5 Most Common Event Management Mistakes Which Could Compromise Your Privacy

Only 3% of cyber crimes are due to technical flaws and weak security. Then what are the causes for the other 97% of cyber crimes? According to Medium, employee errors are responsible for the majority of security and privacy breaches. All it takes is one unknowing employee to click on a malicious link, or to leave an unlocked laptop unattended, for an organisation’s personal data records to be leaked. In the events industry, while we collect a lot of personal data, we have also spotted many experienced companies with negligent practices throughout the course of our business.

Here are the top mistakes made by event management companies

#1 ‘Find your own names’

It can be really chaotic during event registrations, especially when there are so many people streaming in all at once. Searching for names from a huge pile of name badges is like searching for a needle in a haystack and you may be tempted to take what seems to be the easiest way out: Pre-printing name badges with personal information on it and displaying it on the table for all to see. Although having more pairs of eyes searching may help you save time, you may receive complaints regarding potential personal data breach as you are revealing your guests’ data for everyone else to see.

Related image
Revealing all personal data to your guests: A potential personal data breach!

What can I do then? Either hide these name badges behind the counter where only your event staff can see, or use a smart QR check-in and onsite badge printing service where you can print name badges instantly in under 2 seconds after the guest registers with a QR code.

Image result for eventnook badge printing
Mobile QR Check-In Kiosk with Instant Onsite Badge Printing

#2 Not disabling ‘ Auto-Fill ‘ function

This is a common mistake when you need your guests to key in their personal data on digital devices on the spot, for walk-in registrations or lucky draws. When your device’s auto-fill is enabled, just keying in an alphabet or a number could reveal a whole list of related personal data of previous registrants. Don’t put yourself at risk of personal data breach, remember to disable ‘Auto-Fill’.

#3 Using sign-in books

Even if you don’t use digital devices to register your guests, you still have a high chance committing a privacy breach if you use sign-in books. Imagine if you are holding a recruitment event and you have your potential candidates register in the sign-in book. A potential candidate could glance through the names who could be vying for the same role and could find ways to undermine the other candidates when speaking to the potential hiring managers.

You could either have your event crew register your guests themselves after verifying their identity by requesting for their business cards or last 3 digits of NRIC number.

Related image

#4 Forgetting to log out

At EventNook, many event organisers rent our iPads for registrations and use our event management software to track their ticket sales and attendees. However, after the event, we noticed that many would forget to log out of our application on the iPads. This could be a problem if we passed on the iPads to the next event manager, as they could access the previous records and sensitive data.

Hence as part of our best practice, the EventNook team will always ensure that these personal data would not be accidentally passed on to others as we will always do a check to ensure all accounts are logged-out, before handing the device over.

#5 Event part-timers’/volunteers’ error

No matter how careful you are with personal data, you must ensure that your event helpers are as cautious as you are. Many event managers are aware of such privacy risks, yet they forget to thoroughly brief the rest of the team about the do’s and don’ts when handling personal data.

If you have an event coming up, as a manager, it is your responsibility to look for a reliable vendor who will protect your attendees’ data. At EventNook, we respect the privacy of all individuals and strive to provide the ease of mind to all our customers when handling personal data. If you have any concerns regarding data protection for your events, or if you simply want to know more about our privacy policy, please email: hello@eventnook.com

Are Your Customers Questioning Your Business’ Data Protection Practices? Here’s How You Can Gain Their Trust.

Image result for privacy customer

In our previous post, we shared how individuals can take responsibility in ensuring their personal data stays protected. Now that many individuals are educated, they are more aware of how to make informed choices when choosing an organisation to safe keep their personal data.  How then, as a business that collects personal data for processing, assure your customers that their personal data are in safe hands? 

First and foremost, your customers will only trust you if you practice what you preach. Here are some rules-of-thumb you should adhere to:

#1 obtain consent

Firstly, you have to obtain either verbal, written, or even deemed consent for any personal data to be collected.

What constitutes as consent would include: Voluntary provision or cases where it is reasonable to voluntarily provide the data. Your customers also have a right to withdraw your consent at any time. One example would be the Do Not Call (DNC) registry where individuals can opt out of receiving unsolicited marketing messages and calls. Should your business be involved in telemarketing, you should ensure that numbers subscribed to the Do Not Call (DNC) Registry should not be contacted for marketing purposes. Each offence would incur a fine of up to $10,000 or face imprisonment. B2B marketing calls or messages sent to other organisations do not fall under the purview of the DNC Registry. 

How do businesses check what numbers are registered on the DNC registry?

  1. Create an account at a one-time fee of $30 ($60 for overseas companies) to gain access to the DNC system
  2. You can enter up to 10 phone numbers manually at one time. Results of the search are displayed immediately
  3. To check >10 numbers at one time by uploading a CSV file containing a list of all 8-digit Singapore telephone numbers. The results will be available for download after 24 hours
  4. All results are valid for 30 days.

#2 Inform your purpose

Once you have obtained consent, the personal data collected can only be processed in an appropriate manner and for a reasonable purpose. You must ensure that your customers are informed of the purpose for which the personal data is being collected.

Every time you need to collect personal data from individuals, be it online or offline, try to have its purpose written down clearly (See image below).

Sample Consent Clause for Membership Application Inform purpose

#3 allow access

Individuals have the right to request we provide access to and make corrections to their personal data. There are some exceptions, such as cases in which providing access would cause immediate harm to the safety, or physical or mental heath, of the individual; threaten the safety, or physical or mental health, of another individual; or reveal another individual’s personal data.

#4 update data regularly

We must make a reasonable effort to ensure that all personal data collected is accurate and complete. Allow your customers to correct their data and prompt them update regularly. It is likely that the personal data will be used to make a decision that affects the individual to whom it relates, or is likely to be disclosed to another organisation.

#5 protection of data

You must protect personal data in your possession or control by making reasonable security arrangements to prevent unauthorised access, collection, use, disclosure, copying, modification, disposal or similar activity. If your business wants to store personal data in the cloud, you should take appropriate steps to ensure that the transfer of data to the cloud complies with the PDPA’s data protection laws.

Most of the privacy breaches occur because of human error. Simply leaving your laptop unattended or forgetting to shred personal information before disposal could lead to personal data leaks. Ensure that your employees are aware and trained of how to collect, process, store and dispose of personal data to minimise such mistakes.

Delegate the task, not the responsibility.

If you engage 3rd parties and need to pass on your customer’s personal data to these vendors, it is your due diligence to do extensive research to see if the company is reliable. Read the security and privacy policies of the companies that you are giving your customers’ data to. You are still partially liable if there is any privacy breach on the 3rd party side.

#6 purge what you don’t need

You must cease retaining documents containing personal data, or anonymise that data, as soon as it is no longer needed for the purpose for which it was collected, or for other legal or business purposes. If your customers request for their data to be deleted, you should comply. If your business maintains physical or electronic records of personal data, these records have to be disposed appropriately, as stipulated in the PDPA.

#7 keep within bounds

You should not transfer personal data outside Singapore except in accordance with the Act’s requirements. If you must transfer it to another region, be certain that you have obtained consent from your customers prior to the transfer and ensure that the external company has a comparable standard of data protection.

#8 be transparent

Your business should always have a detailed privacy policy for all to access and read. Be prepared to answer all your customer’s concerns regarding privacy and data protection. If you make the necessary effort to protect your customers’ personal data, your customers will thank you for it!

At EventNook, we deal with a lot of personal data, so we practice extra caution in data handling and take pride in our commitment to protect all our customers’ personal data while delivering the results. If you have any questions on our data protection policies for your events, feel free to drop us an email or a call, our friendly team will be more than happy to assist you!

Driving The Future Generation: ExxonMobil’s 2019 Singapore Campus Recruitment

30th August 2019 was an important day for aspiring university students to secure a job with the multi-billion dollar manufacturing giant, ExxonMobil (EM). It was also a big day for EventNook as we had to ensure that the registration process for EM’s Campus Recruitment went smoothly.

As there were going to be many VIPs gracing the event, our EventNook Onsite Support Team made sure to be at the event early to prepare for the registration.

EventNook Onsite Support Team

For this event, we provided EM with the following services:

How did we help Exxonmobil start and finish off the event without a hitch?

Our end-to-end event management software provided an easy platform for EM to register all of their attendee’s details, such as name, university, industry, job scope with ease. They could also choose which details they would include in the attendee’s name badge. In addition, as there were some walk-in registrations, the software could seamlessly check-in these individuals over-the-counter and capture it in the system for registration tracking.

The EventNook Onsite Mobile Kiosk Check-in System with QR code ticketing made the check-in process very quick. There was no queue formed as our registration process was extremely efficient.

For this event, EM requested to pre-print name badges for their Ambassadors as they were worried there would be printing errors for these VIPs. However, we realised it was time-consuming to search through the pre-printed name badges. In contrast, our Onsite Instant Badge Printing saved more time as we printed the remaining attendees’ name badges without mistakes, in just 1 second each! We would recommend using our eco-friendly, tear-resistant material to save time from slotting the name badges into plastic pouches.

Volunteers checking-in guests using EventNook’s equipment

The comprehensive equipment set-up and onsite event day technical supervision made the process simple even for the volunteers who only learnt how to use the app and equipment on the event day itself.

Equipment set-up on event day

We are honoured to be part of ExxonMobil’s successful event and we hope to work with them again!

EventNook started with a humble beginning in 2012 to make organizing events easy and hassle-free for event organizers. Here, we are building the world class innovative event management platform by simplifying and redefining the old event management process with innovative solutions and leveraging on world class cloud and mobile based technologies. We have grown our business organically from serving a couple of events to thousands of events over 20 countries. We build our business from the ground up with one event at a time and we take pride in delivering great event experiences and make events inspiring. If you have any enquiries regarding our service, please direct your questions to: hello@eventnook.com

Are You Still Collecting NRIC Data? Time To Stop!

NRIC law PDPA 2019

If you are still collecting your customer’s NRIC data, you probably haven’t heard of the new law that kicked in on 1st September 2019. The new law prohibits holding or making physical copies of NRICs and the collection of full NRIC numbers unless required by the law. According to the Personal Data Protection Commission, this law applies to birth certificate numbers, passport numbers, drivers’ license, foreign identification numbers and work permit numbers as well. Unless you are a government body, this new law will affect your business.

Singapore has significantly tightened the law on NRIC collection, use, disclosure and storage, however, in specified circumstances, you may still collect NRIC data. Under the Personal Data Protection Act (PDPA), such circumstances are referred to as “Permitted Situations”, which include:

  • Situations where the collection, use, or disclosure is required by the law or is an exception under the PDPA. However, you should still ensure that you have done due diligence in ensuring that you have informed your customers of the purpose of collection, use, or disclosure.
  • Situations where it is absolutely necessary to identify the individual to a high level of fidelity.

How do we determine when it is necessary? Generally, when a failure to identify an individual to a high degree of fidelity would pose a significant safety, security, financial, reputational, personal or proprietary risk, NRIC information would be deemed as necessary.

According to the SingaporeLegalAdvice.com, these situations are exceptions:

Collection, use, disclosure versus retention

The law may cut you some slack when it comes to the collection, use, and disclosure of NRIC data if you manage to find a suitable justification. However, this is not the case with retention or storage of NRIC data. Under the new NRIC guidelines, you are only allowed to retain NRIC data only if it is required by the law. Even if you need NRIC data to accurately identify an individual to a high level of fidelity, you should dispose of the data once you have correctly identified that individual.

Therefore, you should take note that even if you are in the clear for collection, use and disclosure of NRIC data, you may not be able to fit the clause related to retention.

Can I request to look at the nric just to verify an individual’s identity?

You may be faced with a situation where you need to verify if you are dealing with the right person and may need to merely take a glance at the individual’s NRIC. In this case, if you have no intention of keeping or obtain control of the individual’s NRIC data, this will not count as a collection of personal data on the physical NRIC.

next steps

Check if your current business procedures or processes require the collection, use or disclosure of NRIC data. If yes, check if it is categorised as a “Permitted Situation”. If it is not a permitted situation, review if it is really necessary to identify your customers to a high degree of fidelity and ensure that you dispose of the NRIC information when it is no longer necessary for business or legal purposes.

“I am still collecting nric data. is it too late to change?”

Better late than never. If you are still collecting NRIC data for event registration or for other reasons, switch up your business processes before you get caught for flouting the PDPA, which could get you fined up to $1 million! Here some quick methods you can use to help you switch away from using NRIC data, yet, still provides the necessary amount of security:

  • Tag your customers with a combination of identifiers (e.g. First Name + Last Name + D.O.B.)
  • Collect only the last 3 digits and the alphabet of the NRIC (e.g. XXXXX123A)

At EventNook, we respect the privacy of all individuals and strive to provide the ease of mind to all our customers when handling personal data. Data safety and privacy is not a one-time job but a commitment. EventNook is committed to continuously improve our customer data safety and privacy to comply with higher standards, beyond the minimum compliance level of GDPR and PDPA. If you have any concerns regarding data protection for your events, or if you simply want to know more about our privacy policy, please email: hello@eventnook.com

Supporting Social Causes With EventNook: National Kidney Foundation Sit-A-Thon 2019

National Kidney Foundation Sit-A-Thon 2019

Patients who suffer from kidney failure have to go through dialysis which require them to sit for long, painful hours on a chair. Do you know how that feels like?

To raise awareness about dialysis patients and the challenges they go through, National Kidney Foundation (NKF) Singapore held its annual instalment of the NKF Sit-A-Thon at Our Tampines Hub from 24th to 25th August 2019. The EventNook Team joined NKF to bring the community a weekend of healthy living and exercise, with Minister for Education, Mr Ong Ye Kung, gracing the event.

This year, there were many sign-ups for NKF’s Sit-To-Sweat sessions where participants were engaged in a 50-minute long spin class with instructors. There were a total of 12 sessions held over 2 days.

How did NKF pull off registration for such a large scale event so easily? EventNook was engaged to provide an easy, stress-free registration system for NKF. We provided a whole package which included:

While members of the community were pedalling hard and sweating it out, with the support from EventNook, the NKF team executed a smooth event without breaking a sweat.

the challenge

Registration process. QR check-in, instant name tag printing

From the registration process above, the goodie bag packing was the bottleneck as the volunteers had to pack event t-shirts according to the participants’ sizes on the spot. The team knew this was going to be time-consuming, hence, they minimised the time used for check-in and name printing by engaging EventNook’s services.

We enjoyed being part of the journey to support a meaningful cause with NKF. We would like to congratulate NKF on yet another successful instalment of Sit-A-Thon 2019 and we look forward to working with NKF again!

EventNook started with a humble beginning in 2012 to make organizing events easy and hassle-free for event organizers. Here, we are building the world class innovative event management platform by simplifying and redefining the old event management process with innovative solutions and leveraging on world class cloud and mobile based technologies. We have grown our business organically from serving a couple of events to thousands of events over 20 countries. We build our business from the ground up with one event at a time and we take pride in delivering great event experiences and make events inspiring.   

About Personal Data: What Do I Need To Know?

What qualifies as personal data?

Based on the PDPA Guidelines, your personal data can be defined as “data, whether true or not, about an individual who can be identified – a) from that data; or b) from that data and other information to which the organisation has or is likely to have access”.

Examples of this would be your name, address, gender, email address, IC number, etc. As of 1 September 2019, the new guidelines issued by the Personal Data Protection Commission (PDPC) dictate that organisations will not be allowed to collect, use or disclose NRIC numbers unless required by the law. Do note that the PDPA does not apply to business contact information such as business title, business telephone number, business address and business e-mail

This topic revolving around privacy and personal data has become such a hot topic for discussion. We hope you take some time to read though this article to stay updated on the necessary actions to take to ensure that your personal data is not compromised.

Of course, in most cases, we would need to give up some form of personal data due to the nature of the business or transaction. How then, can we ensure that our personal data is handled lawfully, fairly and in a transparent manner as required by the PDPA?

Here are 7 tips that you can keep in mind when giving away your personal data:

#1 Provide consent

Firstly, you have to give either verbal, written, or even deemed consent for your personal data to be collected. Whether there is a checkbox to select or a signature line, ensure that you are aware of the consent that you are giving by completing that form/questionnaire.

What constitutes as consent would include: Voluntary provision or cases where it is reasonable to voluntarily provide the data. Do note that you also have a right to withdraw your consent at any time. One example would be the Do Not Call (DNC) registry where you can opt out of receiving unsolicited marketing messages and calls. You are able to lodge a complaint if you still receive such messages and calls, and the organisations involved would face a fine up to $10,000 per breach.

#2 intent of collection

Once you have given, or are deemed to have given, consent, the personal data collected can only be processed in an appropriate manner and for a reasonable purpose. You have the right to be informed of the purpose for which the personal data is being collected.

Be aware of what your information is being used for, read the security and privacy policies if you have the time. Read the fine print – you may be consenting to having your data be used for marketing or analysis. When you give your consent, you would be giving your consent to any terms that are mentioned in these documents.

#3 access to YOUR data

Individuals have the right to request who we provide access to and to make corrections to their personal data. There are some exceptions, such as cases in which providing access would cause immediate harm to the safety, or physical or mental heath, of the individual; threaten the safety, or physical or mental health, of another individual; or reveal another individual’s personal data.

#4 update YOUR data regularly

We must make a reasonable effort to ensure that all personal data collected is accurate and complete. It is likely that the personal data will be used to make a decision that affects the individual to whom it relates, or is likely to be disclosed to another organisation. In case of any changes to your personal data, you should be given the option to edit what you have previously given.

#5 protection of data

Organisations must protect personal data in their possession or control by making reasonable security arrangements to prevent unauthorised access, collection, use, disclosure, copying, modification, disposal or similar activity. Read the security and privacy policies of the companies that you are giving your data to.

#6 delete once obsolete

Organisations must cease retaining documents containing personal data, or anonymise that data, as soon as it is no longer needed for the purpose for which it was collected, or for other legal or business purposes. You have the right to request for your personal data to be deleted should you choose to move your business elsewhere.

#7 keep within bounds

Lastly, organisations must not transfer personal data outside Singapore except in accordance with the Act’s requirements, to ensure that they provide it a comparable standard of data protection.

At EventNook, we deal with a lot of personal data, so we practice extra caution in data handling and take pride in our commitment to protect all our customers’ personal data while delivering the results. If you have any questions on our data protection policies for your events, feel free to drop us an email or a call, our friendly team will be more than happy to assist you!


The Success Of Your Event Depends On Its People: How To Understand Your Audience With Google Analytics

Google analytics audience

Is my website engaging the right people? Who is registering for my upcoming events?

If you have questions like these, Google Analytics (GA) is your answer. GA helps you see what you cannot see: Your audience.  

GA packs a load of useful information, providing users with Real-Time, Audience, Acquisition, Behaviour and Conversions reports. 

This article will only focus on breaking down the Audience report to help you better understand its components.

Overview

The Overview section shows in general, the people who are visiting your event website. It provides information on the total number of users, new and returning users, sessions, session duration, page views, bounce rate and more. The explanation of each component can be seen by hovering your cursor over the component.

bounce rate
The explanation of each component can be seen by hovering your cursor over the component.

However, do note that the numbers reflected are not in real-time. The default date range is set to a week but you can adjust the time period you wish to observe by clicking on the calendar drop-down in the top right corner. You can also compare data between two time periods by checking the “Compare to” box and choosing another time period.

drop-down calendar
Changing the observable time period

Active Users

The Active Users report shows you the number of unique users who visited your event website in the following time periods: 1 day, 7 days, 14 days, and 28 days

If you have more 1-day users than longer-term ones, it highlights a potential problem with retention. People are not returning to your event website, and you need to figure out why. 

Fortunately, these numbers do not always spell bad news as there could be various factors as to why they are not returning. They could have already purchased tickets for your events or they have obtained the information they needed off your website. To have a clearer picture, if your goal is for users to complete a registration, you can check in the Conversions report whether your conversions have increased.

Audiences

To generate data for a specific group of people for this page, you first need to define an audience within GA (e.g. People who visit the event registration page and return to purchase within 7 days)

The Audiences report will display data starting from the day you define the audience – you are not able to view data from the past.

User Attributes

1. Demographics: Divides your audience according to their age groups and gender.

2. Interests: 

  • Affinity Categories: Users who have a general interest, for example, “Event-goers”.
  • In-Market Segments: Users who have the intention to register for your event.
  • Other Categories: This category provides the most detailed view of your users’ interests. For example, if Affinity Categories include event-goers, Other Categories would include seminars/conferences/workshops.

3. Geo: Tells you the location and language of your event website visitors.

4. Behaviour: Allows you to analyse how your audience act on your website. You can see the frequency of visits, duration of each visit and how many pages they visit whilst there.

5. Technology: Reveals which browsers, operating systems and network providers your audience is using to access your site.

6. Mobile: Shows you what device your users are using to access your site or to purchase your event tickets. If you have a large drop in the number of users on your mobile compared to the desktop site, it could signal that your website is not mobile-friendly and it is time for you to optimise user experience on the mobile site. 

“How Can I Apply The Information Gathered From GA to My Events?”

Through GA, you can:

  • Find out if you are reaching the right audience, which will help you decide to whom you should direct the bulk of your future event marketing efforts.
  • Paint out the characteristics of your audience and get a rough picture of the type of people attending your event. This allows you to customise an event that would suit the audience, giving your event an edge over your competitors. For example, if your attendees are people who have an interest for new technology, you are sure to win their hearts with an onsite badge printing service, during the event check-in process.
  • Observe which audience segments (other than your original target segment) received more responses than expected. You can consider expanding your events into these potential markets.

There are a lot of opportunities that you can discover by listening closely to what your customers are saying.”

Joei Chan, Global Head of Content from Linkfluence

If you wish to understand your audience and don’t know where to begin, you can start with our end-to-end event registration management software, which safely houses all the data you need for Google Analytics.