No one wants to see a headline in the daily news that features their event’s name and the words “data breach,” but with today’s increasingly bold—and, unfortunately, clever—hackers, it could happen. Here are three ways you can, and should, be addressing cybersecurity in your supplier contracts, according to Joshua Grimes, Esq., a meetings industry attorney with Grimes Law Offices.
1. Require that the venue or other internet supplier take measures to keep the network secure. From ensuring that no one can set up a ghost network to steal your data to agreeing to require that the venue runs anti-virus programs on the business center computers, put your data security requirements in your contract.
Grimes says he recently was unable to print a document on a hotel business center computer because, for the hotel’s security, the computer didn’t have a USB port he could plug his thumb drive into. Staff told him to email the document to himself and print it out from there, but since they couldn’t guarantee that his data would be secure on their business center computer, he couldn’t do that either. “That’s an issue to deal with as part of a meeting contract—if they won’t warrant to me that their business center computer is secure and safe from hacking, then everyone’s personal information could be exposed,” he says.
2. Require third-party planners, venues, and other suppliers to warrant that their protocols for protecting individual privacy data meet the standards of the European Union’s General Data Protection Regulation, as well as privacy rules from other countries. Both planners and suppliers need to be careful that they know exactly what those regulations are, and how their systems are in compliance, he says. “If you or your suppliers can’t meet those requirements, it will come back against the planner, the venue, or the tech company that supplies the internet,” says Grimes.
3. Require the venue to warrant that it won’t use any of your group’s personal information for any reason other than what is specifically authorized by the individual or the group. “A meeting organizer may say, ‘We don’t want you to use our participants’ information for your marketing purposes, or for other reasons we don’t authorize.’ The hotel might come back with, ‘What if we ask at the front desk if it’s OK for them to receive information from us?’ That’s OK, but only if the guest consents.”
While it’s not necessarily a cybersecurity matter, another Internet best practice is to ask properties or other Internet suppliers to warrant that you’ll get a certain Wi-Fi speed, and if you don’t, what the financial consequence would be, says Grimes. “When you’re doing the contract several years in advance, you may not know what the state-of-the-art speed will be at that time, but that doesn’t mean you shouldn’t address it. Put it in the contract that the hotel or tech supplier warrants that the speed will be comparable to the highest commercial speed they offer at the time of the meeting, and if they fail to provide it, you get a discount.”