Creating a Trusted Event Platform with Transparency

Inspired by an insightful post on the three questions to ask your event service provider about data privacy, I initiated a conversation with my team about moving beyond merely “meeting the requirements” imposed by new regulatory standards. We discussed how Stova can truly differentiate ourselves around data privacy and create a trusted event platform.

A Two-pronged Approach to Privacy

We built technical privacy into our platform with a bifurcated, or two-pronged, approach. First we ensured we addressed security on the “back end.” This is the application delivery platform that powers Stova services. We then addressed the processes for handling the data itself, especially privacy related and payment information.

Security and robustness of the back end is ensured by independent penetration testing as well as compliance with industry standard assessments.   Both of these are widely respected standards adhered to by world class service providers.  Stova has completed a SOC2 assessment and an ISO 27001 gap analysis process.

These steps will ensure our service delivery platform is as secure and robust as we can make it.  The next step is turning our attention to how we handle sensitive and confidential info, especially Personally Identifiable Information (PII).  Many current practices in event planning and hospitality fail to meet today’s privacy and compliance standards. The industry must adapt its security protocols to stay compliant with GDPR, CCPA, and future standards, to create a standard of trusted event platform.

At Stova, we’ve undertaken an end-to-end review of how we collect, store, manage and ultimately dispose of PII.  First, all privacy related information is stored in an encrypted database and each card number is encrypted with a separate key, which makes a compromise of many card numbers highly unlikely.  Next, when hotel and accommodation partners generate a report, they acknowledge their receipt of this PII and verify their own proper safeguard procedures. Lastly, Stova’s email system flags any incoming PII that arrives in a message, so we can promptly delete it and inform the sender, insisting that they take corrective action.

Looking Further Down the Privacy and Compliance Road Map

At Stova, we continually think through our approach to complying with this growing array of standards for privacy and security. 

This presents several challenges in the event management world.  At Stova we store, process and manage privacy related information for a wide range of customers and partners. As each event is unique, so too are their privacy requirements and authentication methods across multiple events. Given these challenges, truly responsible management of privacy related customer data entails a lot more than a “click-to-acknowledge” dialog box. 

A Trusted Event Platform

Every aspect of Stova’s operations—from back-end development to external communications—is being assessed to ensure we are compliant with all evolving regulatory requirements. Your data is yours— and we understand you have entrusted Stova to manage it in a responsible and compliant way.  Stova will always take that responsibility seriously. Schedule a demo now to discover what this means for you.