Recent high-profile data breaches including 100 million Sony Games users’ data being hacked and a pre-school fined for posting parent information publicly has highlighted the risk of inadequate data protection.
Customer data is precious, employee data too, yet how much rigour are brands applying to its protection? True event experts consider the risk of selecting certain destinations, carrying out health and safety and environmental assessments and compiling contingency plans, but are they missing the obvious?
Later this year, updated data protection laws will incorporate stricter guidelines on the provision of data through a supply chain. This will cover the severity of the breach, taking into account the impact on the life of the person whose data was not protected. The Data Protection Act
covers everything, from protection of data in systems, to the passing of information between suppliers, such as an agency to a hotel property. This also includes the simple mistake of leaving details on a registration desk.
With a penalty for negligence of £500,000 – a sum that the Information Commissioner can apply at his discretion to each party involved – can anyone afford not to be responsible?
Some sectors are better than others at prioritising data protection, but work needs to be done by all in the events space. Security of data is only as strong as the weakest link.
Clients should look hard into whether their supplier is independently audited and holds a Privacy Assurance Certificate. RFIs should request disclosure about how the supplier has invested in the protection of data (systems, process, training and so on) and how they manage supply chain data provision in the light of updated legislation. Where delegate payment is undertaken, only agencies with PCIDSS (Payment Card Industry Data Security Standards) compliance should be considered suitable partners, unless you want to be wide open to large fines. I know I don’t.
☛ Warren Hillier is director, commercial, risk and measurement at Grass Roots