Data Security


We're extremely security-conscious at Aintree Group.

We need to store personal information in order to complete our day-to-day work. And we take our responsibility to protect that information on behalf of our clients, suppliers and their families very seriously.

Here are some steps that we take (among many others within our everyday processes and procedures) to protect your data...


We are Certified as a "Cloud Best Practice" Firm


This certification includes (but isn't limited to) the usage of Practice Protect's Cloud Access Technology System, which can:

  • Restrict remote access to specific locations and block overseas access to our systems;
  • Track and monitor attempted access to our systems and identify suspicious activity;
  • Log usage in an audit trail and retrospectively determine the suspected source of a breach;
  • Terminate user access to all sensitive cloud applications by disabling a single user account;
  • Remotely wipe mobile devices in the event they are breached or lost;
  • Share access to applications using a single user ID so team members don't need access to cloud app passwords;
  • Require only one single password to all sensitive applications for team members to remember, decreasing the risk associated with ‘password sprawl’;
  • Apply two factor authentication to access all sensitive applications;

We also have access to Policies through our relationship with Practice Protect, that:

  • Educates and sets expectations on team members in relation to best-practice;
  • Governs interactions with third parties such as IT contractors or outsourcing providers and what occurs should there be a breach of our data security policies;
  • Makes clear how we manage client information;
  • Lays out the steps for responding and communicating in the event of a data breach.


We use two-factor authentication - even on top of Practice Protect


Two-Factor (or "two-step") Authentication is becoming an increasingly common security measure, and lots of programs and websites have made it mandatory. 

We've been taking advantage of this technology for a long time. All our team members use two-factor authentication to access programs that store client data, even when that program is accessed through Practice Protect! 


We do not send or receive TFNs via email 


It is our business-wide policy that any documents travelling via email do NOT contain Tax File Number information. It is always blocked out before being sent. This even includes when our printer emails scanned documents to our internal computers. 

We also go to lengths to ensure we do not receive TFN details electronically from others - that way they aren't floating around in our email system in any way, shape or form (which is a common place for security breaches to occur). 

We encourage all clients and people in our network to give us that information over a telephone call or in person at their next meeting. That extra step only takes a couple of minutes and is 100% worth it in our eyes to ensure your data is safe. 


Adherence to the EU General Data Protection Regulation


The EU General Data Protection Regulation (GDPR) impacts any and all businesses that store personal information regarding EU citizens, NOT just to businesses that exist within Europe. This includes dual-citizens. 

We have been diligent in ensuring we receive the appropriate consent from EU citizens in our database. 

If you hold a European citizenship or dual citizenship and have not submitted a data consent form to Aintree Group, please download and fill in this data consent form and return it to our office as soon as possible. 

For more information about EU GDPR, see our dedicated webpage



Regardless of whether you're engaging an accountant or bookkeeper or a hair stylist - if a business needs to store your personal information (email address and phone number included), make sure they are doing everything they can to protect your information!