Safeguarding Personal Data: Highlights for the Trade Show Industry

April 4, 2019

Chris Eisenberg

In addition to his duties as Executive Vice President of Sales & Business Development, Chris Eisenberg serves as Bartizan Connects’ in-house attorney specializing in Data Compliance. Chris advises companies on how to navigate the new data protection and privacy laws to ensure that they are compliant. 

As most of you know, the safeguarding of personal data or as the GDPR calls it, personally identifiable information (PII), is a hot topic in the trade show industry.

This started with the EU’s General Data Protection Regulation (GDPR) that became EU law on May 25, 2018, and continues with the enactment of several state laws, most notably the California Consumer Privacy Act (CCPA), which will become effective on January 1.

First, a quick look back at the GDPR

The GDPR covers all companies worldwide that work with the personally identifiable information of anyone residing in the EU, either permanently or temporarily. The GDPR can be broken down into two main categories: Privacy and Data Protection.

In regard to privacy, an organization must have a lawful basis for processing an individual’s data. For the purposes of the trade show industry, we’ll stick to consent. The GDPR states that the consent must be explicit for both the data being collected and the purposes the data will be used for. The GDPR is an OPT-IN regulation. The individual/attendee must OPT-IN to both the data being collected and the purposes the data is used for.

In regard to data protection/security, the GDPR speaks of data protection by design and default. Data protection should be designed into the business process or app so that the data protection is there by default. 

The specifics in regard to data protection are more open-ended. I find Article 32 of the GDPR very important. It states, in part: “The controller and the processor must implement appropriate technical and organizational measures to ensure a level of security appropriate to the risk.” So, the level of security of PII that contains an SSN or credit card numbers would be greater than PII that just contains name, email address and phone number.

California Consumer Privacy Act

The California Consumer Privacy Act was signed into law in 2018 as a compromise to prevent a more stringent data privacy proposition to be put on the California ballots in the 2018 election. The CCPA applies to for-profit entities that fall under one of the following criteria: 

(a) The business generates annual gross revenue of over $25 million.

(b) The business must receive or share the personal information of more than 50,000 California residents annually.

(c) The business must derive more than 50 percent of its revenue by selling the personal information of California consumers (residents).

The CCPA only protects California residents, unlike the GDPR, which protects anyone in the EU, not just residents. The CCPA allows residents certain rights in regard to the collection of their personal data. 

Highlights from the CCPA:

  1. California Consumers have the right to know what personal data is being collected and to know the categories of the sources of this information.
  2. California Consumers have the right to know the purposes for which the personal information is being collected, used or sold and the categories of third-parties to whom it is being sold.
  3. California Consumers have the right to request the deletion of their personal information.
  4. California Consumers have the right to opt out of their personal data being sold. This right to opt out must be a simple easy and straightforward process for the consumer.
  5. California businesses can not discriminate against any consumers who exercise their rights under the CCPA.

Other States Have Jumped Into the Fray: 

  • Ohio passed the Ohio Data Protection Act which became effective on November 2, 2018. Ohio’s law provides a “safe harbor” (i.e., an affirmative defense) for organizations which meet the laws cybersecurity standards. To qualify for the safe harbor, a business must “create, maintain and comply with a written cybersecurity program” that “reasonably conforms” to one of several industry-recognized cybersecurity frameworks.
  • Alabama passed its first data notification on June 1, 2018.
  • Arizona updated its breach notification law to expand the definition of personal information on April 11, 2018.
  • As of September 1, 2018, Colorado now requires businesses to be accountable for protecting personal information.
  • Iowa passed a law, effective July 1, 2018, that regulates online services and mobile apps for minors.
  • Louisiana, as of July 1, 2018, amended its data breach laws.
  • Nebraska, as of July 18, 2018, passed a law requiring businesses to maintain reasonable security practices.
  • As of June 2, 2018, Oregon strengthened its data breach notification rules.
  • South Dakota, as of July 1, 2018, has enacted its first data breach notification law.
  • Vermont passed a law, which went into effect this past January 1, that regulates data brokers.

Conclusion

Though it would be very helpful to have a national law covering data privacy and data protection, experts believe that will not happen any time soon, so best practices dictate keeping an eye on what all 50 states are doing in order to remain compliant.

The good news, however, is the strict requirements of the GDPR and the CCPA is likely to mean that compliance with these two statutes will mean that your organization is compliant with the rest of the country.

 

Don’t miss any event-related news: Sign up for our weekly e-newsletter HEREand engage with us on TwitterFacebookLinkedInand Instagram!

Add new comment

Partner Voices
Overview: The award-winning Orange County Convention Center (OCCC) goes the extra mile to make every day extraordinary by offering customer service excellence and industry-leading partnerships. From their dedicated in-house Rigging team to their robust Exhibitor Services, The Center of Hospitality brings your imagination to life by helping you host unforgettable meetings and events. With more than 2 million square feet of exhibit space, world-class services and a dream destination, we are committed to making even the most ambitious conventions a reality. In October 2023, the Orange County Board of County Commissioners voted to approve allocating Tourist Development Tax funding for the $560 million Phase 5A completion of the OCCC. The Convention Way Grand Concourse project will include enhancements to the North-South Building, featuring an additional 60,000 square feet of meeting space, an 80,000- square-foot ballroom and new entry to the North-South Building along Convention Way. “We are thrilled to begin work on completing our North-South Building which will allow us to meet the growing needs of our clients,” said OCCC Executive Director Mark Tester. “As an economic driver for the community, this project will provide the Center with connectivity and meeting space to host more events and continue to infuse the local economy with new money and expanding business opportunities.” Amenities: The Center of Hospitality goes above and beyond by offering world-class customer service and industry-leading partnerships. From the largest convention center Wi-Fi network to custom LAN/WAN design, the Center takes pride in enhancing exhibitor and customer experience.  The OCCC is the exclusive provider of electricity (24-hour power at no additional cost), aerial rigging and lighting, water, natural gas and propane, compressed air, and cable TV services. Convenience The Center is at the epicenter of the destination, with an abundance of hotels, restaurants, and attractions within walking distance. Pedestrian bridges connect both buildings to more than 5,200 rooms and is within a 15-minute drive from the Orlando International Airport. The convenience of the location goes hand-in-hand with top notch service to help meet an event’s every need. Gold Key Members The OCCC’s Gold Key Members represent the best of the best when it comes to exceptional service and exclusive benefits for clients, exhibitors and guests. The Center’s Gold Key memberships with Universal Orlando Resort, SeaWorld Orlando and Walt Disney World greatly enhance meeting planner and attendee experiences offering world-renowned venues, immersive experiences and creative resources for their events. OCCC Events: This fiscal year, the OCCC is projected to host 168 events, 1.7 million attendees, and $2.9 billion in economic impact.  The Center’s top five events during their 2022-2023 fiscal year included:  AAU Jr. National Volleyball Championships 2023 200,000 Attendees $257 Million in Economic Impact MEGACON 2023 160,000 Attendees $205 Million in Economic Impact Open Championship Series 2023 69,500 Attendees $89 Million in Economic Impact Sunshine Classic 2023 42,000 Attendees $54 Million in Economic Impact Premiere Orlando 2023 42,000 Attendees $108 Million in Economic Impact