Gigya conducted a survey on 4,000 individuals from both the US and the UK and found that 68% of individuals do not trust brands with their personal information. Today organizations can combat this statistics by providing transparent communication on how data is being stored and used.
Collecting useful marketing information at a live event can not only be a way to track return on investment but can also be a way to attract and retain audiences for future events. Tracking live data like que times and time spent at a certain location can be key for event planners when it comes to improving and planning an event. The use of Beacons, bluetooth technology, Radio Frequency Identification (RFID), and other technologies can even work to enhance events in real time. While all of this information can be very beneficial, as data breaches begin to occur more often, avoiding a public relations nightmare that a security failure that can cause is critical. Whether you are a live event producer, a marketer, a brand, an executive, or an attendee, data security should be a high priority for you.
Why is This Important?
Be it a sporting event or a concert, no live event would be successful without it’s attendees. No brand activation would be worthwhile without consumers participating. No matter what, people are needed for the live events industry to thrive. Therefore, the protection of a personal data is important in order to build trust amongst an audience. Live event organizers must be trustworthy stewards of private information so that their attendees will have confidence in them in the future.
Furthermore, since the data that is being collected can be extremely helpful (read more on how to leverage data and analytics for your live events), it’s important to safeguard it so that useful data can continue to be gathered. Most of the data collected can even keep its inputs anonymous to generate things like heat maps and bathroom line queue times. However, if an organization is not a trustworthy steward of information, they can come across obstacles when trying to collect even the simplest of data in the future. As more legislation gets put into place around the globe, everyone must be mindful of maintaining adequate data security and privacy policies.
European Union’s New Laws
On May 25th, 2018 new legislation will go into place in the European Union (EU) that will affect all of its citizens information. The General Data Protection Regulation (GDPR) aims to unite its privacy policies in regards to collecting information under one policy rather than twenty-eight different ones. It also updates legislation to reflect today’s current digital era. Since it is a regulation, not a directive it is immediately enforceable and can have fines of up to twenty million euros for those found not in compliance. The main impact that this will have is that no matter where your company is based, if you are collecting the email addresses of those who reside in the EU then you have to comply with the new regulation.
The two major changes that the GDPR presents to event organizers is around data collection and storage security. Now a greater and more transparent consent must be obtained in order to email those who subscribe. “Active” consent must be granted by each person, meaning they understand they are being added to a mailing list and agreeing to being contacted on a regular basis. Existing email lists can only be validated by reaffirming an individuals consent, which means lists with either need to be scrubbed of all EU citizens or an organization must take the time to reach out to individuals.
The other major change this will bring about will be in regards to data storage security. No longer will a simple excel spreadsheet be allowed to collect information. This means event organizers will either need to ensure that their own systems and any third party platforms are GDPR compliant. Maintaining information in a secure manner not only involves that of attendees but also that of any suppliers, employees, or any other individuals. The main focus of the GDPR is to protect the information and rights of individuals over companies. Not only must the data be secure but the individual retains the right to access and the right to be forgotten. This means at any time a person can request what type of data an organization has, how it is being stored, and what it is being used for. They can also request that all their personal data is deleted and stopped being shared with third parties.
Important steps to take before the legislation goes into place involves first looking through your email lists to see how much this will affect your organizations. It may be easier to simply scrub your systems of any information from EU citizens. This way you do not need to go about updating your systems; however, this also means you cannot collect data from these individuals in the future. If you choose to reach out to individuals to reaffirm proper consent then you also need to make sure that your systems meet the new security standards. This will also allow you to more freely collect data in the future once you ensure that you and any third party vendors you use are compliant. One advantage of reaching out to reaffirm consent is that you can help clean your list of those who aren’t engaged. For those you get to maintain on your list because they responded and want to be in active communication with your organization are who you want to be focusing on anyways.
While the new EU legislation may seem like it presents a lot of extra work, becoming GDPR compliant may actually make it easier in the future for organizations as it lessens the likelihood of data breaches. This can also force an organization to switch to more automated systems and require them to more transparent with their audience. Ensuring that internal systems and those of technology partners have high standards for data security and privacy protection will be of high importance for event organizers across both the sport and entertainment industries.
Communicating that you value privacy and security is only meaningful if you also have the systems and processes in place to backup that policy. Maintaining a robust system starts at the beginning. Having a simple registration process not only makes it easier for the user to input information but it also makes implementing secure systems smoother. The key is to find a happy medium where there are not too many hoops for a person to jump through but enough so that their data is secure. One piece of advice that Eventbrite suggests is to avoid using CAPTCHA fields as it is an indicator that a process is not secure. They also suggest to not only utilize these measures with registrations but also when it comes to online purchasing platforms as well as 12% of consumers drop off at checkout due to doubts about payment security. Once data is collected it is important to have internal policies that govern how the data is managed. The information can be managed completely internally or the use of a third party platform may be beneficial.
According to Accenture’s latest State of cyber resilience study, the number of cyber attacks doubled last year. Which means an organization database is at risk more than ever. Choosing a technology provider that meets security and privacy standards needed to protect your attendees information is critical. While the EU has some of the most stringent standards, other jurisdictions also have different consumer privacy requirements. In the US there is no singular regulator, but given the recent updates across the pond and major data breaches that face the States, it would not be surprising if new legislation came about within the next year. That is why it is important to choose a technology partner that prioritizes data security. Limiting the number of technology providers you use is another way to help reduce your risk. Make sure that anyone of your platforms that sync with any third-parties only work with vetted partners.
When choosing a partner there are some important questions you should ask. Per Social Tables, here are a few key ones:
- –Do you own my data? If so, what will you use it for? (Try to avoid this)
- –Is data encrypted and how is your data protected at rest and in transit?
- –How do you restrict access to the data? What is the authentication and authorization concept?
- –Who in your organization has access to our event data and how is access controlled and revoked?
As Artificial Intelligence (AI) becomes more popular in the live event space, finding a balance between privacy and “deep learning” will need to be struck. The advantage that AI presents is that it can analyze data in new ways by adding a reasoning component. It can help to anticipate what logistical changes are needed in real time by being able to judge data in ways that previous technology could not. These systems can provide creative and innovative analysis but also makes that data more vulnerable as it is being used on another platform. Ensuring user anonymity and data protection will be key with this emerging technology.
Placing an emphasis on data privacy and security will be something that we will see continue for the next few years. As legislation changes to keep up with emerging technologies and digital trends, more of an emphasis will be put on event organizers and data collectors to protect their fans information. The EU’s new GDPR will bring about new changes when it goes into effect this May. The new requirements can serve as a blueprint for event producers to update their information collection systems. Now users must actively opt-in, giving collectors a chance to get a more engaged email list. This also requires them to openly communicate with attendees exactly how their information will be used. Organizations must no only ensure that the data is protected on internal systems but they must vet any third party technology partners to ensure that they are complying the highest standards. Overall, event organizers must become trustworthy stewards of data security and privacy.