Devin Cleary is the VP of Global Events at Bizzabo, the world's fastest-growing event technology platform for hybrid, virtual and in-person events. Devin is a passionate, results-driven event producer and marketing executive with experience leading the creation and active management of diverse experiential marketing programs for B2B, nonprofit and consumer markets. Devin was recognized as one of Connect Association’s “40 under 40” leaders in 2021. He was also featured in Event Marketer's 2017 "B2B Dream Team" and BostInno's "50 on Fire."
Understanding Data Compliance in the Events Industry
We create 2.5 quintillion bytes of data globally—every single day. In this digital age, data is currency, with stored data growing five times faster than the world economy. As information changes hands faster than ever, event organizers must prioritize data security and legal compliance.
Virtual and hybrid events became a mainstay in 2020. A key ingredient contributing to their growth? The vast amounts of available data. However, data security remains all about trust. Those attending a hybrid or virtual event expect their information will be protected. A data breach leaking sensitive data via malware, social engineering, criminal hacking or human error destroys trust, betrays partnerships and seriously damages reputations.
As the digital world continues evolving, event organizers will need to balance the benefits and risks of managing event data by keeping data security and legal compliance top of mind.
Data Security: A Necessary Priority in the Events Industry
We fully expect to see in-person-only events, but virtual and hybrid events are here to stay. They’ll keep generating data that will remain the most valuable commodity for event organizers. They rely on data to refine communications strategies, tweak session topics and even help teams follow an attendee’s participation. The data most relevant to event planners include:
● Identity or personal data, like demographic and contact information
● Behavioral or usage data, often site-specific and including how many sessions a participant attends, which broadcasts they watch and for how long
Virtual or hybrid events give people more flexibility to choose how—and when—they participate. But by logging in asynchronously and attending these events virtually, participants leave a more traceable presence. Faced with an ever-growing volume of data, event planners must treat it with meticulous care and confidentiality. Fortunately, they have help, with countries around the world enforcing regulations and laws designed to tighten security and protect sensitive information.
Global Data Privacy Laws
Many countries continue to reinforce their own security laws. Understanding these laws and ensuring compliance has become a critical part of event planning.
One important framework governing data privacy laws within the EU is the General Data Protection Regulation (GDPR). This centralized policy provides guidelines for safe, ethical data handling and guides planners to keep their data compliant and secure. The GDPR controls the use and storage of EU citizens’ and residents’ personal data by businesses, governments and organizations.
The GDPR requires people to actively opt-in and grant permission for the collection and use of their personal data. People can request a business to anonymize or delete personally identifiable information.
Whether they’re executing a virtual, hybrid or in-person event, organizers must seek permission to collect data from attendees and explain how they will use the data and with whom—if anyone—they will share it.
U.S. Data Privacy Laws
The U.S. lacks a cohesive, overarching federal data privacy law governing data use across all 50 states. Virginia (VCDPA), Colorado (CPA) and California (CCPA) have enacted comprehensive consumer privacy laws. While laws in Colorado and Virginia borrow definitions and terms from the GDPR, the CCPA offers the best comparison to GDPR. It defines personal information broadly as “information that identifies, relates to, describes, is capable of being associated with, or could reasonably be linked, directly or indirectly, with a particular consumer or household.”
While the CCPA doesn’t offer the GDPR’s opt-in requirement, it does require companies to add a privacy notice on electronic forms requiring data input. Like the GDPR, the CCPA also:
● Prevents businesses from selling personal data to third parties without giving consumers the ability to opt-out first
● Grants citizens the right to know about personal data a business may collect, use or share and allows them to access, delete or opt-out of data processing
Find a Privacy-Conscious, Security-Aware Event Platform
Events empower companies to gather and generate measurable data used to target customers, cultivate relationships, build brand recognition and more. Event planners and marketing teams must take steps to comply with data privacy laws and regulations, but they don’t have to do it alone.
Choosing an event management platform equally obsessed with protecting sensitive data offers a solid layer of protection. In addition to ensuring event managers meet all legal requirements, a good event management partner also:
● Uses third parties to ensure regulatory compliance and assess procedures
● Monitors and addresses potential security risks with a dedicated support team
● Stays abreast of all regulations and laws, including national and international security standards
Well-designed event management platforms use a variety of encryption technologies to protect data collected during an event, such as two-factor authentication/single sign-on to create safe gateways for information and attendees.
Above all, creating a secure foundation to maintain data and legal compliance in the events industry shows attendees you value their privacy—priceless in today’s hybrid world.