Have you noticed the increase in news regarding privacy and people’s personal data?  Have you seen the major fines being issued to large firms for privacy law non-compliance?  Did you know that even small business owners (even one-person companies) are also getting into trouble for privacy law non-compliance? 

Next year, six new privacy laws go into effect requiring new disclosures within your Privacy Policy if applicable to your business, and the fines for non-compliance are significant (starting at $2,500 per website visitor whose rights you’ve infringed upon). 

Whether you are an event professional or a web designer implementing The Events Calendar onto client websites, understanding the importance and potential privacy requirements of Privacy Policies (and website policies in general) is becoming a bigger and bigger deal. 

In this article, we will dive deep into what an events-based website needs to provide policy-wise to help comply with laws and limit the website owner’s liability. 

This article is intended to help both event professionals and web designers (agencies) understand their obligations when it comes to providing website policies (and how to keep them up-to-date over time). 

We know website policies can feel a bit dull and boring, but we promise to try and keep it as entertaining, educational, and actionable as possible so you can get right back to running your business!

Does your website collect regulated data like names, email addresses, and more?

Most modern websites collect website visitor data, whether that simply be through a contact form to receive inquiries, through a third-party captcha tool to block spammers, or with an analytics tool to understand how users interact with your website. Events booking systems on websites also collect data such as names and emails. 

Common features for event websites that collect regulated data:

• Event registration forms;
• Accepting payments when selling tickets;
• Community submissions; and
• Email/newsletter subscription forms for upcoming events and promotions.

It is important to understand that people’s names, email addresses, IP addresses, and more are regulated pieces of data under multiple privacy laws.  Privacy laws regulate people’s personal data and require certain website owners to make very specific disclosures within their Privacy Policy.  

It is also very important to understand that privacy laws protect people and do not care where your business is located. In other words, privacy laws outside of where you are located could easily apply to you if you are collecting people’s data from other areas around the world, and failure to provide the disclosures required under those laws may result in a non-compliance penalty (fine or lawsuit). 

Is collecting regulated data bad?

There is nothing wrong or bad about collecting regulated data!  In reality, most businesses need to collect even the most basic information just so that they can properly run their business.

With all that said, if you are collecting that regulated data, that is the moment privacy laws can start applying to you, meaning you may be required to make very specific disclosures within your Privacy Policy.

Having a proper Privacy Policy in place not only helps you comply with laws but also helps you demonstrate to your users your respect for their privacy rights!

Do you share that data with third parties?

Sharing data is far more common than most website owners realize. For example, if someone were to submit an inquiry on your “Contact us” page, do you receive an email with that person’s contact details?  If so, that is an excellent example of sharing data with your email service provider (like Gmail, Outlook, etc.).  Do you offer a newsletter subscription for upcoming events? Chances are you’ll be sharing emails with third-party email marketing tools.  

Sharing data is quite common, and ensuring that you properly disclose this is a legal requirement under multiple privacy laws.  Below are some common examples of event websites sharing data with third parties. 

Common examples where event websites are sharing data with third parties:

• Sending a newsletter and upcoming event notifications (via Promoter product);
• Sharing user registration data with third-party event hosts and organizers (often found with Community Submissions); and
• Processing payments with a 3rd party gateway (Stripe, PayPal, Eventbrite, etc.).

Do you build websites for clients? 

Has a client ever asked you what they should do for their Privacy Policy?  Is it always a bit awkward, as you are not their attorney and aren’t sure what to even say to them?

Join our upcoming webinar, where we will provide educational material that you can share with your clients, helping educate them on the importance of website policies while protecting your own agency, who’s helping implement the features that help collect personal information. 

Learn best practices on what to disclose within your Privacy Policy in our webinar!

Rather than hiding from privacy law requirements, we recommend embracing them!  Learn how to limit your liability, comply with laws, and demonstrate your respect for your website visitor’s privacy rights!

In this webinar, you will learn the following:

1. When and why privacy laws may apply to an events-based website owner;
2. What disclosures one needs to make within their Privacy Policy;
3. Overview of other important policies, such as a Cookie Policy, Terms, and Disclaimer;
4. How to obtain comprehensive policies for your website;
5. How to establish a strategy for keeping your policies up to date with newly required disclosures; and
6. How web agencies can help educate and protect their clients with website policies as well.

Not legal advice disclosure

This article and webinar are not legal advice and are intended for educational purposes only.