A guide to virtual event security data

Valuable personal information about attendees across physical, virtual and hybrid events are managed by event planners. This highlights the importance of personal data security and information protection measures. And as more and more aspects of events are being automated and managed through tech services and solutions, event managers need to be aware of the risks that come with these tools and what safety precautions can be taken to safeguard themselves and the valuable data they are responsible for.

4 Nov 2020

Photo by Kaitlyn Baker on Unsplash

Mike Lysko, founder and CEO of the Flock Eventing Platform, says: “Event managers are well aware of the safety regulations they must comply with for physical events and with Covid-19 drastically speeding up tech adoption in the industry it is time for event planners to be made aware of the virtual safety protocols that are fast becoming industry standard.”

These safety measures are extremely important, especially since the South African Protection of Personal Information Act (POPI) came into effect on 1 July this year. This leaves companies, big and small, with only a few months left till July 2021 to ensure that they are POPIA compliant.

“Event managers need to be aware that while the POPI act may not specifically apply to other countries almost every country has its own data protection and security policies in place.”

Online events are accessible by attendees around the world, which means as a responsible virtual event manager you need to be aware of at least the basic requirements of data collection policies in each region or you may find yourself in hot water down the line”, Lysko explains.

All about the POPI Act

The POPI act states that businesses who collect personal information may only collect information for specific relevant purposes and are responsible for keeping that information safe, ensuring the information they collect is relevant and up to date.

Below are seven factors to consider when processing information to ensure compliance with the POPI legislation:

Businesses must adhere to the POPI Act of information processing principals.
The processing of personal information must be done responsibly, and the processing procedures need to be reasonable in the eyes of the law.
Personal information may only be collected to perform a specific activity or function of the business involved.
Transparency: The information, the reason for collecting the information as well as the details of the person responsible for collecting the information and whether the collection of the information was voluntary or mandatory needs to be kept on record.
The business is responsible for the protection of the personal information it collects and stores and the integrity of the information under its control.
A person has the right to request access to their data for free and they may request the data be updated or destroyed if incorrect. Additionally, they may ask for the information to be deleted if it is no longer necessary for the business to store it.

Questions to ask yourself if you are collecting personal information

Because of these information processing considerations, it is essential that event managers ask themselves the following questions when hosting an event with online elements, to minimise your risk.

How is the Personal Information of attendees captured, stored and secured?
What happens to the data post-event?
How do you ensure live streams and webinars are kept safe?
How are online payments safe and the card details of attendees kept secure?
Are you using a secure connection, should you consider using a VPN?
Is the registration URL using a secure network (HTTPS) in other words do you have an active and up to date SSL certificate?
Do you have a strong internet connection to ensure no glitches or downtime for security software?
Have you sent attendees cyber safety security tips to ensure they do not share important information to safeguard your event from cyberattacks or data breaches?

“To minimise your risk, whether you are running a virtual event or an event with virtual elements, is to reduce the amount of data attendees’ hand over. Try to keep the collection of personal information to only the absolutely necessary details.

This lowers your risk by reducing the amount of information you are responsible for. Attendees will also be grateful as people have become acutely aware in recent years of the dangers of sharing private information and may frown upon what seems like unnecessary or intrusive questions and personal data collection efforts,” advises Lysko.

Important questions to ask your event tech provider:

The biggest data breaches globally and in South Africa have been as a result of third party systems being compromised. These third parties include business suppliers, vendors or clients who do not institute the relevant cybersecurity measure. As a result, it is imperative that you ask your event tech provider the right questions to protect yourself, your event and your attendees' personal information.

Are the integrations you use with your apps secure?
Do you have a two-factor verification function?
Have you ever had a security issue during an event?
If yes, what was done to prevent this from happening in the future?
What security features does your tech solution or software include?
How will we ensure that the data from attendees is POPI compliant?
What safety measures do you offer to protect content and IP when using your tech product or service?

Cyber and data security is not a new topic, but it is a relatively new area for event managers or those who pre-Covid, had never made use of virtual event elements or run an online event.

As more virtual events and technological elements make their way into the event industry it is essential for event managers to educate themselves about cybersecurity and stay up to date with data protection protocols.

“We may go back to a new kind of normal post-pandemic but event tech, its benefits and risks, is here to stay,” concludes Lysko.