With many business events facing the possibility of protests, corporate espionage and other malfeasance on site, meeting planners know that the need for VIP and other security measures is greater than ever.
However, many procurement and venue-sourcing specialists as well as planners unknowingly expose VIPs, keynote speakers, other high-profile participants—and even the company itself—to security risk when they use AI during the event-planning process.
For instance, a sourcing manager or planner might upload a dense hotel contract into AI looking for clarity on costs and terms written into the fine print, even though most AI models will retain that uploaded data.
In fact, AI’s consumer models are the worst offenders in this, but even the higher-cost AI platforms can leak private company data and personally identifiable information because the data is typically retained for 30 days with enterprise accounts.
Some industries are a few steps ahead of the event-planning field in handling AI data-security risks. Many companies ban the upload of company documents or information to AI altogether. Others contract with firms that offer data lockers and other methods for securing data when a document is used in an AI platform.
Larger companies that use massive numbers of AI tokens or have a specific use-case, such as in the healthcare field, are typically offered “zero data retention” by AI providers as a professional courtesy.
Unfortunately, most event planners and venue-sourcing brokers don’t qualify for this courtesy.
Also, keep in mind that besides the big AI platforms such as ChatGPT, Claude, Google Gemini, Microsoft Copilot and Perplexity AI, many corporate and retail websites use AI chatbots—and those could save whatever data they are fed.
The Right Approach
When it comes to AI data security, then, the method that’s most effective is meticulous redaction by a keen human eye.
The backdoor security risk that event planners take on when they upload hotel contracts to AI is not widely recognized, but is potentially massive. The solution is to never allow AI to see any private data from your hotel contracts. After all, there’s no reason for AI to have the company or participant names, or travel-itinerary information for a specific event, in order to complete the task of finding unusual terms, clause anomalies and other financial risks in the fine print of an event contract.
Zach Rattner of Yembo, a tech company that redacts locations and human faces from insurance videos of residential properties, agreed.
“There's no business value in AI having personally identifiable information. The ‘principle of least privilege’ is a security concept that gives the minimum amount of access to whatever person or entity is doing the work to get a specific task done.
“For instance, if I am a company employee, I don't need administrator rights on my PC,” he added. “So, applying this principle to the AI environment makes sense. If you remove names, phone numbers, email addresses, physical addresses and specific event-cost figures, you won't have to worry whether that data will be leaked by AI.”
When an event professional is staring at a long hotel contract to try and find whether the hotel buried various terms and fees, AI is a lifesaver. The point is to simply be thoughtful about what is actually handed over to AI during that process.
Event planners already do this instinctively every time they guard a rooming list or keep a keynoter's travel plans quiet. It's the same good habit, just directed at a new tool.
