Event Registration: Data Breaches
I spend my days talking and working with some of the biggest and hottest tech companies on the planet. It’s a huge privilege for me. When they hire our team to help them execute an event, we take that stewardship seriously and see it as our responsibility to represent their company as they would, in every situation. Part of that stewardship is over data that we collect through event registrations, and how we approach the care of that data is just as important as how we talk to attendees, work with sponsors or perform on any other part of the event. Unfortunately, I see many events that unknowingly utilize registration systems that abuse their stewardship and give up that data to third parties. This is unacceptable.
Let me explain how this works. Some registration systems provide registration data they collect to third parties. They openly admit to doing so in their terms and conditions or privacy statements. However, they try to make it seem innocent enough by saying that the data is “anonymized” and/or they only provide non-private data, etc. Let me just make it clear that if you believe this means you are not giving up personal data of your attendees, you are being fooled.
What happens is that they do indeed share “non-private” data or “non-personalized” data, but that data is anything but non-personal once a third party company has it. For instance, one popular registration company shares to a third party data provider who,
“provides identity resolution for all of the disparate pieces of public contact information out there on the web. We do this by aggregating billions of contact records, all with numerous attributes, including quality, freshness and frequency. Our patent pending algorithms process all of this data and automatically produce clean, accurate full contact records. As a final step, we then check each data element to make sure that it’s publicly available before providing it to our customers.”
So, not so anonymized once the third party gets it. they take this non-personal information and quickly turn it into personal data. So while you may not provide their email or name — they already have that, and simply append more meta data that you provided to enhance the data about that individual. That data is then more valuable to sell and use by other companies to sell and market to your customers — to your attendees.
Yes, perhaps legally, they are not providing your personal data. But this is indeed a data breach and violates the trust your attendees give you to keep their data private.
In my opinion, this type of sharing of data should not be allowed without explicit permission from the attendee themselves, not just through a signed agreement on the registration system. And, in my opinion, this practice also breaks some company privacy policies, which could become a much larger issue.
There is a whole industry built on this service — to de-anonymize data. They, “ …take lots of data points and utilize algorithms to logically build clean, accurate…contact records”. It is a growing part of marketing technology that you need to be aware of.
So consider this carefully. When you sign up for a registration system for your events or for your clients, please make sure you are very aware of how that data will be handled once it is collected.
If you would like to discuss this issue in detail, want to know which systems do this, and learn of alternatives, we would be glad to talk. EEG’s Event360 event platform shares no data with third parties and treats your data as your legal and IT departments would.