Private Parts

The Best Western Greenwood Inn & Suites in Beaverton, OR, shuttered last December after a long run as a popular destination for both business and leisure travelers. Police say it probably wasn't too long after that when the local methamphetamine community discovered that several boxes had been left in the abandoned building. In all, 29 boxes remained, unattended, each full of old financial records, job applications, and guests' credit-card receipts (complete with full names, account numbers, and expiration dates) spanning the years 2002 to 2004. By July, police had filed identity-theft charges against two suspects. Although only one victim was named, authorities warned that the potential for additional victims was vast.

The story—chilling to anyone who's ever paid a hotel bill with a credit card—was just one drop in an ocean of headlines this summer about the mishandling or loss of sensitive financial data. In May, Bank of America announced that the account information of 670,000 customers was illegally sold to a cyber-crime ring in New Jersey. That same month, Time Warner reported that the personal information of 600,000 employees was missing. In June, Citibank revealed that UPS had lost a package containing the personal information of 3.9 million customers. July brought the unsettling Best Western incident out of Oregon around the same time that a London-based computer hacker announced that he had hacked through hotel room televisions to spy on other guests' computer usage, access the hotel's complete guest lists, and even manipulate other guests' bills. And in August, the United States military joined the fray when the Air Force admitted that a suspected hacker had compromised the personal information (including Social Security numbers) of some 33,000 officers and personnel.

Clearly, no organization—regardless of its size, sector, or prestige—is safe from data thieves. And this is particularly true in the meetings business. The very nature of the industry makes it an especially attractive target for data and identity thieves because meeting planners gather large numbers of people and collect all kinds of potentially sensitive data on them. Add new technologies, such as radio frequency identification and online registration, and the meetings industry is as vulnerable as—if not more than—any to this sort of crime.

"Data privacy is a legitimate issue that's very much on the table for meeting planners," says Fairfax, VA-based meeting planner Elizabeth Zielinski. "It's a hot topic in the news in general, and if it's on the radar screen of the attendees, we have to be ready to deal with it." Planners constantly handle potentially sensitive information, whether it's the personal information of their attendees or the content of the sessions they produce. But "as an industry, we're not looking at these issues enough," argues Washington D.C.-based meeting planner Joan Eisenstodt, who runs a series of educational sessions dealing with privacy issues. "I don't think there are any areas in which we're not vulnerable. Systems have proven very easy to hack into." Understanding the scope of a meeting planner's responsibility in protecting privacy has never been so important. And as it becomes increasingly critical—and difficult—to control information, privacy issues as they pertain to meetings remain maddeningly vague and, perhaps consequently, largely overlooked. "So few people in our industry have been putting an emphasis on this," says Kelly Franklin Bagnall, an attorney with Dallas-based Brown McCarroll LLP, who specializes in meetings law and who teaches privacy sessions with Eisenstodt. "Planners need to be proactive, not wait to have the bad experience first and then react."

Part of the problem stems from inconsistent expectations of privacy. "I do think there is some miscommunication about what is private information," says Bagnall. "What people perceive to be private information is in many cases not confidential and private information. For instance, you probably expect your credit-card information to be confidential, but you give it to people all the time. People have different expectations about the use of their personal information and how it is handled and destroyed." So, when it comes to handling attendee information, planners sometimes feel unsure of where their responsibilities begin and end.

Last year, when Anne S. Easterling, association manager for the Austin, TX-based National Organization for Human Service Education, was planning her annual conference in Houston, her host hotel notified her that anyone who entered the property could be subject to a complete background check, without advance notice. (The hotel was also the host hotel for any international dignitaries who might visit President Bush at his Crawford ranch.) "I wasn't sure if it was my obligation to share that information with my attendees," Easterling says. So she raised the issue at her board meeting, and the board concluded that she wasn't responsible for notifying the group of the hotel's privacy policies. "The consensus across the board was that with all the talk in the media about how information is used related to air travel and credit-card transactions, we didn't need to be the ones who say, 'By the way, recognize that if you book an airline flight or a hotel room, the information you give may be used in other ways.' That wasn't our responsibility," she says.

Bagnall says decisions like these are best handled on an individual basis. "Every meeting planner faces an ethical dilemma when these types of questions are raised about what information they're going to communicate to their attendees," she says. "Planners need to evaluate each situation and decide what they're going to do, because each case is different." In other words, it's an ethical, not legal, decision. And according to Randy Cohen, who writes "The Ethicist" column in The New York Times Magazine, it's always best to err on the side of candor. Easterling "wouldn't need to tell the group in advance, for example, if the croissants in the coffee shop aren't real croissants but just rolls shaped like croissants, but you wouldn't expect in the ordinary course of events that the FBI is going to be investigating you," he says. "In any extraordinary circumstances that a reasonable person might not anticipate, there's an obligation. When in doubt, tell."

To avoid such ethical uncertainties, it's helpful to clearly define the limits of responsibility that all parties must assume ahead of time. "Attendees are customers, and customers have expectations about how their data—be it name, address, company affiliation, credit-card information, or hotel preference—is going to be handled," says Trevor Hughes, executive director of the York, ME-based International Associa-tion of Privacy Professionals (IAPP). "It's important to offer your attendees choice. Not only should you give them some notice about how the information is going to be used, but you should give them the choice about whether or not they want it used that way," Hughes says. One way to do this is to establish a clearly defined privacy policy for all meetings. "We have a privacy statement on our conference registration form and on our Web site. And it's very specific and explains exactly how information is used. We also have an opt-out option on our registration forms so that if people don't want to receive mailers from our sponsors, they don't have to."

Zielinski agrees. "As an independent planner, one of my concerns with outsourcing is losing track or control of the information processes, but even in a large corporation, too many of us take a lot of this for granted and just assume the IT department will handle it," she says. "But you're going to get asked about it, so you've got to know. And that's where the written privacy policy goes a long way. It explains what all the expectations are and sets formal procedures to maintain the security of the information."

Hotel privacy policies vary widely from one company to another, so it's important for planners to address the issue when negotiating. "Whether it's guest names and credit-card information, or whether it is because the meeting is top secret, there has to be a meeting of the minds up front about what those expectations are so the contract can be crafted to address all the concerns," says Bagnall. When it comes to rooming lists, planners must reach an agreement with the hotel regarding how—if at all—their attendees' names will be shared. "Meeting planners should ask each hotel chain what privacy protection they have in place to make sure the information isn't going to be resold or lost," advises Tim Sparapani, legislative counsel for the Washington D.C.-based American Civil Liberties Union (ACLU). "Find out what security measures the hotel has in place to prevent someone from hacking into the system."

"Eliminate the issue up front," echoes Jennafer Ross, of Downingtown, PA-based Jennafer Ross Events. In August, she was contacted repeatedly by members of the local trade union regarding an upcoming meeting at a Bay Area hotel, even though her meeting was never publicly advertised and most of her attendees are high-profile individuals. "I'm not sure how they got my name and contact information, and I'm concerned about my attendees' names being released inappropriately," she says. So Ross went directly to the hotel and inquired about any potential information leaks. "I was very frank and put all my concerns on the table. I told them I needed to know how they were planning to handle the situation internally and that if they couldn't solve those issues I would have to give them a rooming list with dummy names," to protect the privacy of the attendees. Ross says the hotel was very cooperative and, at presstime, was working to identify the source of the leak.

Planners need to hammer out their privacy requirements with the hotel during negotiations and include the relevant provisions in the contract, argues John S. Foster, an attorney with Atlanta-based Foster, Jensen & Gulley, who specializes in meetings law. As planners seek assurances that their attendee lists will not be shared inappropriately, they must simultaneously secure the right to compare their registration lists with hotel master lists. "While for attrition purposes, planners want to make sure to preserve the right to look at the hotel's guest lists pertaining to their meeting dates, they may also not want the hotel to release the names of their attendees or acknowledge the group is even meeting there," he says. Addressing each of these issues contractually not only helps to prevent problems in the working relationship but will also protect both parties in the event that private information is compromised. "Some people might blame the planner for choosing a hotel that didn't properly protect the information, but that would be a stretch. And that's what the indemnification clause is for—if a hotel causes a group to be sued or vice versa. This is why contracts today are 30 pages long and need to be."

To date, there have been no successful lawsuits against hotels or planners over breaches of a stated privacy policy that appears on a hotel's homepage or reservation page. And analogous suits, such as the recent claims against JetBlue Airlines for privacy violations, have been dismissed. "In at least one of those cases, the plaintiffs failed to sustain the action due to a lack of provable damages," says Bagnall. That will not always be the case—and may not be the case if lawsuits are brought in the Greenwood Inn incident.

Despite calls from some meeting planners for industry associations to work together to establish privacy standards, many consider standardizing privacy policies for meetings an unnecessary step. "The meetings industry is a lot like the rest of the marketplace. If you think of attendees as being customers, what's happening in the market right now in terms of legislation and self-regulation is enough," says IAPP's Hughes. "There doesn't need to be some standardized policy in the field of meetings specifically." Planners in all segments of the meetings world should evaluate their privacy policies individually, rather than in an effort to comply with industry standards, because it's in their own best interests. Says Hughes: "If you want to create trusting relationships with your customers, privacy is important."


Getting Tagged
Radio frequency identification, or RFID, has added fuel to the already fiery privacy debate. RFID tags are microchips embedded in nametags that transmit information about the attendee wearing the badge to receivers. Receivers are placed at trade show entrances, in show booths, and sometimes even in other attendees' badges.

Although the technology is growing increasingly popular—the State Department has finalized a new "smart" U.S. passport that employs RFID—the use of these chips makes some meeting professionals and attendees uneasy. "Remember how everyone freaked out about those hotel key-card rumors that suggested our private information was being stored on the magnetic strip?" asks Washington D.C.-based meeting planner Eisenstodt. "Well, how will people feel when they realize that when they're in their own hotel rooms, the technology in their badges allows anyone walking by in the hallway to access their information?"

"We had some people get horribly offended in one of our sessions when we discussed the RFID tags on their name badge and they didn't know about it" ahead of time, says Dallas-based attorney Kelly Franklin Bagnall, adding that there were signs notifying attendees of the technology at the registration desk. "It's the idea of being tracked surreptitiously" that is so distasteful—which is why it's important to disclose fully the use of the tags and provide attendees with the opportunity to decline them. "Because this is a new technology in our industry, show organizers will have to establish standards for how or if they will inform registrants about their use of RFID at their events. They will allow an opt-out option for those registrants who have an objection to it." says Bob Lucke, executive vice president, business development, at Twinsburg, OH-headquartered Conferon Global Services, parent company of Frederick, MD-based ExpoExchange, which uses RFID tags. "Like any technology, RFID has potential to be effectively deployed and ineffectively deployed—it really depends on how you do it."

ExpoExchange does it by deploying tags that are readable from a distance of up to nine feet. Each tag contains an "indexed identifier to the registrant's record within [the] comprehensive database, so there is no security risk associated with unauthorized 'reading' of the tags," says Lucke.

So far, Lucke adds, everyone has been happy. "Many of our clients want to be able to learn more about what attendees are actually doing while attending their events. Show organizers have had very little information beyond registration data. Likewise, exhibitors are asking for more specific information about what kinds of registrants are visiting the trade show floor and for how long," he says, adding, "So far, we have seen no negative reactions."

A Simple Strategy
Trevor Hughes, executive director for the York, ME-based International Association of Privacy Professionals, offers planners a three-step privacy protection strategy:

Get help. Audit your own systems to find gaps in security. Consult with a lawyer and a privacy professional.

Act. Establish privacy policies and carefully train your staff in following them.

Stay informed. Keep abreast of privacy-related news and the different approaches in privacy protection.

Discreet Measures
For some groups, privacy concerns surpass the safeguarding of private attendee information. The need for total confidentiality extends into meeting content, and sometimes even to the existence of the meeting itself. Jim Blauvelt, director of catering at New York City's storied Waldorf=Astoria hotel, explains the measures needed to maintain discretion in meetings.

"Issues of privacy and confidentiality extend to all segments of meetings. Confidentiality is especially key when dealing with proprietary information, mergers and acquisitions, and in the diplomatic and political markets. Even in the private social market, people often don't want the outside world to know.

"Attempts to gather unauthorized information are very common, whether it's from the client's competitor or the press. People can be very resourceful in getting information out of a big company. If they know who to pretend to be and how to ask, it can be easy to get through the armor. Often, they'll call under the pretense of confirming the arrival of, for example, 42 boxes of prospectuses from XYZ Company. Confirming that confirms the existence of the meeting. So we have policies and processes that we enact to protect our customers.

"Just the fact that certain companies are meeting on the same day in the same building can fuel rumors of a merger or lead to speculation that can affect financial markets.

"We follow the law to make sure that we comply with regulations concerning record retention, but the real issue is the prying eyes of those who aren't involved in the meeting or event. When a customer books, I know I can't let information regarding this meeting get out--not even that it's taking place."