypted. If possible, type the website address directly into your browser instead of clicking on links from emails or ads, alternatively download verified apps for the above booking sites to add an extra layer of protection.
Be cautious of unbelievable deals. During peak booking periods, especially before holiday breaks, fraudulent websites often promote deals that appear too good to be true. A beachfront resort advertised at a fraction of its normal price might seem like the perfect last-minute bargain, but it could also be a trap designed to collect personal and financial information. Before confirming a booking, travellers should search for independent reviews, verify the accommodation on official tourism platforms, and check whether the business has a credible digital presence.
Share only what is necessary. Many booking platforms require basic information such as a name, email address, and payment details. However, travellers should be cautious if a site requests excessive personal data. Sensitive documents such as passport scans or identity numbers should only be shared through verified channels and often it is safer to provide these details directly to the hotel or tour operator upon arrival rather than online.
From a legal perspective, organisations are required to obtain consent to collect information that is necessary, relevant and for a specific purpose. If a platform requests unnecessary personal details, this may raise concerns about compliance with the Popia, and travellers are entitled to question how and why their data is being processed. Travellers should also remember that they are not powerless when it comes to their personal information. They can ask service providers how their data is stored, used, and protected, as well as how long it will be retained. A legitimate business should be able to provide clear and transparent answers, and hesitation or vague responses may be a warning sign.
Avoid booking over public Wi-Fi. Holidaymakers often make travel arrangements from airports, cafés, or hotels using public Wi-Fi networks. Unfortunately, these networks can be vulnerable to cyberattacks where hackers intercept transmitted data. Whenever possible, travellers should use mobile data, a secure private network, or a virtual private network (VPN) when making online bookings or payments. Turn off automatic Wi-Fi connections on your phone so you don’t unknowingly connect to unsafe networks.
Strengthen account security. Another simple but effective safeguard is the use of strong, unique passwords for travel accounts. Reusing passwords across multiple platforms increases the risk of several accounts being compromised if one site experiences a data breach. Many travel platforms now offer two-factor authentication, where users must confirm their login through a code sent to their phone or email. Enabling this extra step significantly improves security.
Watch out for suspicious messages. After booking a trip, travellers should monitor their confirmation emails carefully. Scammers sometimes impersonate hotels or travel providers and send convincing messages asking guests to “reconfirm” their payment details. If a message seems unusual, it is always best to contact the accommodation provider directly using the official contact details listed on their website rather than responding to the email. These types of scams often involve the unlawful processing of personal information. Under the POPIA, individuals have the right to protection against such misuse and may report breaches where their personal data has been compromised.
A smart traveller is a safe traveller. As families and holidaymakers prepare for the busy Easter and school holiday travel period, digital awareness is becoming just as important as packing passports and travel insurance. Taking a few moments to verify a website, secure a booking account, and protect personal information can make the difference between a relaxing holiday and a costly online scam.In today’s digital travel landscape, booking smart is simply part of travelling smart.
Mishka Singh: Law Academic Programme Leader - MANCOSA and Shireen Eraman: Tourism Academic Programme Leader - MANCOSA.
** The views expressed do not necessarily reflect the views of IOL or Independent Media.