First, I would verify that all exhibitors give full permission for that info to be displayed publicly and get written consent, keeping this record for future use if needed.

You could make image files of this info so it can't easily be scraped by spammers.

Another idea is to just present a [contact] link beneath each exhibitor and put the data behind a No CAPTCHA [webdesign.tutsplus.com]

If you have EU visitors to this site, you may want to read what the GDPR [eugdpr.org] says about PII (personally identifiable information.)

Would only be a privacy issue if some / any of the exhibitors are private individuals, if they are businesses, or trading as business ( which is likely as they are "exhibitors" ) their right to their "business contact details" being kept "private" was forfeited when they gave them to the exhibition organisers..This would apply even to those who use their homes for their businesses. However,if they have business phone numbers and separate private personal phone numbers ( which one would expect any competent trader or business to have ) then their personal phone numbers if they were given to the exhibition organisers and were marked as "private" or "personal" should not figure on the site..

A long time ago, I organised major exhibitions ( business and other types ) in the UK, all exhibitors where required to provide a business address and a business phone number, which they were told would be published in the exhibition guides. I also required "proof of business registration" and that they provide in advance proof of "liability insurance" in case of any injury to any one other than their own staff due to their actions or on their exhibition stands.I also had to provide similar ( and some others assurances ) "proofs" for myself to the owners of any venues which were not in house or owned by the companies and organisations that were paying me to organise such exhibitions.

Common sense (an admittedly rare commodity ) tells one that one cannot expect to be an exhibitor, and not to have ones business details ( address and phone number, business emails etc ) available to the visitors to the exhibition..How public that availability is depends on the venue is it open to the public, or trade only or admittance only by invitation.

As a "proof reader" non of this is your responsibility, ( a "proof reader" , checks for spelling errors and grammatical errors ) it is that of the exhibition organisers, and their legal team, if they have one.

Legal advice on a forum is worth what you paid for it..

All of the above ( apart from it not being your responsibility as a "proof reader" ) will vary depending upon what the legislation says in your country, and the country in which the exhibition is being organised, neither of which you indicated.

PII only applies to private individuals..not to businesses..

The simplest way to "protect" the details is to place the page inside a directory / folder on the site, and password protect it. ( require password for access to the page )..The exhibitors already have all the emails of all the exhibitors, thus it is simple to BCC ( blind carbon copy and email to all the exhibitors giving them the password and explaining to them how to use it, one email, BCC, many recipients ) ..Setting a password to protect a folder is extremely simple to do, on cpanel and similar type website administration panels.

btw..BCC is not suggested in this case for reasons of confidentiality ( they, "the exhibitors" will all receive the same email, and the same password, and ( if they sue it ) they all will know about each other..But using BCC as opposed to CC is basic security practice, so one should get used to it.

On a further practical note, if some of them are already receiving "phone calls", then it is probably a case of "shutting the door after the horse has bolted and galloped across the adjoining fields and past the next town", ..that is to say, waaaay too late, the info is out there, and is probably already being sold and traded on.

In the above" sue" should read use "..and in the post which was 2 posts prior to that "where" should read "were"..other typos may be available..

I would never publish phone numbers and email addresses on a website, as you are bound to get harvested. On Wordpress I use a feedback form (Contact7 plugin) where you can display a name but hide the the email address. You can create a large list of people but not disclose the email address. All this behind a recaptcha for even more protection.

People can fill out the form with recaptcha, and this feedback is automatically emailed to the recipient, all without displaying the email address. It works out very well.

I made the mistake of publishing my email address on a site many years ago, I had to abandon that email address completely such was the mountain of spam it turned into.

I'd ask the question why that information needs to be there at all. Why not just a company name and link to their website?

I made the mistake of publishing my email address on a site many years ago, I had to abandon that email address completely such was the mountain of spam it turned into.

The pain goes on for a long, long time.

Thank you everyone for all the information and suggestions! It will be extremely helpful to the association!

Bear in mind "recaptcha" ( and it's derivatives ) are actually served via calls from the page to google services, thus if you use it, you are allowing Google to track your visitors, only those who agree to allow google services will be able to use it, Google services drop a cookie, which means that GDPR applies, and if the visitor is in the EU you cannot insist that they allow Google cookies ( or services that depend on them ) for the visitor to use any part of the website ( wherever the site may be located )..password protecting a folder with the page inside does not involve Google..it only requires a cookie from your site, which is allowed and does not need explicit acceptance because it is an essential cookie to the working of your site..3rd party cookies are not essential, however much some may think that ganalytics cookies are essential, and that they must be covered by the "essential to the site working"...they are not.

ganalytics cookies are not allowed as "essential" because
A) they are not essential, other self hosted analytics exist ( and you have logs anyway ).
B) Google use ganalytics for automated profiling of visitors..which is a definite "no-no" under GDPR.

Companies interface with the public. Else they aren't companies worth a salt.

Things like location, address (same thing), phone number (think yellow pages or directory assistance, unless PRIVATE ... which defeats the purpose of having a phone), email etc. are merely a cost of doing business.

That said, the out facing email address should be one easily controlled with separate addresses for actual business purposes.

If folks can't contact you because you're afraid of spam/scam then you don't need to be in business.... or on the web.

My 2¢

Your clients need to understand this and move along.