The European Union’s new General Data Protection Regulation (GDPR) going into effect next month mixed with Facebook CEO Mark Zuckerberg’s testimony last week certainly have meeting planners rethinking their own data security plans.
While data can help events organizations create more engagement and personalization, it can also be the downfall of that same organization if used incorrectly and a breach happens. Here are four strategies for planners who need to start thinking more seriously about data security.
Learn the Basics
As technology rapidly evolves, it’s hard to keep up with the times. (Just check out some of the confusion from Congress during Zuckerberg’s testimony.) So, the first thing planners should do is learn the definition of personal data. While that definition varies depending on regulation, the Federal Trade Commission considers any information that can reasonably be used to contact or distinguish a person as personal data. That means an IP address, health records, bank account numbers — aka a lot of info in your event org’s possession if it’s been collecting data for awhile.
Set Standards & Regulate Them
Read up on tech regulations or specific information security management systems to come up with data security standards that best apply to the records your organization possesses. Then, have an IT partner confirm those standards and agree to help you implement them. Once implemented, make sure everyone on staff and any vendors who have access to the information understand and conform to the standards. It can take just one irresponsible move for a breach to happen.
Go Beyond Encryption
So, you have the data and its encrypted (or translated into a random code), but that’s just the first step that needs to be regulated. Make sure you think about how the data is being shared between your events team, the vendors and your technology partners. If that process isn’t also secure, then the encryption could easily lose clout.
Treat Data the Same
Because the definition of personal data is broad, it’s a good rule of thumb to treat data equally. Even the data you collect at a photo booth, say an email address to send the photos back to the attendee, can be misused and hacked, so remember to have the same security standards and regulations in place for all data.