Who has your personal data, and are they keeping it safe?


Regardless of whether you're engaging an accountant or bookkeeper or a hair stylist - if a business needs to store your personal data, make sure they are doing everything they can to protect your information!

For this purpose, "personal data" includes, but is not limited to:

  • Personal email address, phone numbers and birth dates.
  • Postal, residential and work addresses.
  • Tax File Numbers.
  • Personal and business bank details.

In 2016, nearly 6,000 businesses reported being targeted by scams in 2016 according to the Australian Competition and Consumer Commission’s Targeting Scams report. 

Small businesses are most vulnerable to scammers and accounted for nearly 60% of reported losses.

If your personal data was being stored by one of those 6,000 businesses that were breached, your details could potentially end up in the hands of some very shady characters.

So, who has your data?

The fewer databases your information appears in, the smaller the chance it will be breached.

Take a moment to consider how many businesses have your personal information, if they are protecting it, and if they actually need to store that information at all. 

For example, there may be a restaurant across town you ordered a delivery from a year ago and haven't used since  - but their system still has your phone number, credit card information and home address on file. It may be worth a phone call to ask if they can remove you from their database. 

Will they keep it safe?

Unlike the restaurant you'll never visit again, some businesses genuinely need your personal data to be able to provide their service to you (like an accounting firm). 

In this case, talk to them about their data protection policies before handing over that information in blind trust - especially if it's highly sensitive like your Tax File Number.

If the level of security doesn't match the level of protection that kind information deserves, that's a good reason to pause and talk to them about your concerns, and potentially look for someone who will protect you appropriately. 

How are you protecting your own data?

Things to consider about your own cyber security habits:

  • How good are you at picking up scam emails - even if it says it comes from a known contact?
  • Do you have anti-virus software on your personal computer?
  • Do you send sensitive information like your TFN or banking passwords via text or email?
  • Do you use the same password for everything? Is that password easy to guess?

So many websites require logins now, and it's (regrettably) a quick and easy thing to use the same password across the board. While it makes it easier to remember, it means if one site gets breached, then all your log in details with the same password are at risk. 

That's why it's so important to make sure that extra-sensitive websites for banking and tax have a completely separate (and difficult) password that is ONLY used for that site alone. That way a breach of another less secure website will not put your higher-level personal information in jeopardy. 

You can check if your email address has been compromised through third party breaches here. Adhering to the terminology from the site, if your email is listed as "pwned", then it's certainly worth changing your passwords. 

We have a dedicated blog post on recognising scams and protecting yourself, we recommend you take a look here

As a security-conscious business, we're always happy to chat more with clients and other businesses about the wild world of cyber security.  


Click here to read about data security at Aintree Group.