If you plan events as a third party planner or as an employee or volunteer within an association or organization, this will help you to assess what collecting personal information requires.
Although privacy concerns have always been an issue with collecting information about attendees, it has taken Covid to get people to pay attention. As we slowly move past the chaos of Covid a lot of questions are coming up about personal information.
- Are we allowed to require people to be vaccinated?
- Do we have a right to ask for proof of vaccination?
- Whose responsibility is it to manage the contact tracing?
“But you’re an event planner, what do you know about privacy?” I hear you. How can I call myself a privacy expert? I have actually worked in privacy legislation for the Canadian federal government for over 20 years. I am getting an opportunity to use my privacy expertise to educate the events industry.
In order to make collecting personal information as easy as possible I have created a downloadable cheat sheet that you can use to guide yourself and your organization through meeting the requirements of the law.
What safeguards do you have in place to protect personal information?
Back in December of 2019 I wrote another post about privacy and how selling personal information of your attendees goes against privacy laws. I am going to draw from that post and give you a bit of information about the 10 privacy principles. If you follow these principles and use them to guide you through the collection of attendees’ Covid vaccination and other personal information you should not run into any trouble in collecting the information.
10 Privacy Principles
Canada’s newest legislation provides us with the following 10 principles that we must follow when dealing with personal information. These principles can be used as a guide pretty much anywhere in the world.
- Accountability – someone within your organization must be responsible for the management of personal information
- Identifying Purposes – when gathering personal information you must tell the individuals why you are collecting their personal information
- Consent – you must have the individual’s consent to gather their personal information
- Limiting Collection – you can only collect the personal information that is required to do what you need to do with it (I will address this some more below)
- Limiting Use, Disclosure, and Retention – once you have collected the information you can only use it for exactly what you said you would use it for, you can only disclose it to who you said you would disclose it to and you must destroy it when and how you said you would when you collected the information (yes, this means you must be telling them all of this when you collect their information)
- Accuracy – it is your responsibility to make sure that the information you have about them is accurate
- Safeguards – you must provide the appropriate safeguards to protect their personal information
- Openness – you must be open and transparent about how you collect personal information, for what purpose and how you safeguard and dispose of their personal information
- Individual Access – should anyone want access to the personal information you hold about them you must provide it to them
- Challenging Compliance – if any individual is not happy with how you collected their information, shared it or that you denied them access to their personal information, they can submit a complaint with the Privacy Commissioner‘s office (in Canada)
I know this is a lot to take in. Especially considering you are already managing a million other details. So, to help you out I have created a little data collection cheat sheet that you can download and use as a tool when planning your next event.
If you need more help then this when it comes to data collection, please don’t hesitate to reach out. I would be happy to provide consulting services to help ensure you are doing what is expected of you when it comes to personal information – especially medical information, like Covid vaccination records.