Protecting Your Data
We’re extremely security-conscious at Aintree Group. Not only do we take every precaution ourselves, we also educate and support you to be able to do the same in your own life!
We need to store personal information in order to complete our day-to-day work. And we take our responsibility to protect that information on behalf of our clients and their families very seriously.
Here are some of the many steps that we take to protect your data…
We are Certified as a “Cloud Best Practice” Firm
This certification includes (but isn’t limited to) the usage of Practice Protect‘s Cloud Access Technology System, which can:
- Restrict remote access to specific locations and block overseas access to our systems; and
- Track and monitor attempted access to our systems and identify suspicious activity; and
- Log usage in an audit trail and retrospectively determine the suspected source of a breach; and
- Terminate user access to all sensitive cloud applications by disabling a single user account; and
- Remotely wipe mobile devices in the event they are breached or lost; and
- Share access to applications using a single user ID so team members don’t need access to cloud app passwords; and
- Require only one single password to all sensitive applications for team members to remember, decreasing the risk associated with ‘password sprawl’; and
- Apply two factor authentication to access all sensitive applications.
We also have access to Policies through our relationship with Practice Protect, that:
- Educates and sets expectations on team members in relation to best-practice; and
- Governs interactions with third parties such as IT contractors or outsourcing providers and what occurs should there be a breach of our data security policies; and
- Makes clear how we manage client information; and
- Lays out the steps for responding and communicating in the event of a data breach.
We use two-factor authentication – even on top of Practice Protect
Two-Factor (or “two-step”) Authentication is becoming an increasingly common security measure. Lots of popular programs and websites have made it mandatory.
We’ve been taking advantage of this technology for a long time. All our team members use two-factor authentication to access programs that store client data, even when that program is accessed through Practice Protect!
We do not send or receive Tax File Numbers via email
It is our business-wide policy that any documents travelling via email do NOT contain Tax File Number information. So it is always blocked out of documents before being sent electronically. This includes when our printer emails scanned documents to our internal computers.
We also go to lengths to ensure we do not receive TFN details electronically from others. That way they aren’t floating around in our email system in any way, shape or form (which is a common place for security breaches to occur).
We encourage all clients to give us their TFN information over a telephone call or in person at their next meeting. That extra step only takes a couple of minutes, and is 100% worth it in our eyes to ensure your data is safe.
Adherence to the EU General Data Protection Regulation
The EU General Data Protection Regulation (GDPR) impacts all businesses that store personal information about EU citizens, NOT just businesses that exist within Europe. This includes dual-citizens.
We have been diligent in ensuring we receive the appropriate consent from EU citizens in our database.
If you hold a European citizenship or dual citizenship and have not submitted a data consent form to Aintree Group, please contact our office as soon as possible.
For more information about EU GDPR, click here.
An extra note on data safety…
Regardless of whether you’re engaging an accountant or bookkeeper or a hair stylist – if a business needs to store your personal information make sure they are protecting your data!