Recent high-profile data breach cases that impacted some of the biggest players in the hospitality world have brought the issue of data security home to the meetings and events industry.
Even if you are extremely diligent in protecting your organization’s data—and thus those of your attendees, sponsors, vendors and others—you’re only as safe as the weakest link in your data chain. Do you know how secure your third-party partners are?
Following are 10 data protection tips that, while never being 100% secure, will at least get you and your organization thinking about the security of your data and that of your partners and clients in a very unsecure time.
[Listen to Our On-Demand Webinar about Data and Cybersecurity: Don’t Fall Victim to a Cyberattack or Data Security Breach!]
1. Master Your Data Universe
Make sure you know what data you hold, where it is and with whom you are sharing it. You should do a data flow map and review and update this on a regular basis. This applies both to B2B and B2C organizations.
2. Risk Assessment Adventure
Make sure you understand where risks could arise, and what level of risk you are prepared to run. Document your decisions around your level of risk appetite.
3. Policies and Procedures Blueprint
Ensure you have all the legally required policies and processes in place and that they are reviewed and updated regularly.
4. Busting Overconfidence Myths
Do not assume that your organization is not likely to attract attention from the regulator or from threat actors who want to “attack” you, or customers who want to know what you are doing with their personal data. All organizations should operate with appropriate data protection and cyber security protocols.
5. Third-Party Supply Chain Shield
Check with all organizations or individuals with whom you interact, share and collect data to ensure that they have the right security protocols in place. This can be done via a “security questionnaire” that you require them to complete.
6. Data Sharing Strategy
Make sure you have a suitable data sharing agreement in place if you are sharing your data with any other organization, such as a sponsor and/or a supplier.
[Related: Risk Management Best Practices: 10 Easy Tips for Meeting and Event Planners]
7. Cross-Border Compliance Navigator
If you are operating in more than one state, and/or more than one country, or have clients, sponsors, suppliers in more than one country or state, make sure you are operating within the appropriate data protection laws.
8. EU/UK representation
If you are operating in the EU and UK, do not have a legal entity there, and have members, customers or clients there, you may need a representative in those regions who acts on your behalf in data privacy matters when dealing with regulators and or customers who are resident there.
9. WISP Compliance Check
The Written Information Security Program is a legally required document in many states. Make sure you have this document that is a publicly available statement demonstrating that you have the correct data protection policies and procedures in place.
10. Comprehensive Data Protection Training
Ensure that all staff (including the board and senior management) are regularly trained and understand their obligation under data protection law that applies to their daily work.
Read Next: Revisiting Risk Management as In-Person Meetings Return
