Keeping MICE safe and compliant in a new environment

Issue 3 2021 Commercial (Industry), IT infrastructure

The meetings, incentives, conferences and exhibitions (MICE) sector has been challenged with massive change over the past year: not only has the Covid-19 pandemic forced most meetings and events online for safety, but now the deadline for compliance with the Protection of Personal Information Act (PoPIA) raises questions about data protection within this new virtual environment.

Edison Mazibuko.

With PoPIA taking effect 1 July 2021, the organisers of virtual meetings and events have to be cognisant of these changes, which will have an impact similar to that experienced by the MICE sector elsewhere in the world when complying with protection of personal information regulations.

Addressing both situations at once can seem like a balancing act, but fortunately PoPIA, like other privacy legislation such as GDPR, is quite clear about the steps to be taken to remain compliant. To strive for compliance, key areas for focus in the MICE sector should include:

Appoint a data protection officer. This team member will serve as the bridge between business, IT and other stakeholders and be made accountable for compliance. Collaboration between business units is the key to success.

Review your technology vendors. As processors of the personal information gathered or stored by a MICE company, technology vendors should be properly certified and compliant, should encrypt all data and hold the necessary ISO certification.

Strengthen your organisation’s cybersecurity posture. A key measure to protect sensitive information is to ensure the systems and data are properly protected from theft, accidental exposure, or hardware and software damage.

Check your policies and procedures. With the deadline for PoPIA compliance upon us, all organisations should already have their policies and procedures in place. However, compliance is not a destination but a journey. To strive for compliance, organisations should maintain a robust information security programme, regularly test vulnerabilities and run ongoing staff training and awareness programmes. To ensure that only authorised staff and stakeholders access personal information, implement a Privileged Access Management (PAM) solution.

Review all documentation. All event registration forms and sponsor/exhibitor booking forms and all the processes for capturing and storing them should be reviewed to ensure they are PoPIA compliant.

Review your third-parties. Third-party suppliers and service providers who have access to event data must similarly be compliant with the act. MICE organisations need to verify that every company they work with currently and in future is PoPIA compliant.

Know your data. Whether a company is staging virtual or real-life events, their mailing lists, contact databases, supplier and sponsor directories and staff files must be properly secured, processed and managed only within the parameters of the act. Going forward, specific permission must be sought to gather personal information and the reasons it is being gathered must be specified. For most MICE companies, contact lists are re-used time and again for various events. Going forward, clear permission will have to be sought to retain contacts’ information and approach them for relevant events in future. Organisers must also make it easy for people to withdraw consent to use their information.

Some rules of thumb include collecting only the data you need. Periodically review the data, deleting anything you don’t need.

Consider how to approach the sales leads issue. A major reason many organisations sponsor events is to secure qualified sales leads. PoPIA compliance could impact this benefit. When registering attendees for an event, organisers will now have to give them the option to grant or deny permission for sponsors to contact them. However, the challenge of delivering value to sponsors could be overcome by changing the event model and ensuring that sponsors have greater opportunities to pitch their products during the event itself, for example.

Secure your virtual platforms. Online events early in the Covid-19 pandemic exposed a number of potential personal information risks, including the ability for outsiders to access private meetings and malicious players to scrape a wealth of personal information about participants. Virtual events should be staged only on reputable platforms, in which events can be locked to the general public and all participants accept that the event is being recorded. Event organisers should also ensure that their video conferencing equipment, software and connections are secure and patched. Protect the administrative accounts with appropriate passwords or a PAM solution.

The measures to be taken may seem onerous at first, but once the right tools, policies and procedures are in place, data protection practices can be instilled into the company culture and become second nature for safe and secure events.

Share this article:
Share via emailShare via LinkedInPrint this page

Further reading:

Cyber resilience is more than cybersecurity
Technews Publishing Editor's Choice Cyber Security Integrated Solutions IT infrastructure
Hi-Tech Security Solutions held a round-table discussion focusing on cyber resilience and found that while the resilience discipline includes cybersecurity, it also goes much further.

Keeping devices in check
Cyber Security Asset Management, EAS, RFID IT infrastructure
Kaspersky patents new technology for analysing relationships between electronic devices to counter cyberattacks launched through connected IoT devices.

Considering cloud downtime insurance?
Arcserve Southern Africa Cyber Security IT infrastructure Security Services & Risk Management
Byron Horn-Botha, business unit head, Arcserve Southern Africa, reveals three vital steps that you must consider to ensure business continuity before you buy insurance.

A robust OT cybersecurity strategy
Editor's Choice Cyber Security IT infrastructure Industrial (Industry)
Cyber experts are still struggling to convince senior management to spend money to protect their control system assets, resulting in a lack of even basic measures to protect control systems.

IT security at the core of smart cities
Cyber Security IT infrastructure Government and Parastatal (Industry)
The success of service delivery and public access to universal Wi-Fi, home automation and smart sensors is based on increased IT security.

The next generation of Point of Sale
Commercial (Industry) Security Services & Risk Management Products
New digital point-of-sale (POS) platforms are gaining traction, which means payment providers and investors should take note.

Cloud can cut your security risks
Cyber Security IT infrastructure
Todd Schoeman, BT client business director in South Africa, explores the ways that organisations can reduce security risk by using the cloud.

Vehicle entrance control
ZKTeco Access Control & Identity Management Commercial (Industry)
Secure your premises and control who enters with access control systems from ZKTeco. The company offers various types of entrance control terminals for pedestrians and vehicles.

New R2 billion Pick n Pay super distribution centre
Flow Systems Access Control & Identity Management Products Commercial (Industry)
Flow Systems Manufacturers was selected to be part of the security infrastructure at the new Pick n Pay inland distribution centre, which covers an area of 36 ha.

Post-pandemic access control features
Paxton Access Control & Identity Management Products Commercial (Industry)
Access control features introduced at the height of the pandemic are still useful as effective, integrated entrance control mechanisms today.