At eshots, we’re obsessed with protecting our clients’ data.

Yeah, we know, it isn’t the most fun aspect of experiential marketing, but it is absolutely essential that brands and agencies comply with consumer data protection laws (it’s also a greater good thing, to treat personal data with utmost respect and security).

While events were on pause in the earlier part of the decade, eshots seized that rare downtime to expand our platform’s compliance with State and Federal regulations.

We earned quite a few stamps of approval, including SOC2 Type II accreditation, and while the audits were grueling work for our development team, we are proud to have passed all of our exams.

And that gets us to the point of this blog post: we learned quite a bit, and we wanted to share the 3 most commonly overlooked practices when it comes to experiential information security:

1) Personally Identifiable Information (PII): Are you actively protecting it? Or are your co-workers still cavalierly sending Excel files of consumer data around in emails? If you aren’t sure how PII is being safeguarded, or if you don’t even know if you are, that puts your brand at huge risk. As soon as you finish reading this post, find out if/how your systems are protecting PII. And if they aren’t protected, well, you have a new priority task!

2) State Privacy Acts: Have you defined a process that’s compliant with state laws? Or are you not yet passing along those privacy requests from consumers to your partners activating your events? Increasingly, states have been adopting their own Acts for protecting consumer data. While they all tend to be similar, each one has its own nuances, so a brand needs to comply with specific requirements for each state in which it holds events.

3) Vendors: Do your partners meet your organization’s data security standards? Or are you just hoping that they don’t have your customer PII data sitting on a random USB drive at their desk? This is often the most overlooked. Many large brands and agencies typically have excellent IT policies and data security (because they have lawyers), but sometimes a team will bring on a third-party technology, and that company’s security is still using ‘password’ as its password. Vetting technology partners is critical to avoid them being the root cause of an enterprise data breach.

Even though experiential is arguably the most fun way for brands to engage with consumers, it still needs to maintain rigorous information security practices, and at eshots, we are enjoying the challenge of blending the industry’s best security with truly engaging first person experiences.

‍