Simple ways to protect your business and customer personal information from going into the wrong hands
We’re now all used to being asked to check-in when we enter a venue, restaurant or club. Mostly the processes have upgraded from a clipboard, contact sheet and pen to scanning a QR code and entering our details via our mobile phone.
However the electronic systems vary greatly and security is a grave concern when venues are using a system that might not have been effectively vetted and investigated in terms of data handling and security.
The potential for event organisers and venues or their check-in technology providers to mismanage, mishandle or lose data in breaches or leaks has the potential to put the people attending at risk. Individuals’ personal contact information is extremely sensitive, and it is important for strict measures to be put in place to ensure that data is handled in accordance with the data protection regulations.
Realistically, the obligation will be on event organisers and venues to make sure the information doesn’t leak, or get misused. Using a cheap or free supplier for these services may increase the risk as these service suppliers may not have the systems, procedure or data handling processes to mean they are 100% protected.
Philip Gardner, CIO for Encore commented,
“There are several actions event organisers and venues can take to mitigate risk when undertaking event check-in and facilitating contact tracing, and they do not need to be overly expensive or time-consuming. At the very least you should know where the data is being stored and how it is being secured.”
“It is vital that event organisers and venues have a proper data protection officer/administrator in place to ensure they are responsible not only for the collection and storage of data, but also after a pre-determined (mandated in each State) number of days secure deletion of all personal information.”
Encore’s Contactless Check-In system is fully ISO data security compliant and Encore can manage the controls on a event organiser’s or venue’s behalf. It has the following accreditations:
- ISO 27001
- SOC 1 and SOC 2/SSAE 16/ISAE 3402 (Formerly SAS 70 Type II)
- PCI Level 1
- FISMA Moderate
- Sarbanes-Oxley (SOX)
It is hosted and managed within Amazon’s secure data centres. They continually manage risk and undergo recurring assessments to ensure compliance with industry standards.