When you enlist the help of a third party to manage your event marketing programs, you entrust with them not only the execution of the program and its engagements, but additionally the sensitive information of your customers and event attendees. One item that should always make the top of your checklist when planning for the activation is data security. Your customers trust your brand; that’s why they keep coming back. But with that trust comes the responsibility to ensure that your data collection partner is safely collecting, storing and utilizing users’ information. According to Eventsforce, in 2016 over 80% of event planners had data security as a top priority but only 40% were actually confident in their policies. On top of that, 33% admitted to sharing the password to their event management system with multiple people and only 20% of organizations changed their password more than once throughout the entire year. Quite an alarming reality, really. Make sure you are going through the necessary precautions in order to protect your sensitive data.
So how can you ensure your partner is complying with standards, auditing regularly, monitoring for irregular activity? Start by discussing their current security policies. Here are a few questions that can begin this discussion and hopefully open the door to more secure data collection:
- Does your company have a designated Privacy Official?
- What recognized security industry framework(s) are your written security policies, standards, and technical controls based on?
- What encryption technologies/standards are your systems compliant with for data transmission and for data storage?
- Does an industry-recognized, third-party assessor conduct your authenticated web application penetration tests?
- Does your company use a hosted Data Center service provider?
If you begin asking some of these questions but your data collection partner is either unsure or unaware of any of these crucial topics, this should raise a huge red flag. DO NOT, I repeat, DO NOT hand your customers’ personal data to an organization if they cannot verify that they are taking the steps for safer and more secure data collection and storage. Now, if you find that your current data collection partner has passed with flying colors after quizzing them on their policies, then you have little to worry about! There are, however, a few simple steps you can take in the future to mitigate additional security risks when activating at an event.
If you wish to also engage in preventative measures from a programmatic standpoint, feel free to incorporate some of the steps laid out for you below:
- Only ask for what you need: Sometimes it’s nice when you can collect fun tidbits that are nice to know about attendees but aim to get this information during post-event surveys. Reserve the activation for information you truly need.
- Integrate your platforms: The less places you need to store the data, the less susceptible it is to data breaches so if possible, integrate your registration platform with one you are already using!
- Be smart with your venue selection: Venues are equally as susceptible to data breaches so choose wisely when selecting a location for your activation.