Forum: Event Management System

Rumors of Inadequate Security

P
Paul Zupan
Nationality: United States of America
Certifications:
  • International Judge
  • National Judge
  • Regional Umpire
I've heard some organizers and officials say they won't use the event management system on RacingRulesOfSailing.org because they are concerned it doesn't meet the EU or US security requirements. As I've said before (and documented here), we came into compliance before the GDPR came into effect, and were in compliance with COPPA from the beginning.  The only requirement is that your registration process includes an agreement by the competitor that the information they provide may be used for the event.  And if it is a youth event, that a parent or guardian agree.  You have to do this as part of registration for any systems you may be using, whether or not it is RRoS.

And some have been concerned because we only required you to agree to our use of cookies once.  Well, to make everyone happy, the site will now ask you to agree to the use of cookies for every different browser you use and will ask the question on a (somewhat) regular basis.  It is not necessary, but seems to indicate to some people compliance with the GDPR.

If you don't want to use RRoS, I certainly am not going to try to convince you otherwise.  But please don't claim that the site is insecure to support your decision.  And if you see something that you think is a problem for data security (whether or not required by the EU or the US), I do want to hear about it as I have made every effort to keep competitor information secure.  
Created: 19-Oct-31 05:04

Comments

Dusan Vanicky
Nationality: Slovakia
Certifications:
  • International Judge
  • National Umpire
  • National Race Officer
1
thumbs-up.png 132 KB
Created: 19-Oct-31 20:52
P
Michael Butterfield
Nationality: United Kingdom of Great Britain and Northern Ireland
Certifications:
  • International Judge
  • International Umpire
  • International Race Officer
0
I am not even sure you have to do much if anything at all. Under GDPR in Europe you can rely on a number of routes to use data. Only If one of the basic reasons is missing do you need to get consent.
Using data to manage the event, organise protests etc is part of the basic contract with the competitor so the data can be used. The only requirement is the data should only be retained for a reasonable time.
Consent is only principally required if Photographs are retained and they are nothing to do with this system.
I am looking forward to finding how to use the system further.
Created: 19-Nov-01 14:42
[You must be signed in to add a comment]
Cookies help us deliver our services. By using our services, you agree to our use of cookies. Learn more