Keeping MICE safe and compliant in a new environment

Issue 3 2021 Commercial (Industry), IT infrastructure

The meetings, incentives, conferences and exhibitions (MICE) sector has been challenged with massive change over the past year: not only has the Covid-19 pandemic forced most meetings and events online for safety, but now the deadline for compliance with the Protection of Personal Information Act (PoPIA) raises questions about data protection within this new virtual environment.

Edison Mazibuko.

With PoPIA taking effect 1 July 2021, the organisers of virtual meetings and events have to be cognisant of these changes, which will have an impact similar to that experienced by the MICE sector elsewhere in the world when complying with protection of personal information regulations.

Addressing both situations at once can seem like a balancing act, but fortunately PoPIA, like other privacy legislation such as GDPR, is quite clear about the steps to be taken to remain compliant. To strive for compliance, key areas for focus in the MICE sector should include:

Appoint a data protection officer. This team member will serve as the bridge between business, IT and other stakeholders and be made accountable for compliance. Collaboration between business units is the key to success.

Review your technology vendors. As processors of the personal information gathered or stored by a MICE company, technology vendors should be properly certified and compliant, should encrypt all data and hold the necessary ISO certification.

Strengthen your organisation’s cybersecurity posture. A key measure to protect sensitive information is to ensure the systems and data are properly protected from theft, accidental exposure, or hardware and software damage.

Check your policies and procedures. With the deadline for PoPIA compliance upon us, all organisations should already have their policies and procedures in place. However, compliance is not a destination but a journey. To strive for compliance, organisations should maintain a robust information security programme, regularly test vulnerabilities and run ongoing staff training and awareness programmes. To ensure that only authorised staff and stakeholders access personal information, implement a Privileged Access Management (PAM) solution.

Review all documentation. All event registration forms and sponsor/exhibitor booking forms and all the processes for capturing and storing them should be reviewed to ensure they are PoPIA compliant.

Review your third-parties. Third-party suppliers and service providers who have access to event data must similarly be compliant with the act. MICE organisations need to verify that every company they work with currently and in future is PoPIA compliant.

Know your data. Whether a company is staging virtual or real-life events, their mailing lists, contact databases, supplier and sponsor directories and staff files must be properly secured, processed and managed only within the parameters of the act. Going forward, specific permission must be sought to gather personal information and the reasons it is being gathered must be specified. For most MICE companies, contact lists are re-used time and again for various events. Going forward, clear permission will have to be sought to retain contacts’ information and approach them for relevant events in future. Organisers must also make it easy for people to withdraw consent to use their information.

Some rules of thumb include collecting only the data you need. Periodically review the data, deleting anything you don’t need.

Consider how to approach the sales leads issue. A major reason many organisations sponsor events is to secure qualified sales leads. PoPIA compliance could impact this benefit. When registering attendees for an event, organisers will now have to give them the option to grant or deny permission for sponsors to contact them. However, the challenge of delivering value to sponsors could be overcome by changing the event model and ensuring that sponsors have greater opportunities to pitch their products during the event itself, for example.

Secure your virtual platforms. Online events early in the Covid-19 pandemic exposed a number of potential personal information risks, including the ability for outsiders to access private meetings and malicious players to scrape a wealth of personal information about participants. Virtual events should be staged only on reputable platforms, in which events can be locked to the general public and all participants accept that the event is being recorded. Event organisers should also ensure that their video conferencing equipment, software and connections are secure and patched. Protect the administrative accounts with appropriate passwords or a PAM solution.

The measures to be taken may seem onerous at first, but once the right tools, policies and procedures are in place, data protection practices can be instilled into the company culture and become second nature for safe and secure events.

Share this article:
Share via emailShare via LinkedInPrint this page

Further reading:

Cyber resilience is more than cybersecurity
Technews Publishing Cyber Security Integrated Solutions IT infrastructure
Hi-Tech Security Solutions held a round-table discussion focusing on cyber resilience and found that while the resilience discipline includes cybersecurity, it also goes much further.

Revamping Liberty Life’s reception area
Turnstar Systems Access Control & Identity Management Commercial (Industry)
Turnstar supplied and installed four Speedgate Express lanes, each 550 mm wide, as well as two Pulse Special Needs Gates for wheelchair access to Liberty Life.

Reliable, low-maintenance video appliances
Technews Publishing Editor's Choice CCTV, Surveillance & Remote Monitoring News IT infrastructure Products
Symetrix, part of the Agera Group, has added the AES range of video recording servers, storage appliances and workstations to its portfolio.

Cold chain integrity in real time
Technews Publishing Editor's Choice Asset Management, EAS, RFID IT infrastructure Transport (Industry) Logistics (Industry)
DeltaTrak offers real-time farm-to-fork IoT monitoring of the cold chain to ensure every step of the journey is recorded and verifiable via the cloud.

BCX and Alibaba Cloud confirm partnership
News IT infrastructure
BCX and Alibaba Cloud have formed a partnership to bring cloud technologies to businesses in South Africa to drive local digitalisation.

IoV – the cutting edge of vehicle automation
Integrated Solutions IT infrastructure Transport (Industry) Logistics (Industry)
Today’s cars have become bona fide connected machines and not merely an extension of our mobile devices such as smartphones.

Advanced technologies to curb corruption
News Cyber Security IT infrastructure
The use of advanced technology to curb fraud, corruption and cyber-related crimes received a massive boost as the Council for Scientific and Industrial Research (CSIR) and Special Investigation Unit (SIU) agreed to work together.

The current and future state of smart OT security
Technews Publishing Industrial (Industry) Cyber Security IT infrastructure
Nearly 60% of survey respondents also revealed that their organisation suffered at least one OT breach during the past 12 months, with 10% experiencing four or more.

Automation made easy
Vox Products IT infrastructure Residential Estate (Industry)
Vox Sixth Sense IoT features battery-operated sensors that are easy to install and connect automatically to an IoT-specific network, allowing you to view the information gathered from any connected device via an app.

Reliable connectivity remains key for mining
Mining (Industry) IT infrastructure
Improving operations empowers the mining industry to be more efficient and productive, and it also makes it safer, more cost-effective and more sustainable.