With many business events facing the possibility of protests, corporate espionage and other malfeasance on site, meeting planners know that the need for VIP and other security measures is greater than ever.
However, many procurement and venue-sourcing specialists as well as planners unknowingly expose VIPs, keynote speakers, other high-profile participants—and even the company itself—to security risk when they use AI during the event-planning process.
For instance, a sourcing manager or planner might upload a dense hotel contract into AI looking for clarity on costs and terms written into the fine print, even though most AI models will retain that uploaded data.
In fact, AI’s consumer models are the worst offenders in this, but even the higher-cost AI platforms can leak private company data and personally identifiable information (PII) because the data is typically retained for 30 days with enterprise accounts.
Some industries are a few steps ahead of the event-planning field in handling AI data-security risks. Many companies ban the upload of company documents or information to AI altogether. Others contract with firms that offer data lockers and other methods for securing data when a document is used in an AI platform.
Large companies often have the financial resources to place a customized AI model on their own servers to run internal documents. Alternatively, they use massive numbers of AI tokens or have a specific use-case, such as in the healthcare field, which are typically granted a “zero data retention” allowance by AI providers as a professional courtesy.
Unfortunately, most companies, event planners and venue-sourcing brokers don’t qualify for this courtesy.
Also, keep in mind that beyond the big AI platforms (ChatGPT, Claude, Google Gemini, Microsoft Copilot, Perplexity AI, etc.), there are many event-supplier websites that use AI chatbots—and those chatbots surely could save whatever data they are fed.
One Possible Approach
When it comes to data security while using AI, then, the method that’s quickest and most effective is for a planner to scrub all PII from contracts and other documents that will be run through an AI platform, followed by using a secure, AI-guided redaction program such as Justee or EventNation to ensure there were no oversights across all those documents. Justee is specifically a PII-detection platform; EventNation does this but also conducts the analysis of event-contract clauses, terms and fees to find any anomalies that planners should address with the supplier.
The backdoor security risk that event planners take on when they upload hotel contracts to AI is not recognized widely enough. In short, there’s no reason for AI to have the company or participant names, contact information or travel-itinerary information in order to complete the task of finding unusual terms, clause anomalies and other financial risks in the fine print of an event contract.
Zach Rattner of Yembo, a tech company that redacts locations and human faces from insurance videos of residential properties, offered the following perspective:
“The ‘principle of least privilege’ is a security concept that gives the minimum amount of access to whatever person or entity is doing the work to get a specific task done.
“For instance, if I am a company employee, I don't need administrator rights on my PC,” he added. “So, applying this same principle to AI tools makes sense. If you remove names, phone numbers, email addresses and physical addresses, you won't have to worry whether that data will be leaked by AI.”
When an event professional is staring at a long hotel contract to try and find whether the hotel buried various terms and fees, AI is a lifesaver. The point is to simply be thoughtful about what is actually handed over to AI during that process.
Event planners already do this instinctively every time they guard a rooming list or keep a keynoter speaker's travel plans quiet. It's the same good habit, just directed at a new tool.
