When people and data are threatened, when attendees are not safe at conferences or in public places, when terrorists attack crowds with assault weapons, who is to blame?

April Starkloff, DMCP, event producer with PRA Chicago, points to recent court filings and litigation for perspective.

“The world in which we live has changed,” she says. “As planners, it’s not only our responsibility to plan amazing events but to make sure the people attending them are safe. Across the United States, many criminal tragedies have taken place in very public spaces. In the aftermath, lawsuits have been filed against those who planned the events. The litigation has been filed referencing the planners’ ‘Duty of Care’ or the ‘Reasonable Foreseeable Risk.’ Because of this, it has become more and more important to have documented and well-thought-out emergency plans.”

Whether planners are truly responsible or could reasonably see ahead to the horrific acts of deranged individuals, or even to the ever-evolving ingenuity of cyber criminals, could be debated. But what is absolutely certain is that every planner should have a comprehensive safety and security plan in place for every event, as well as thorough knowledge of the safety and security protocols and procedures at host venues.

Questions Are the Answer

“The most common safety and security issues we face are weather, civil unrest (i.e., protests), cyber security and traffic/transportation,” Starkloff says. “Creating an effective emergency plan based on the elements of your program is key. What are the foreseeable and possibly unforeseeable situations that you can plan for? You have to analyze the program and determine the risks and the best way to mitigate those risks.”

“As planners, it’s not only our responsibility to plan amazing events but to make sure the people attending them are safe.” — April Starkloff, DMCP

One way to do that is to ask a lot of questions early in the planning phase.

Among the questions Starkloff asks are: What has happened in the past? Are the attendees, speakers, subject matters or locations of the conference controversial? Are the attendees older or more likely to have medical issues? What weather-related risks are at the location? Again, what are the reasonable foreseeable risks, and what is the optimal mitigation plan?

Kristi Casey Sanders, CMP, CMM, DES, HMCC, director of community for MPI, agrees that planners must ask and answer critical questions in order to create truly effective plans.

“The best way to secure your meeting is to conduct a threat assessment and rank in priority what is most likely and what would have the biggest to least impact. Then, identify what risks you can mitigate with insurance or delegating liability and which ones you can minimize through best practices in risk management,” she says.

Once you’ve identified those, she says, “You can create a crisis-management plan for that event that will instruct your team on how to manage small and large threats that you are likely to face with that program. If you’re not familiar with best practices, MPI just published The Essential Guide to Safety and Security, which has nearly 400 best practices for various situations that you can look up and include in your plans.”

Sanders says weather is the most likely common hazard planners need to consider. “That’s far more likely than a terrorist attack or first-person shooter to disrupt your event. Yet planners need to create plans based on all kinds of possible scenarios and that includes assessing the venues to be used.”

To that end, Sanders has a comprehensive list of questions planners should ask personnel at hotels and event venues.

• What security protocols and procedures do you already have in place? What can you share with me? What can I share with my attendees?
• Can I speak to your head of security about this event?
• Do we need to bring any concerns to local law enforcement? (if protests, traffic issues or altercations are possible)
• If something happens, where are the nearest exits from this space?
• In case of fire, what do the building sirens sound like? Are there other warning signals for other incidents? What do they mean? What does the all-clear signal sound like?
• How far away is the nearest hospital? Do you have EMTs onsite? How would we get someone to emergency treatment if needed?
• Where are the defibrillators? Do you have epi-pens? How do I locate people who can use them?
• Do you have any materials I can share with my attendees?
• Can we create a cheat-sheet like an airline safety card to display during our walk-in slides, place on tables during general sessions or include in my attendees’ welcome bags?
• If meeting outdoors, what are plans B or C?
• If something happens and people can’t get out of the city, where would they be sheltered?
• Will you be able to give me a real-time rooming list so I know where all my people are on your property?

Starkloff advises planners to always request a walk-through of a venue ahead of an event to ascertain the answers to critical questions.

When it comes to weather, planners can keep watch, but it’s not always possible to know in advance how to react.

“Sometimes you just don’t know what will happen,” Starkloff says. “Yet it is the planner’s responsibility to understand what weather-related issues could come up and to formulate a plan. It’s important to make these calls ahead of time. Determine what circumstances would cause a venue change, cancellation or an evacuation and who will have the final authority to make the call. If these circumstances are agreed upon in advance, there will be no question on how to react.“

Sanders notes that planners can get alerts from the National Weather Service if necessary, and if problems seem eminent, there are other options and steps, as well.

“Some planners I’ve talked with have actually had events where they positioned contacts at 150 miles, 100 miles, 50 miles and 20 miles from the event center, who would then relay real-time weather data so they would know when or if to evacuate. You have to pay attention to the reports, be transparent with attendees and overcommunicate if you have to,” she adds. “You can also communicate with the local airport authority. If they’re thinking about canceling flights, you don’t want your attendees to get stranded.”

And, if anyone related to the city says it’s time to evacuate, she cautions, “don’t delay that decision.”

Meetings set on foreign soil have added safety and security concerns, not the least of which could be language issues in the middle of an emergency. Or a country might suddenly experience civil unrest although it wasn’t indicated at the start of the planning process for a conference.

Additionally, planners have to think about common types of crimes that occur in some countries, or the presence of certain illnesses, which could be different than those that typically occur in the United States.

“Is civil unrest an issue or are there certain health concerns or prevalent criminal activities, such as carjackings, kidnappings or pickpockets? If so, communicate to attendees how to protect themselves and which facilities and organizations should be trusted,” Starkloff says.

Sanders says attendees should also know how to register with their local embassy so they receive travel alerts and make it on lists for evacuation, should the need arise to leave the country.

“Depending on the location and the status of the attendees, you might need to have someone meet your delegates and help them get through customs. You also might need to provide ground transportation if taxis are unsafe,” she says.

Cyber and Tech Dangers

“One of the biggest changes is that cyber and other security issues are on people’s minds,” Sanders says. “Before, people would just leave name tags hanging out or post a list on the website of everyone who was coming. You’ll still see that happen, but it’s no longer prevalent because people are aware now of how those actions create vulnerabilities.”

Protecting attendee data has become a major concern, thanks in part to the new General Data Protection Regulation (GDPR) in Europe, which is intended to protect delegates from data breaches or any unauthorized use of their personal information.

And it’s not just relevant in Europe. “The first thing is to realize that GDPR is relevant globally,” says Mariela McIlwraith, CMP, CMM, director, industry advancement, with the Events Industry Council. “If your events hold personal information about EU citizens, then GDPR applies to your organization. In addition, more jurisdictions are developing regulations on this topic; as an example, the California Consumer Privacy Act.”

Handling data in general has become far more of an issue than it once was. As Sanders says, “You can’t email out lists of attendees anymore because if an EU citizen tells you to delete all their information, how are you going to track down and ensure compliance from everyone who had access to that email or file?”

Beyond that, she says, “You need to have a privacy policy on your event website and know how personal data is being handled, who has access to it and how it is used. Your IT or event-marketing partners need to be able to explain to you what steps they’re taking to be compliant. The good news is that if someone requests to have their data deleted, there are ways to scrub all the personally identifiable information from a record and encrypt it so that the identity is anonymous. However, the data you need to look at for your event historicals doesn’t disappear completely. Shifting the liability to your tech partners and letting them advise you is easier than trying to keep up with all of that yourself.”

There are other cyber challenges, as well. “Phishing scams are probably the biggest issue,” Sanders says. “Make sure your attendees know how to tell the difference between messages sent from you and imposter accounts. Train your staff to detect phishing so they don’t click on corrupt links or files that could hijack their computers or compromise your networks.”

Room-block poaching is one example of phishing. “Event professionals continue to be affected by room-block poaching, and it’s now affecting other areas of our industry, as well,” McIlwraith says. “This is related to cybersecurity in that poachers are using phishing practices to lure event participants and exhibitors into making bookings with fictitious room blocks.”

Using USB drives is also tricky. “Collecting presentations on USB drives the day of the event can put your systems and those of your presenters at risk,” McIlwraith says.

Sanders agrees. “USB drives are another way that malware can infect your systems, so don’t allow presenters to bring presentations on USB drives. Enforce the use of a presentation management system and make sure your AV team is wiping its computers every night,” she says.

Communication is Key

If there’s one element related to safety and security that everyone agrees is critical, it’s communication.

Starkloff notes that planners and key stakeholders should create a telephone tree in advance with clear instructions on who will call whom. Attendees should receive safety and security information in their registration information and they, too, should know where information will be coming from in the event of an emergency. An app would be one way to deliver emergency information, for example, and if that’s the case, attendees should know that downloading and using the app is important.

Signage at events can provide onsite safety and security information, and emails can be sent out at an event to follow up on what attendees have previously received when registering.

Sanders’ list of communication protocols includes early planning, practice plans and emcee announcements.

First, she says, collect emergency contact information and cell numbers at registration and let attendees know that you will only use the information in case of an emergency. Also, get attendees’ food allergy and physical-challenge information at registration and explain that you need this to ensure their safety and comfort.

Next on her list, “Send out crisis plans and communications in the know-before-you-go. Have an emergency checklist/info on walk-in slides in rotation, on table cards and/or in the welcome bags. Do an orientation with attendees so they’re prepared for what to do if something goes wrong. At one event, the emcee had people who knew CPR and how to operate defibrillators identify themselves and agree to help if something happened.”

Sanders adds that it’s critical to discuss emergency procedures with your staff, volunteers and vendors, and she suggests run-throughs with the pertinent teams. “Practice your crisis plans with your internal and external team, and see if there are any vulnerabilities or holes before anyone gets onsite.”

One area of technology that greatly benefits crisis communication is the use of chatbots. Elizabeth Glau, CMP, with Sciensio, notes that to use them effectively, steps must be taken first.

“Chatbots, or in our case, EventBots, are used in crisis communications. Once the team has determined there’s a message that needs to go out to all attendees, using SMS (text messaging) is the only way it will reach all attendees. No one is checking email, and not everyone downloads the app or turns on notifications in the app,” she says.

“This is why it’s crucial that organizers collect (require) mobile numbers from attendees when they register and let them know that is how they are going to communicate with them (via SMS). It’s also important to note,” Glau adds, “that you want all of your stakeholders in that communication system — staff, volunteers, vendors, etc., so they receive these important messages. Our platform allows you to text targeted messages as well if you’re faced with a scenario where you only want to communicate with a segment of your stakeholders or attendees.”

Best Practices

“Safety and security need to be top of mind and incorporated in all aspects of event management by all event stakeholders,” McIlwraith says.

In many ways, all of this seems obvious, yet it takes clear thought and attention to detail.

“You should plan your emergency policies and procedures with the same attention to detail as you do your events,” Starkloff says. “What is your duty of care and what are the reasonable foreseeable risks? If you base your emergency plan with this in mind, you have done your due diligence.”

Yet, it’s not as simple as make a plan and you’re done. “Communicate and practice it with your team and your attendees. And update it for every event,” Sanders says.

The good news is that safety and security should be a group effort.

“Planners don’t have to do it alone,” Sanders points out. “In fact, their work will be a lot easier if they leverage internal resources, such as people from procurement, IT, legal and events, and external partnerships with the venues and service providers, to review potential threats and work together to create, review and test the event’s risk management and crisis plans.” C&IT