Attendee Privacy

Are new meeting technologies tapping too much personal information?

Tracking Technologies
Here are some of the latest technologies used to track and analyze attendee behavior. It's best to speak with the supplier and an attorney to determine what needs to be disclosed to attendees and how to secure data gathered before implementing usage of these tools.

Badge Scanners
Lead-retrieval systems allow exhibitors to capture information, via handheld scanners using near-field communication or bar-code technology, when attendees visit a booth. Most systems require an attendee to volunteer to be scanned, as badges must be held up close to the scanner for data to be transferred. "We might disclose that if attendees allow their badges to be scanned, they are essentially sharing the information embedded in that badge, but that's pretty much a given," says Christine O'Connell, founder and president of Danvers, Mass.-based Conventus Media. "Swiping your badge is like handing over your business card to someone."

Long-range Radio Frequency Identification systems can track attendee badges embedded with a tag that contains anonymous electronic product codes (EPCs) from up to 14 feet away. At present, this technology is mainly used for session attendance tracking. While an EPC does not contain any personal attendee data, it could be linked to a badge number and thus an individual attendee, if desired. Reed Exhibitions embeds RFID technology in tickets for New York Comic Con to give organizers a few logistical advantages. "Due to the tremendous popularity of Comic Con, we need to have a very clear understanding of how many people are in the building at the same time to ensure safety," says Randy Field, vice president of operations technology with Reed Exhibitions. The embedded RFID chip also is necessary to gain access to the show, minimizing the ability to counterfeit tickets.

Video Surveillance
Using video cameras to visually analyze attendee behavior is a service offered by organizations such as Ethnometrics. According to sources, as long as attendees are not identifiable in the video, planners should not worry about privacy concerns. However, show organizers should speak with suppliers about their techniques, where the video files are stored and how they are eventually destroyed.

Cell Phones
Companies like Sherpa Solutions are developing technologies that can track mobile-device Wi-Fi signatures. According to Reed's Randy Field, these devices track "media access control" (MAC) addresses that are assigned to a device. MAC addresses do not contain any identification or data themselves, says Field. "They are completely anonymous, unique IDs that have zero information on a customer tied to them."

Floor Mats
Floor-sensing technologies that allow planners to detect where attendees move around the floor and how long they stay in a certain area, like those developed by Milwaukee-based Scanalytics, shouldn't raise concern, says Terrence Canela, general counsel for the American Institute of Architects. "If they're literally just tracking footsteps or weight, you're probably fine," he says, comparing them to the old fashioned metal turnstiles used simply to count how many bodies entered or exited a venue. - M.C.L.

Where does tracking attendee behavior at trade shows cross the line and become an invasion of privacy? That's a question groups like the American Chemical Society have long considered, notes Alan Hutchins, the organization's director of meetings and operations. "The ACS Meetings & Exposition committees said no to badge scanners, because our attendees would prefer they not be tracked," he says. "Chemists are very private people." Instead of gathering hard data about which sessions are more popular than others, "the ACS continues to do manual estimates of attendees," according to Hutchins. "Our volunteers make an estimate of how many people are in the room and use those numbers to plan for next year."

While the extent of its resistance might be unusual, the ACS certainly is not alone with respect to concern about attendee privacy -- especially in light of new technologies that allow planners to track people as they move around a conference or trade show floor (see related article, "Tracking Your Trade Show."). For planners, that ability and the data it generates can be of great value when selling exhibit space or sponsorships, improving future programming or laying out a show floor. Some attendees, however, might see it as Big Brother.

The truth is, much of this electronic scrutiny isn't concerned with collecting information on individuals (see sidebar, "Tracking Technologies," left), and when it does focus on specific behaviors, the resulting data isn't used to create personal dossiers. "The information is collected to understand your membership or attendees a little bit better," explains Jason Paganessi, vice president of business innovation for the Chicago-based Professional Convention Management Association. "If the information is shared, it is shared in aggregate. You're looking at general figures or percentages; you're not giving out personal identifiable information." Even when attendees are scanned or tracked to gauge session attendance, adds Paganessi, show organizers aren't examining that data on an attendee level. "You can't possibly analyze that much data on an individual basis and be able to make any type of decision from that; it has to be based on an aggregate."

But as technology moves forward and the thirst for data grows, where is the line drawn?

Candid cameras, candid disclosure
Terrence Canela, general counsel with the American Institute of Architects, notes that laws relating to personal privacy in public spaces that were hashed out decades ago are not clearly defined, especially when it comes to today's high-tech capabilities. "Twenty years from now it probably will be standard to track all of this data," he says. "But because a lot of the technology is so new, you need to tread carefully." His first bit of advice is to always seek local legal counsel, as privacy laws can vary from state to state.

By definition, privacy laws hinge on "whether there's an intrusion into an area that a reasonable person would think is private," says Canela. "The key word there is reasonable, which is really vague."

When it comes to devices like electronically enhanced turnstiles and floor mats, which can track how many people enter a venue and where they go once there, Canela finds little cause for legal concern because attendee identities are not captured.

Even video surveillance methods of tracking attendee behavior should be OK, "as long as the attendees remain unidentifiable," says Stuart Ingis, a leading attorney on privacy and a partner at Washington, D.C.-based Venable LLP.  

Planners should include information in registration forms noting what kind of data is being collected, via what methods, how it will be used and how it will be stored. Being transparent means running the risk of raising concerns from those under scrutiny, so planners need to weigh the benefits of data capture before investing in it, notes Ingis.

Paul McDonnough, vice president, conferences and events, for the Direct Marketing Association, uses badge scanners during his annual conference (set for this Oct. 12-17 in Chicago) to track session popularity. "We tell our attendees exactly what we're doing and that we're doing it so we can continually evolve our content to match their needs," he says. "We're totally transparent about it, and we also give them an option to not participate. If they don't want their badge scanned, we don't make them."

Tips for Safe Data Storage
Consider the following guidelines for storing sensitive attendee data, courtesy of Debi Scholar, director of managed meetings strategies for New York City-based American Express Meetings & Events.

• Establish and maintain a security-awareness program. Management should communicate security policies and provide training on those policies to the workforce.

• Maintain an access-management program designed to guard against the unauthorized access, alteration or misuse of personal identifiable information.

• Ensure personal identifiable information is properly stored and then destroyed when it is no longer needed. This may entail the shredding of paper and erasing of electronic data.

• Avoid transferring attendee and/or meeting data to any other supplier without prior approval from your or your client's organization.

• Notify the organization within four hours of any security breach. - M.J.S.

Giving attendees the choice not to be tracked is key, says Ingis. Austin, Texas-based AllianceTech, which offers RFID technology to track session attendance and trace where people enter and exit a show floor, works with planners to set up signage around the conference and also offers a toll-free telephone number for wary attendees to call if they want more information or to opt out of the program. Opt-out areas are included on the registration form, too, so attendees can choose not to participate before they even get to the event.

"When we first started, we thought opt-out rates would be really high, but we've only seen about 1 or 2 percent of people opting out," says Roger Lewis, executive vice president of sales and marketing for AllianceTech. "We live in a generation where people are tracked all the time. As long as attendees feel educated about what the data is going to be used for, the opt-out rate stays very low."

Posting photos on social media
Planners or participants with smartphones now can take pictures of attendees and upload them to social media sites in an instant, for anyone with an Internet connection to see. Is that an invasion of privacy? Legal sources say its usually fine to post photos of large group settings or people from a distance during an event or conference.

One good practice is to include consent forms in registration materials and/or post signage around the conference alerting attendees that their photo could be taken and posted on a social media site or website, so they are aware. "I would put that statement right at the top of the registration page," advises Jonathan Howe, president and senior founding partner of Chicago-based Howe and Hutton and a contributing editor of M&C. "Have it state that their completion of this form gives you permission to take photos and use them."

Canela does take such precautions. "Do attendees have reasonable expectation of privacy at a 5,000-person reception? It depends, but probably not, especially if they appear in a photograph of a large group of people in a public space," he says. "Is someone going to sue you over that photo and win? It's unlikely, but having notices and prior consent to use photos will help your organization avoid unnecessary risk."

McDonnough places disclaimers on registration confirmation emails and in on-site show guides. "We let them know that pictures are being taken and used for purposes of marketing and communications," he says. "We've never had anyone have a problem with it."

When it comes to snapping photos of attendees close up or when they're the only person in the frame, "it may be best to let them know and give them the option to opt out before posting on social media or especially on the cover of a brochure," suggests Canela.

Keeping private data private
Three years ago, Carlson Wagonlit Travel Meetings & Events set out to achieve compliance with the ever-evolving security standards put forth by the credit card industry, known as PCI (payment card industry) compliance. While the effort originally focused on credit card security, says Richard Waits, manager of U.S. operations for CWT Meetings & Events, "we wound up expanding it to include passport and social security numbers, for times when we needed to collect and transmit this kind of information."

The project, which extends throughout all divisions of Carlson Wagonlit Travel, has been dubbed the Data Security Compliance Program -- and has enabled the company to make huge strides in creating and enforcing standards for how data is collected and stored, says Waits. "When we first started this process, we went through and looked at all of the places where we were gathering sensitive data, and where we were storing it," he says. "We found out where all of the potential holes were."

Waits isn't talking about gaping shortfalls in security waiting to be exploited by hackers; he's referring to vulnerabilities in the ways meeting planning companies have traditionally collected client information. For instance, he points to how credit card numbers typically have been communicated. "We would have our clients email or fax them to us," he notes, "or we would have them call us, and then we would write the number down. That number could then have been input and stored on a shared drive, to which many people had access; it could have been just left on an employee's desk. Or, if the numbers were being transmitted to us on an office fax machine, that information could just sit there where anyone might see it."

How Secure Is Your Meetings Tech Platform
How should planners assess the data security processes of event technology platforms? JR Sherman, senior vice president and general manager of the San Diego-based Active Network Business Solutions Group, notes these key considerations.

• PCI compliance. Different levels of compliance are identified by the payment card industry. The highest is Level 1; companies that achieve Level 1 compliance process more than six million Visa transactions per year, or have been determined by Visa to meet that level of volume. Unlike organizations with Levels 2, 3 or 4 certification, those with Level 1 compliance must maintain their certification by completing an ongoing series of steps -- including hiring a third-party assessor to certify compliance level. The other levels can perform self-

• User names and passwords. A technology platform should provide a configurable security policy for user names and passwords, and require passwords of at least eight to 12 characters, with a mix of upper- and lower-case letters, numbers and symbols. It should force password changes and not allow previous passwords, and set a maximum number of failed log-in attempts before the user account is locked.

• Server infrastructure. Power spikes or loss of power can easily take down servers. Look for a platform that stores its data in at least three secure data centers. Ideally, facilities should use enterprise-level hardware and be designed to provide a seamless failsafe backup plan when one server goes down. Inquire, too, about the people running the data centers, and whether there is a 24/7 command center.

• Configurable security options. Not everyone needs the same level of access to data. One planner might need to access information about all attendees, speakers, sponsors and exhibitors, while other team members need only data about certain participants.

• Ongoing attention. Ask if the technology supplier regularly tests security, communicates its security policy to all employees and performs background checks on anyone with access to the data. - M.J.S.

Today, the only way CWT M&E will collect sensitive information from clients -- be it credit card, passport, driver's license or social security number -- is over the phone. If the information is written on paper, that paper must be secured in a locked drawer or shredded once it is entered into a secure platform. The registration platform CWT uses is Active Network's StarCite, which is PCI compliant. Two different passwords are required to access sensitive data, and the system can be configured so that only the employees who require access to specific data are granted it.

Waits believes that soon every travel or meetings company that gathers and transmits personal data will have to develop similar safeguards, if they aren't doing so already -- and not necessarily because customers are demanding it or any breaches actually have occurred. "It's the payment card industry that is driving the change," he notes.

Storing and sharing information
Using a tested meetings management platform to store sensitive data is considered a best practice by American Express Meetings & Events, according to Debi Scholar, the company's director of managed meetings strategies. Consider, for example, what could occur if a planner's computer, complete with stored attendee information, was lost or stolen. "Based on the findings from the Risk Research Report that American Express released earlier this year, 20 percent of meeting planners never encrypt the data on their computers," Scholar points out. "This may be viewed as a risk exposure if personal identifiable information is included on the computer."

Such information might include not only credit card and passport numbers, but any details that uniquely identify a specific person, such as a home phone number or personal medical profile.

Likewise, planners must use caution when sharing sensitive data. "Meeting planners might want to consider using encryption technologies to send confidential information to suppliers when using email," Scholar suggests. "Planners should share the least amount of attendee information needed and discuss the security of the information with their suppliers."

At CWT M&E, planners use a web-based secure transfer system to export data to venues or other suppliers. "Each of our employees has an account within our secure transfer system," explains Richard Waits. "And there are specific rules and policies for the passcodes that must be used and how often they are changed," he adds. Planners upload an attendee spreadsheet, for example, into the secure transfer system, which then generates an email and unique password for the receiving party, which has to in turn log in to download the document. "That document will stay in the secure transfer for only seven days," says Waits, "and then it is automatically deleted."