Keeping MICE safe and compliant in a new environment

Issue 3 2021 Commercial (Industry), Infrastructure

The meetings, incentives, conferences and exhibitions (MICE) sector has been challenged with massive change over the past year: not only has the Covid-19 pandemic forced most meetings and events online for safety, but now the deadline for compliance with the Protection of Personal Information Act (PoPIA) raises questions about data protection within this new virtual environment.


Edison Mazibuko.

With PoPIA taking effect 1 July 2021, the organisers of virtual meetings and events have to be cognisant of these changes, which will have an impact similar to that experienced by the MICE sector elsewhere in the world when complying with protection of personal information regulations.

Addressing both situations at once can seem like a balancing act, but fortunately PoPIA, like other privacy legislation such as GDPR, is quite clear about the steps to be taken to remain compliant. To strive for compliance, key areas for focus in the MICE sector should include:

Appoint a data protection officer. This team member will serve as the bridge between business, IT and other stakeholders and be made accountable for compliance. Collaboration between business units is the key to success.

Review your technology vendors. As processors of the personal information gathered or stored by a MICE company, technology vendors should be properly certified and compliant, should encrypt all data and hold the necessary ISO certification.

Strengthen your organisation’s cybersecurity posture. A key measure to protect sensitive information is to ensure the systems and data are properly protected from theft, accidental exposure, or hardware and software damage.

Check your policies and procedures. With the deadline for PoPIA compliance upon us, all organisations should already have their policies and procedures in place. However, compliance is not a destination but a journey. To strive for compliance, organisations should maintain a robust information security programme, regularly test vulnerabilities and run ongoing staff training and awareness programmes. To ensure that only authorised staff and stakeholders access personal information, implement a Privileged Access Management (PAM) solution.

Review all documentation. All event registration forms and sponsor/exhibitor booking forms and all the processes for capturing and storing them should be reviewed to ensure they are PoPIA compliant.

Review your third-parties. Third-party suppliers and service providers who have access to event data must similarly be compliant with the act. MICE organisations need to verify that every company they work with currently and in future is PoPIA compliant.

Know your data. Whether a company is staging virtual or real-life events, their mailing lists, contact databases, supplier and sponsor directories and staff files must be properly secured, processed and managed only within the parameters of the act. Going forward, specific permission must be sought to gather personal information and the reasons it is being gathered must be specified. For most MICE companies, contact lists are re-used time and again for various events. Going forward, clear permission will have to be sought to retain contacts’ information and approach them for relevant events in future. Organisers must also make it easy for people to withdraw consent to use their information.

Some rules of thumb include collecting only the data you need. Periodically review the data, deleting anything you don’t need.

Consider how to approach the sales leads issue. A major reason many organisations sponsor events is to secure qualified sales leads. PoPIA compliance could impact this benefit. When registering attendees for an event, organisers will now have to give them the option to grant or deny permission for sponsors to contact them. However, the challenge of delivering value to sponsors could be overcome by changing the event model and ensuring that sponsors have greater opportunities to pitch their products during the event itself, for example.

Secure your virtual platforms. Online events early in the Covid-19 pandemic exposed a number of potential personal information risks, including the ability for outsiders to access private meetings and malicious players to scrape a wealth of personal information about participants. Virtual events should be staged only on reputable platforms, in which events can be locked to the general public and all participants accept that the event is being recorded. Event organisers should also ensure that their video conferencing equipment, software and connections are secure and patched. Protect the administrative accounts with appropriate passwords or a PAM solution.

The measures to be taken may seem onerous at first, but once the right tools, policies and procedures are in place, data protection practices can be instilled into the company culture and become second nature for safe and secure events.




Share this article:
Share via emailShare via LinkedInPrint this page



Further reading:

The TCO of cloud surveillance
DeepAlert Verifier Technews Publishing Surveillance Infrastructure
SMART Security Solutions asked two successful, home-grown cloud surveillance operators for their take on the benefits of cloud surveillance to the local market. Does cloud do everything, or are there areas where onsite solutions are preferable?

Read more...
Navigating South Africa's cybersecurity regulations
Sophos Information Security Infrastructure
[Sponsored] Data privacy and compliance are not just buzzwords; they are essential components of a robust cybersecurity strategy that cannot be ignored. Understanding and adhering to local data protection laws and regulations becomes paramount.

Read more...
Creating a cybersecurity strategy in a world where threats never sleep
Information Security Infrastructure
[Sponsored Content] The boom of Internet of Things (IoT) technology and the chaos that surrounded the sudden shift to work-from-home models in 2020 kick-started the age of cybercrime. In that period, incidents rose by 600%, affecting every industry and showing no signs of slowing down.

Read more...
Gallagher Security’s achieves SOC2 Type 2 recertification
Gallagher News & Events Integrated Solutions Infrastructure
Gallagher has achieved System and Organization Controls (SOC2 Type 2) recertification after a fresh audit of the cloud-hosted services of its integrated security solution, Command Centre. The recertification was achieved on 21 December 2023.

Read more...
Cyberattacks the #1 cause of business outages
Editor's Choice Information Security Infrastructure
The latest survey by Veeam Software shows that 92% of organizations will increase their spending on data protection by 2024 to achieve cyber resilience due to continued threats of ransomware and cyberattacks.

Read more...
Nology races to end 2023
Editor's Choice News & Events Infrastructure
Nology ended 2023 with an event highlighting its various products and services to the local market, followed by a few laps around the Kyalami Indoor Karting track.

Read more...
Cybersecurity integrated with data protection
Technews Publishing News & Events Infrastructure
Last year's VeeamOn Tour conference in South Africa was a smaller version of the annual global Veeam conference, aimed at the company's regional partners and customers.

Read more...
All aspects of data protection
Technews Publishing Editor's Choice Information Security Infrastructure AI & Data Analytics
SMART Security Solutions spoke to Kate Mollett, Senior Director, Commvault Africa, about the company and its evolution from a backup specialist to a full data protection specialist, as well as the latest announcements from the company.

Read more...
Majority of South African companies concerned about cloud security
Information Security Infrastructure
Global and local businesses share a common concern when it comes to cloud security. 95% of global businesses and 89% of local businesses are concerned about the security of public clouds.

Read more...
Consolidated cybersecurity management
Technews Publishing Editor's Choice Information Security Infrastructure
SMART Security Solutions spoke to Gareth Redelinghuys, Country Managing Director, African Cluster at Trend Micro, to find out what makes Trend stand out from the crowd and also its latest market offerings.

Read more...