Data security isn’t something you would immediately associate with event planning, but the fact is, all event organisers have access to potentially sensitive information about their attendees. Names, addresses, professions, email accounts, and credit card numbers are all sensitive data points and are commonly provided when purchasing tickets to an event. Even registering for a free event requires identifying information. With electronic systems so heavily integrated into our personal and professional lives, the security of the data held by these systems is more important than ever.
Data security — the measures in place to prevent unauthorised access or corruption to this information — is essential for businesses of any size and events are no exception. While no reputable business would ever intentionally abuse this information, a hacking attempt or unintentional data leak could seriously harm your reputation and business.
Notifiable Data Breaches scheme
In February 2017, the Australian Government introduced the Notifiable Data Breaches scheme. This amendment to the Privacy Act requires businesses to notify any individuals likely to be at risk of serious harm by a data breach. A data breach occurs when personal information held by an organisation is lost or subjected to unauthorised access or disclosure.
Examples of a data breach include when:
- a device containing customers’ personal information is lost or stolen
- a database containing personal information is hacked
- personal information is mistakenly provided to the wrong person
This scheme is in place to protect individuals from data leaks, even by accident, to ensure that businesses take the required steps to help their customers protect themselves from fraud.
Protecting the data of attendees
Protecting data is as easy as the systems and processes you use to handle that data. For small events in particular, it’s not uncommon for organisers to use very manual or outdated processes such as spreadsheets and hard copy guest lists. These methods are not secure and can easily be misplaced and accessed by others. If attendees are being emailed manually for example, accidentally copying email address in the ‘to’ field instead of ‘BCC’ (blind carbon copy) would expose the email address of every attendee. Using a payment processing system that stores credit card information is another example of making customer data vulnerable. If that system were to be hacked, these credit cards could be stolen and used fraudulently.
Modern solutions are designed with modern issues in mind. Technology such as security certificates, encryption of data, and meeting the Payment Card Industry Data Security Standard (also known as PCI DSS compliance) are all must-haves when managing attendee data. If you’re unsure whether or not your online ticketing provider offers these, it pays to do your research on their security and privacy measures. Prevention of data loss is far easier to manage than the wrath of customers who have had their details breached.
Eventbrite Privacy and Security
Your privacy protection doesn’t start and end with what’s required by laws and regulations. Eventbrite’s privacy program goes above and beyond the legislative requirements in order to protect you and your business. This includes a full time legal and security team focused on keeping privacy measures effective and up to date, as well as regular audits.
For an overview of Eventbrite’s Privacy and Security measures, enter your email address in the form to receive a copy of our one-page information sheet.