It’s one of the event industry’s biggest weaknesses: a lack of data security policies and procedures as well as how to implement them. Event marketers constantly collect personal information from attendees, but, the truth is, most aren’t up to date on how to use it, when to share it and how to safeguard it. As marketers across the globe prepare for the enforcement of the European Union’s General Data Privacy Regulation (GDPR), it’s time to get up to speed on best practices surrounding data security. Here’s a top line look at what event marketers need to know.
Email is an Easy Target
It sounds like a data security no-brainer, but, top priority is to know exactly what information is included in all event-related email communications. Think about it this way: don’t include any information in an email that you wouldn’t write on the back of a post card. Hackers are proficient at exploiting cyber security vulnerabilities. Personal attendee information is an easy target. For instance, when confirming registration details with attendees never include all of their details in the body of the email. Instead, offer a personalized link directly to your event’s registration page. Encrypting emails is another efficient way to safeguard attendee data, but it can be tedious and time consuming. At the very least, carefully consider content, the amount of personal data and smart, safe data options in event-related email communications.
Don’t Collect What You Don’t Need
As personalization becomes an increasingly effective way to reach attendees, it’s tempting to collect as much information about them as possible. But fact is, more valuable information is a bigger data target—so don’t collect data for data’s sake. Gather only what you need to know about your attendees to deliver a memorable experience and forget the rest. As for the information you do collect, consider adding multiple layers of identification to keep hackers from simulating users. To that end, avoid using sensitive data like social security numbers. Opt instead for login IDs and passwords.
Give Attendees a Choice
It’s absolutely critical to make attendees aware when their personal data is shared as well as the kinds of data that are shared, particularly under GDPR. When collecting attendee data, ensure they actively choose to share. Many organizations require attendees to opt out of a program if they aren’t willing to share, but, that’s somewhat deceptive. Instead, implement an opt in process that requires attendees to definitively choose to engage with your brand—then everybody wins!
Ensure All Parties are Compliant
It takes a village to pull off a well-executed event. Just because your team understands and implements data security measures doesn’t necessarily mean your partners do. It’s imperative to push regulations down your event’s chain of command.
Scott Sheppard, CTO of MoZeus, puts it this way, “There are too many players that are part of the conversation, from the brand to the agency to the technology company. We run into so many brands that have some sort of data governance or information security management system, but those properties aren’t enforced by the agency, so the agencies aren’t forcing that onto the technology providers.”
Here’s the bottom line: compared to professionals in other industries, event marketers are well behind in understanding and adhering to data security regulations. And as marketers know all too well, it only takes one mistake to shatter a company’s reputation (look no further than the Facebook/Cambridge Analytica scandal for proof). Data security is not the sexiest topic, but it can no longer be ignored. So, educate your staff and motivate industry colleagues to step up their game!
Check out events designed and produced by Sparks.