5 Most Common Event Management Mistakes Which Could Compromise Your Privacy

Only 3% of cyber crimes are due to technical flaws and weak security. Then what are the causes for the other 97% of cyber crimes? According to Medium, employee errors are responsible for the majority of security and privacy breaches. All it takes is one unknowing employee to click on a malicious link, or to leave an unlocked laptop unattended, for an organisation’s personal data records to be leaked. In the events industry, while we collect a lot of personal data, we have also spotted many experienced companies with negligent practices throughout the course of our business.

Here are the top mistakes made by event management companies

#1 ‘Find your own names’

It can be really chaotic during event registrations, especially when there are so many people streaming in all at once. Searching for names from a huge pile of name badges is like searching for a needle in a haystack and you may be tempted to take what seems to be the easiest way out: Pre-printing name badges with personal information on it and displaying it on the table for all to see. Although having more pairs of eyes searching may help you save time, you may receive complaints regarding potential personal data breach as you are revealing your guests’ data for everyone else to see.

Related image
Revealing all personal data to your guests: A potential personal data breach!

What can I do then? Either hide these name badges behind the counter where only your event staff can see, or use a smart QR check-in and onsite badge printing service where you can print name badges instantly in under 2 seconds after the guest registers with a QR code.

Image result for eventnook badge printing
Mobile QR Check-In Kiosk with Instant Onsite Badge Printing

#2 Not disabling ‘ Auto-Fill ‘ function

This is a common mistake when you need your guests to key in their personal data on digital devices on the spot, for walk-in registrations or lucky draws. When your device’s auto-fill is enabled, just keying in an alphabet or a number could reveal a whole list of related personal data of previous registrants. Don’t put yourself at risk of personal data breach, remember to disable ‘Auto-Fill’.

#3 Using sign-in books

Even if you don’t use digital devices to register your guests, you still have a high chance committing a privacy breach if you use sign-in books. Imagine if you are holding a recruitment event and you have your potential candidates register in the sign-in book. A potential candidate could glance through the names who could be vying for the same role and could find ways to undermine the other candidates when speaking to the potential hiring managers.

You could either have your event crew register your guests themselves after verifying their identity by requesting for their business cards or last 3 digits of NRIC number.

Related image

#4 Forgetting to log out

At EventNook, many event organisers rent our iPads for registrations and use our event management software to track their ticket sales and attendees. However, after the event, we noticed that many would forget to log out of our application on the iPads. This could be a problem if we passed on the iPads to the next event manager, as they could access the previous records and sensitive data.

Hence as part of our best practice, the EventNook team will always ensure that these personal data would not be accidentally passed on to others as we will always do a check to ensure all accounts are logged-out, before handing the device over.

#5 Event part-timers’/volunteers’ error

No matter how careful you are with personal data, you must ensure that your event helpers are as cautious as you are. Many event managers are aware of such privacy risks, yet they forget to thoroughly brief the rest of the team about the do’s and don’ts when handling personal data.

If you have an event coming up, as a manager, it is your responsibility to look for a reliable vendor who will protect your attendees’ data. At EventNook, we respect the privacy of all individuals and strive to provide the ease of mind to all our customers when handling personal data. If you have any concerns regarding data protection for your events, or if you simply want to know more about our privacy policy, please email: hello@eventnook.com

About Personal Data: What Do I Need To Know?

What qualifies as personal data?

Based on the PDPA Guidelines, your personal data can be defined as “data, whether true or not, about an individual who can be identified – a) from that data; or b) from that data and other information to which the organisation has or is likely to have access”.

Examples of this would be your name, address, gender, email address, IC number, etc. As of 1 September 2019, the new guidelines issued by the Personal Data Protection Commission (PDPC) dictate that organisations will not be allowed to collect, use or disclose NRIC numbers unless required by the law. Do note that the PDPA does not apply to business contact information such as business title, business telephone number, business address and business e-mail

This topic revolving around privacy and personal data has become such a hot topic for discussion. We hope you take some time to read though this article to stay updated on the necessary actions to take to ensure that your personal data is not compromised.

Of course, in most cases, we would need to give up some form of personal data due to the nature of the business or transaction. How then, can we ensure that our personal data is handled lawfully, fairly and in a transparent manner as required by the PDPA?

Here are 7 tips that you can keep in mind when giving away your personal data:

#1 Provide consent

Firstly, you have to give either verbal, written, or even deemed consent for your personal data to be collected. Whether there is a checkbox to select or a signature line, ensure that you are aware of the consent that you are giving by completing that form/questionnaire.

What constitutes as consent would include: Voluntary provision or cases where it is reasonable to voluntarily provide the data. Do note that you also have a right to withdraw your consent at any time. One example would be the Do Not Call (DNC) registry where you can opt out of receiving unsolicited marketing messages and calls. You are able to lodge a complaint if you still receive such messages and calls, and the organisations involved would face a fine up to $10,000 per breach.

#2 intent of collection

Once you have given, or are deemed to have given, consent, the personal data collected can only be processed in an appropriate manner and for a reasonable purpose. You have the right to be informed of the purpose for which the personal data is being collected.

Be aware of what your information is being used for, read the security and privacy policies if you have the time. Read the fine print – you may be consenting to having your data be used for marketing or analysis. When you give your consent, you would be giving your consent to any terms that are mentioned in these documents.

#3 access to YOUR data

Individuals have the right to request who we provide access to and to make corrections to their personal data. There are some exceptions, such as cases in which providing access would cause immediate harm to the safety, or physical or mental heath, of the individual; threaten the safety, or physical or mental health, of another individual; or reveal another individual’s personal data.

#4 update YOUR data regularly

We must make a reasonable effort to ensure that all personal data collected is accurate and complete. It is likely that the personal data will be used to make a decision that affects the individual to whom it relates, or is likely to be disclosed to another organisation. In case of any changes to your personal data, you should be given the option to edit what you have previously given.

#5 protection of data

Organisations must protect personal data in their possession or control by making reasonable security arrangements to prevent unauthorised access, collection, use, disclosure, copying, modification, disposal or similar activity. Read the security and privacy policies of the companies that you are giving your data to.

#6 delete once obsolete

Organisations must cease retaining documents containing personal data, or anonymise that data, as soon as it is no longer needed for the purpose for which it was collected, or for other legal or business purposes. You have the right to request for your personal data to be deleted should you choose to move your business elsewhere.

#7 keep within bounds

Lastly, organisations must not transfer personal data outside Singapore except in accordance with the Act’s requirements, to ensure that they provide it a comparable standard of data protection.

At EventNook, we deal with a lot of personal data, so we practice extra caution in data handling and take pride in our commitment to protect all our customers’ personal data while delivering the results. If you have any questions on our data protection policies for your events, feel free to drop us an email or a call, our friendly team will be more than happy to assist you!