For access to our up-to-the minute articles and know-how knowledge
we invite you to join our community. It's free and you will access more than is available to non-members.
So what is a serious breach? The ICO (Information Commissioners Office) helpfully shares some examples.
Having studied their examples, it is clear that those that work within event management could easily be involved in a `serious’ breach even if by accident. An unintentional breach or failure through lack of knowledge or understanding would not be considered a mitigating circumstance.
Three examples of a `serious breach’:
If any of these losses could cause distress or substantial damage to the individuals concerned, it is likely that the individual responsible for the loss and their employer will be in considerable trouble.
The loss of a job. Agency event managers, in particular, deal with many temporary employees and are often asked for references for future employment. Individual Account handlers have been known to provide references themselves as a favour either to the ex-employee or the new employer, rather than pass the request to an appropriate Company Director. That information can be inaccurate, misleading or in some cases inflammatory. Unless you have issued instructions to the contrary, don’t assume those of your employees responsible for recruiting others won’t be tempted to respond to personal information requests if they deem it pertinent to their job role.
Loss of personal date. Event managers regularly transport and despatch personal data outside of the office. Delegate lists for accommodation or travel. Home addresses for joining instructions. ICE details for emergency planning. This information is often also integrated into the event documentation and carried electronically and in paper format to meetings and to the event itself.
The chaotic nature of events, particularly during set-up and breakdown can mean laptops and files left unattended or unprotected. This may not be a purposeful action but that matters not. If that data goes missing and it has not been adequately protected, it may be perceived as a ‘serious breach’.
Loss of sensitive personal data. The Disability Discrimination Act means that event organisers must seek information regarding `special needs’ from their invited delegates and this can sometimes mean personal medical and sensitve information is supplied. When provided, this information needs to be retained until the required action or steps have been taken to accomodate the delegate. You should be absolutely clear as to how this information is subsequently managed. You should also be very clear in how it should be destroyed once your event is completed. In this case this information would most definitely be considered sensitive personal data and it should be adequately protected.
Remember: individuals as well as businesses can be prosecuted for a failure to protect personal data.
We call it the Knowledge Audit. Critical must-know information when planning and managing events. A training course. An assessment tool. A knowledge audit. If you're not sure what you don't know then this will probably be the best training investment you have ever made. Priced from £25. Find out more »
The Equality Act 2010 was launched in October. It pulls together historical pieces of legislation and puts them all under one umbrella. It is about equality and discrimination and how to assess, plan, manage and control these issues.
To read more about this Act, keep signing into Relevant Risk or visit the Government Equality Office.
If you handle hundreds of events every year and employ numerous agencies, either under contract or ad-hoc, it may be time to undertake a risk review with your suppliers.
Responsibility and liability is often shared and certainly cannot be transferred - even by contract - particularly if the matter falls under criminal law.
Your suppliers. Your duty of care.