Flock recently had the pleasure of working with Andrew Henwood who is the director of Blck Rhino. Blck Rhino specialises in Cyber Security and data protection. His team has helped FLOCK in setting up the correct protocols for any cyber threats and assisted us in being compliant with POPIA.
Due to the growing concerns of these topics in any business, we asked Andrew to share his thoughts around how businesses can mitigate their risks and be compliant.
Security and Data Protection
Why should event planners prioritise security and data protection?
According to Henwood, information security should be an imperative consideration for all business processes and functions especially for events that collect sensitive data like ID, Passport numbers, address etc. This is to ascertain the potential impact on any event and to understand any unknown risks. This aids in helping to develop solutions to mitigate any of these potential risks.
Event Design, Form, and Function
Taking this into account, event planners should ensure that any sensitive data is protected as part of their overall proposition and forming an integral part of design, form and function.
In addition, Andrew confirmed that careful consideration should be taken to block “digital gate-crashers” or potential “disruptors” to an event.
To deliver a successful event, a mature technology partner and fit-for-purpose event platform should be sourced to mitigate the majority of risks surrounding cyber security.
A cyber-attack simulation or role-playing desktop exercise should be considered for high-profile and sensitive events. These are the proverbial “fire-drills” that assist in forward planning and will ensure the team and partners are well prepared for potential incidents. This proactive thinking will warrant a well-thought-out response plan is developed to minimise impact and ensure all parties are suitably prepared to respond.
A Guide to POPI Compliance
“The POPI Act (POPIA) fundamentally aims to protect the misuse of personal information. It
sets out the minimum standards regarding accessing and ‘processing’ of any personal information belonging to another. POPIA defines ‘processing’ as collecting, receiving, recording, organizing, retrieving, or the use, distribution and sharing of any such personal information.” explains Andrew.
In order to be compliant with POPIA, an organisation must ensure that they fully understand their responsibilities and have taken action to securely handle an individual’s information. There are many routes to compliance but they all work towards ensuring proper protection of an individual’s personal information.
Andrew elaborates on why events need to be POPI complaint. “Events typically capture a significant amount of personal information. This means that the appropriate legal and compliant steps should be taken in safeguarding and protecting this personal information.
To become POPI compliant, event managers need to perform a review at an early stage, to ascertain what personal information will be captured, stored and processed. Then they will need to determine appropriate handling procedures for that data and understand the flow of this personal information around their systems. Any third parties need to be accessed if they will handle this personal data and measures need to be put into place to ensure that they also comply. This process forms the building blocks for running an event in compliance with POPIA.
Andrew warns that the maximum fines and penalties due to non-compliance of the POPI Act are R10m and/or 10 years imprisonment for business owners and individuals. “It should be stressed that this is the maximum penalty and would only be imposed in extreme circumstances.” Additionally, non-compliance penalties would typically be imposed when things go wrong and/or there is evidence of misuse of personal information. Businesses must take appropriate steps to ensure they are working towards POPI compliance as this is now a legal requirement.
Henwood’s extensive knowledge brings to light how important it is to have event security measures and POPIA compliance under control. Luckily, we can help you to implement all of these features at your next event. Book a demo with us today, sit back and relax knowing that your guests’ safety is our top priority.