NBTA Updates Procedures After Revealing Some Members' Web Site Passwords

The National Business Travel Association is altering certain communication procedures after accidentally sending to 52 members an email containing renewal notices for more than 100 members, including their user ID numbers and passwords for NBTA's Web site.
Wednesday's miscue, which the organization blamed on human error, was remedied within an hour, according to a spokeswoman. NBTA sent new emails including only information related to the recipient with passwords that--like the originals--are constructed using the members' first and last names.
"NBTA takes member privacy very seriously, and our privacy and security policies are continually under review and enhanced," according to a statement. After the mistaken email went out, "all information was reset and involved parties were notified. No privacy breach of the system occurred, and no personal information or data was compromised. A new policy is being implemented to ensure that this kind of human error does not happen again, and we regret any inconvenience this may have caused."
NBTA's Web site does not reveal credit card details or other information that is any more personal that what's already in the Member Directory, which is available to all members.
Two members contacted by The Beat were perturbed by the misstep. "There's so much concern out there about [data] security, for some this will be a true negative," said one travel manager. "I still don't pay my bills online."
"It's a problem and a shame," said Corporate Solutions Group Partner Robert Langsfeld. "Is it credit cards or PNRs? No. But this isn't information that should be out there. I shouldn't know these passwords."