Event App Security: Access & Data Privacy Best Practices
If there’s one phrase that causes event planners to lose the most sleep—besides “The speaker dropped out!”—it’s probably “data protection”, especially when it comes to event app security.
Due to heightened sensitivity around data breaches and privacy, event planners are having to pay special attention to how their technology vendors—like event app providers such as EventMobi—are using and storing their event data.
This blog post will shed light on the top event app security features, best practices for data protection, and important technical questions that you should be asking your event app providers so that you only partner with the most secure vendors (and can sleep more soundly at night!).
The Top Event App Security & Access Features
Whether you feel you have confidential information housed in your event app or not, it’s important to ensure that all personal data about your event participants is only accessible by authorized parties.
Here are some important features an event app provider should offer for event app access and security:
- Require passwords for all participant accounts. Passwords help your attendees’ protect access to their personal accounts and the information stored within them. Without passwords, anyone who can guess your participants’ email addresses could potentially access your event app and the data within it, such as profiles or private messages.
- Provide passcodes for private events. Requiring participants have a passcode to log into an event app allows planners to limit access to only those people they share the passcode with, such as a list of registrants. Passcodes help limit public access to information in the event app—such as location, agenda, or a speaker list. They’re an effective deterrent to unauthorized access by people who could stumble upon the event app via a directory (like an app store), or those who guess the event app link.
- Restricted access by email (the highest level of event app access). Restricting app access to registered participants only (based on their email address) ensures the greatest control over event details and participant listings by locking out anyone not registered to attend.
Best Practices for Event App Data Protection
Any person or organization collecting information about event participants is considered a “Data Controller” under privacy legislation like GDPR. Data Controllers have a great deal of responsibility for the information they collect—including how that data is gathered, stored, and used across various technologies.
To help you meet basic data protection best-practices, look some of the following features:
Other requests to make of your event technology vendors around data protection and privacy include:
- A data processing addendum (DPA) that addresses both your and their obligations around data protection (note: this is only required if the information is not already explicitly outlined in your most recent contract).
- A list of sub-processors the event technology provider may use to collect and store information.
- Information about how data access requests (DAR), or requests for data destruction or anonymization will be handled. They should be able to tell you how long data will be stored for, where it will be stored, and who has access to it should you need to respond to a DAR from your event participants.
Internally, it’s also important to understand who in your organization or team will be accessing data, and having them properly trained in the handling of your event participants’ data.
For more details about GDPR compliance and event planning, read our guide: The Event Marketer’s Guide to GDPR.
Other Event App Security Considerations
While you may need an infosec or IT pro to dive into all of the technical security requirements of your event technology, here are a few high-level areas event planners should familiarize themselves with to understand what is important when selecting event technology vendors:
- What kind of data encryption methods does the provider use (both in transit and at rest)? (ex: Is HTTPS encryption used?)
- Where is the data the provider collects hosted? (And is that provider secure and reputable?)
- Are the provider’s security policies based on accepted standards in the industry?
- What are their processes for communication of security breaches to customers?
- Are all security features included in basic pricing? Or is extra payment required for enhanced security?
Learn more about EventMobi’s commitment to event app security and data protection. We offer secure event app access and GDPR compliance features that make it easy to deliver an incredible and safe event.
Internal & External Considerations for Event App Security
Aside from ensuring your event app provider is security-conscious, it’s important to consider implementing processes that mitigate risk around how other vendors and/or your employees access or use event participant data. For example:
- What type of WiFi security does your venue provide?
- Who in your organization has access to your event data? Are you granting everyone administrative access to the management system of your technology vendor? Are the employees who have access properly trained in how to handle and store attendee data?
- Do you have a corporate mobile device policy to ensure access to your event app is limited, even in the case where an unauthorized 3rd-party accesses your employees’ mobile device?
- If you are using custom fields to integrate your event app with an external data source (ERP, HR, CRM), have you made sure that only the required information is being synced (and not more private data than is necessary)?
- If you are sharing attendee information with your speakers or sponsors, have you collected consent from your attendees during your registration process?
For more event app security-related content, check out Event Security: How Technology Can Help Event Professionals Plan Smarter and Manage Risk