Event Data Security: The 2018 Guide for Event Marketers

Event data security is one of the biggest event trends for 2018, and rightly so. In this guide event marketers will learn best practices and tips for managing their event data.

In today’s world, information is everywhere. The data revolution has forever changed the way consumers interact with companies and vice versa. And though there’s no denying the benefits of rich datasets, such as improved buying experiences and more targeted marketing campaigns, the cost of all of this accessible data is weighing heavy on businesses who collect it and customers who give it.

Consider how the dangers that come alongside mass data is becoming more prevalent. From the Equifax breach that affected 143 million consumers to the Uber hack that exposed personal data of 57 million users, it seems that no company is completely safe from the perils of mass information theft.

Despite these risks, event marketers and event organizers should not be deterred from embracing data-driven solutions. There are too many benefits that come with such solutions to choose not to engage with the data. This is especially true for the events industry as the space has become more tech savvy and digitally advanced. As an event marketer, staying informed of the latest data security best practices and completing all necessary steps will be enough for you to have peace of mind as you execute each step of your event marketing campaign, including event registrations and event engagement.

Learn more about data security in The Biggest Event Trends of 2018 ebook by clicking the button below.

Why is Event Data Security Important?

What makes the event industry value is simple: the people. The gathering of professionals who are willing to share knowledge through networking and presentations is the main value proposition of live events. And with a high concentration of people comes a high concentration of data.

Thus, all marketers and organizers who execute a live events strategy have a responsibility to properly manage and secure the data their attendees have entrusted them with. Failing to do so not only puts the event brand at risk but more importantly, the livelihood of their event attendees. For this reason, event data security should be considered a top priority for organizers.

This is not to say that data security should come off as overwhelming or beyond the scope of an event marketer’s expertise. On the contrary, data security is much simpler and straightforward than most are led to believe. Once the process is broken down to comprehensible, digestible pieces, setting up the proper defense processes and systems does not only seem doable but empowering. There is no better feeling than having complete confidence in your ability to execute an exceptional event while responsibly managing attendee data.

This blog post will dive into the ways in which an event marketer can best prepare against event data security threats as well as specific laws surrounding data management. From best practices to industry news, this guide strives to cover all you’ll need to know about event data security.

General Data Protection Regulation (GDPR) and Event Marketers

One sign that evinces the increasing significance of consumer data protection is the General Data Protection Regulation that was passed by the European Union Parliament in April 2016. The enforcement of the law will come into full effect on May 25, 2018.

The purpose of this policy is to ensure that all companies handle data through secure and transparent methods. Given the overflow of consumer data over the past few years, the EU understood that information could be handled irresponsibly if the right laws were not put in place. This latest regulation will strive to ensure consumer data safety while still giving companies the ability to benefit from the digital footprints they collect, as long as it is done so responsibly.

A large part of GDPR is its focus on receiving consumer consent. Companies will no longer be allowed to create privacy policies that are filled with legalese and unfamiliar terms, making it difficult to understand the exact contents of the contract. Instead, the law will ensure that companies use simple and plain wording to clearly convey their policies. Additionally, it must be just as easy for consumers to withdraw their consent as it is to give it.

While this regulation was passed by the EU, it is imperative to keep in mind that this applies to all companies who sell to, hire, or engage with EU citizens. In other words, GDPR is relevant to all companies who strive to achieve a global presence, which is essentially all major corporations. And because the business of live events is a global industry, GDPR is especially relevant to event professionals who leverage data in their event strategies.

While the full scope and legal implications of GDPR are beyond the scope of this particular blog post, there are a few basic steps that can be suggested to help you and your team better prepare for a year full of stricter data regulations. For in-depth details, make sure to visit the EU’s official GDPR website.

You can also learn about Bizzabo’s approach to GDPR.

5 Tips on Communicating Data/Privacy Policies

Many would agree that consumers have long been poorly informed in regards to their personal data because corporations have been more eager to leverage this information as opposed to educate consumers. Given the growth of recent data regulation (like GDPR) and consumer tech savviness, it now serves everyone’s best interest to clearly communicate data and privacy policy to the necessary stakeholders.

Being as transparent and as communicative as possible will ensure that your event brand remains strong and that solidifying your reputation as being an event that take the attendees’ interest to heart. Here are a few tips to help with maintaining data transparency and properly receiving consent from attendees.

• Opt-in Process
  Whenever you are in a position that requires information from the attendee, make sure that they are fully aware of the data they are sharing and that they must actively choose to offer their info. Some platforms are designed so that data collecting is the default and that users must actively choose to opt-out if they no longer want to use the service. This oftentimes leaves a bad taste in the user’s mouth as it feels sneakier than it should be. Make sure to make your data collection an opt-in process that requires active engagement on the side of the attendee. This way, both organizer and attendee are fully transparent right from the start.
  

• Understandable Language
  When it comes to legal rhetoric, it becomes very easy for one to get lost in the jargon or simply tune out the confusing language. In order to avoid this sentiment among your attendees and other event stakeholders, take the time to breakdown your basic data policy in a way that can be understood by the average person. Doing so will be much appreciated by attendees and help to establish your event brand as one that places attendees’ well-being as a high priority.
  

• Educate the Attendee Throughout
  If we are specifically talking about event registration platforms and the data collection that happens through this user interface, there will be many opportunities for educate attendees or prospective attendees right within the platform. Whether that be through pop-up windows that give in-depth explanations or info-boxes that appear when hovering over an icon, make your registration process as user-friendly as possible when it comes to educating people on your data policy. The same can be said about event apps. This small investment will pay off in a strengthening of your event brand and reputation.
  

• Overcommunicate Key Components of The Policy
  When it comes to something as valuable as personal data, there is no such thing as being too cautious or communicating too much. When there are key pieces of information that you know your attendees should know, be sure to re-emphasize this on multiple parts of the event website.
  

• Send a Detailed Email Summarizing Your Policy
  According to The Event Success Formula, email is one of the most effectives ways for marketers to communicate with their audiences. Attendees will appreciate if you create a separate email that summarizes, in layman’s terms, your data and privacy policies because they can then refer to this email on separate occasions. Thoroughly explicating the details of the policy and how attendees will be affected are great ways to build trust with your audience and let them know that you have their best interest at heart. This will do wonders for how people perceive your event brand.

Data security will surely be a significant topic to be debated upon not only within the events industry, but in the world at large. Given how the live events industry is by nature a global business, it only makes sense for event professionals to lead the charge in being responsible, accountable, and transparent with how they manage data across all platforms.

Learn more about getting the most out of your event data by downloading the Using Event Data for Good ebook.

8 Data Security Best Practices

The term “data security” can intimidate some people because of the term’s association with unpleasant news on hacking and the overall sentiment that one needs to be a tech whiz to properly secure that data. This should not be given any credibility. In reality, data security is a very intuitive, straightforward, and approachable process. By simply breaking down the process into different sections, an event marketer can easily secure their event data.

Here are 8 data security best practices:

• Regularly Change Your Password – The easiest and most important way to secure your event data is a simple task: regularly change your password. According to Verizon’s 2017 Data Breach Investigations Report, 80% of hacking-related breaches were the result of either stolen or weak/guessable passwords. Thus, it should be of chief importance to you to not only set a strong, unguessable password and to do so regularly, ideally once per quarter. This is by far one of the simplest and most effective solutions to securing your data.
• Educate Your Team  – Ironically enough, the strongest first line of defense for cyber security is people. Make sure that your entire team are properly educated on data security best practices and know the red flags the signal a possible breach. Having a process set up to recognize and communicate a possible breach could make all the difference in saving your event data.
• Encrypt Your Files – To add a layer of protection to your event data and files, make sure to encrypt all sensitive information. The idea of encryption is similar to putting additional locks on your data to make it harder for others to access. Most operating systems (Mac OS, Microsoft Windows) already have encryption capabilities built in so it’s just a matter of activating it within your computer. However, if you’d like to only encrypt certain files as opposed to your entire hard drive, using a tool like 7Zip comes in handy. 7Zip archives your files and then encrypts them, allowing you to send data over the Internet in an encrypted format.
• Backup Data – In the unfortunate case that your data does get compromised and the files are either stolen or corrupted, make sure to always have your data backed up onto a separate hard drive. This will ensure that although you’ve experienced a security breach, you still have your data on a separate location for you to access. Keep in mind that backing up data is as simple as uploading it onto an external hard drive.
• Establish Security Protocol – Just as you would have fire drills to make sure everyone knows what to do in case of an emergency, you should apply the same mindset to data breaches. Even if your team is small, it is still imperative that they know exactly what to do and who to communicate with in case of a real cybersecurity threat. Establish a set protocol and make sure to go over these processes every so often so that members do not forget the details.
• Share Data On a “Need-To-Know” Basis  – Though it is important for your team members to be properly informed on data security protocol, it is equally important to only share data with those who actually need it for their specific role. For example, their would be no need to share attendee registration data with team members who are in charge of catering (besides attendees’ food preferences). By sharing data only on a need-to-know basis, this minimizes the risk of accidental information leaks and ensures a more tightly secured knowledge base.
• Enable Two-Step Authentication – A lot of platforms that contain sensitive information, such as email providers and online bank accounts, offer the option of two-step verification when you sign in. This means that after you enter your password, the platform prompts you to enter another password or code, usually sent to you mobile device. This is a great additional line of defense against possible hackers. A two-step authentication process ensures that a hacker will need more than your password to access your information. So although it may be a tedious process, this will serve your best interest by locking down your data as tightly as possible.
• Set Devices to Lock Quickly – As a final step of securing your data, make sure you set all devices you use to access event data to lock relatively quickly. This will minimize the window of time in which someone can use your device without a password. Especially for devices you use to access your valuable event data, you will want to prevent any possibility from someone easily getting to that information in the case your device is stolen.
  

Data Security Compliance and Certifications

While the aforementioned best practices create the right mindset with which to address data security, you will need certain indicators that prove your event’s ability to secure attendee information. This proof of legitimacy is often described as certifications of compliances.

Below is a list of data security compliances and certifications the following list is by no means exhaustive, these are good starting points for considering the ways in which you’ll want your event to meet certain security standards:

1) PCI Compliance

If your event registration requires the purchasing of tickets, you will want to make sure the online purchasing process meets the PCI DSS, or Payment Card Industry Data Security Standard. As the PCI website describes, “This set of security standards are designed to ensure that all companies that accept, process, store, and transmit credit card information contain the data in a secure environment.”

There are multiple levels of PCI compliance and the levels depend on the number of credit card transactions that are processed per year. Unfortunately, each credit card brand has a different definition for each level. Visa defines their Level 3 as having between 20,000 and 1 million Visa transactions per year. American Express’s Level 3 compliance is defined as having less than 50,000 transactions per year.

For a breakdown of compliance levels by each credit card brand, click on the links below.

• Discover
• MasterCard
• Visa
• American Express
• JCB

In order to become PCI compliant, you will need to first determine your level of compliance. You’ll then need to complete the PCI DSS Self-Assessment Questionnaire to make sure your protocols are aligned with the requirements. You will then need to complete the relevant Attestation of Compliance that validates whether you have complied with all applicable steps. Finally, you will need to submit these two documents to your acquirer bank (bank that processes your credit card transactions) as well as the credit card brands that you plan to accept from attendees.

2) ISO 27001 Certification

Created by the International Organization of Standardization, the ISO 27001 is a specific security standard that refers to a company’s information security management system, or ISMS. An ISMS is the framework of policies and procedures that include all lega, physical, and technical controls involved in the company’s information risk management process. 

The ISO 27001 is the most widely-known security standard among the other ISO requirements. Its main differentiating factor is that this standard includes a very formal procedures surrounding corporate policies and emphasize the importance of “continuous improvement” of the security systems. The ISO 27001 specifies that companies must cover a self-evaluation process which judges and improves the suitability and adequacy of the company’s ISMS as well as its effectiveness.

In order to become ISO 27001 certified, there are two separate audit stages that the company must pass. Stage 1 audit consists of a thorough review of proper security documentation by the certification auditor. Stage 2 is when the auditor checks whether your company’s procedures are aligned with your documentation as well as the ISO 27001.

For more information on the ISO security standards, visit the official International Organization of Standardization website.

You should keep in mind that these certifications will not so much as apply to your specific event as they will to the event stack software you use. Thus, it is very important to make sure that your event stack solution has received these certifications as well any others that may elevate the level of security of your event data.

How Integrations Can Enhance Event Data Security

As an event marketer, keeping data in separate platforms can make for a frustratingly time-consuming process as you would have to manually enter in all information. Integrating your event stack with other key platforms makes for a much more efficient and intuitive process. This also results in deeper insights that otherwise would have been impossible to gather given the fragmented databases. A connected flow of information across platforms allows for a clearer understanding of event analytics and thus the ability to draw in-depth insights that help shape future event strategy.

Because event integrations results in richer and more valuable pieces of data, the desire to protect this data is even stronger than before. Luckily, having an integrated system actually enhances data security by cutting out the manual connections between platforms. This results in a reduced amount of information floating around in systems. Thus, integrations tighten and seal your data pipelines. 

Having an integrated platform also allows you to have much fewer passwords to use compared to storing your information in all different places. As we’ve already discussed, weak or stolen passwords is by far the most common way in which an individual’s personal information is compromised. By having significantly fewer passwords, or maybe even just one password to use, this makes up for the vulnerabilities that come along with having multiple passwords across multiple platforms. 

Wrapping Up: Laying a Secure Foundation

Event data security will only become more important in the coming years. Event marketers and the organizations that they work for will need to work towards increased event data transparency, compliance and security protocols. The earlier your organization lays down the foundation for a sound event data security strategy, the smoother the process will be.