Skip to content

What Should I Do to Protect Customers’ Personal Information?

Your business may hold customers’ personal information. This information could include details about customers’:

  • health;
  • racial or ethnic origin;
  • political opinions;
  • religious beliefs;
  • sexual orientation; and
  • criminal record.

Therefore, you need to have adequate security measures in place to ensure this personal information is protected. At a minimum, you should have industry standard security measures. This article focuses on three approaches you can take to ensure you have an adequate level of security to protect your customers’ personal information.

1. Choose a Reliable Hosting Provider

When storing customer information in the cloud, it is crucial you choose a reliable hosting provider. Specifically, you should look for a provider that takes security seriously and is willing to work with you to protect your customers’ personal information. You should also ensure that the provider proactively responds to data breaches.

When considering a hosting provider, there are a number of matters to consider.

Does the Hosting Provider Monitor the Network?

If your hosting provider regularly monitors its network, the chances of your customer information being protected are much higher. This is because the provider does not have to wait until a customer complains that the servers are down before taking action.

Servers can go down as a result of a number of types of attacks, such as:

  • denial of service;
  • phishing; and
  • viruses.

A hosting provider that monitors the network can actively identify these types of activities. It is also likely to be fighting the intrusion before it affects customer data.

Does the Hosting Provider have Denial of Service Prevention?

Your hosting provider should also have Denial of Service (DDoS) prevention measures in place. There is no point in your hosting provider monitoring its network if it does not have a way of preventing a data breach from happening.

DDoS attacks occur when a website receives thousands, sometimes millions, of requests to access the website. This can happen legitimately. For example, when thousands of users are trying to access a website at the same time. However, sometimes, a malicious attacker might artificially create requests to access a website, in turn bringing the site down. Therefore, your hosting provider needs to have measures in place to prevent or limit the damage caused by a DDoS attack.

DDoS prevention is important because DDoS can leave:

  • your website or information unavailable; and
  • customer information exposed and easily stolen, while the system is down.

Does the Hosting Provider Have Secure Socket Layers?

If your customers are entering sensitive data, such as credit card and bank details or health information, then your hosting provider should have secure socket layers (SSL). This is crucial to protect their personal information.

You might recognise an SSL certificate by the little lock that appears in your browser’s address bar and the ‘s’ in ‘https’. SSL certificates mean the connection between a customer’s browser and your website is secure. Therefore, a customer’s personal information will be protected when they enter it.

Other Matters to Consider

When you choose a hosting provider, make sure you review the contract and discuss it with them. You should also check that the provider has ‘uptime guarantees’. Server uptime refers to the amount of time in any given period a server stays up and running. A hosting provider may guarantee a certain uptime, such as 99% or 99.9%. However, they may exclude planned maintenances or unexpected occurrences.

Furthermore, you should choose an Australia-based hosting provider. This means your website might work more quickly and customer service may be more responsive.

2. Restrict Access and User Permissions

You should ensure access to customer information is restricted only to the employees that need access to the information.

To enforce this, set up access and user permissions. This means that even if an attacker enters the system, they will not be able to access the files you hold easily. This delay might also give your hosting provider time to recognise suspicious requests for access and kick those unwelcome users out of the system.

Continue reading this article below the form
Loading form

3. Implement a Data Breach Response Plan 

You should have a data breach response plan in place. The plan should set out how to deal with a breach and mitigate the damage. This is important to ensure your business complies with the mandatory data breaches scheme in Australia.

Businesses within the scope of this scheme need to notify customers affected by an eligible data breach. Failure to notify may result in significant administrative penalties.

Key Takeaways

You should take the security of your customers’ information seriously by choosing a reliable hosting provider. It should consist of a responsive and cooperative team, with good security measures. On your end, you should restrict access to customer files in your database, so employees have access only when necessary.

Finally, consider implementing a data breach response plan so you know who to notify in the event of a data breach and what measures you should take to mitigate damage. If you have any questions, contact LegalVision’s IT lawyers on 1300 544 755 or fill out the form on this page.

Register for our free webinars

Demystifying M&A: What Every Business Owner Should Know

Online
Understand the essentials of mergers and acquisitions and protect your business value. Register for our free webinar.
Register Now

Social Media Compliance: Safeguard Your Brand and Avoid Common Pitfalls

Online
Avoid legal pitfalls in social media marketing and safeguard your brand. Register for our free webinar.
Register Now

Building a Strong Startup: Ask a Lawyer and Founder Your Tough Questions

Stone & Chalk Tech Central, Level 1 - 477 Pitt St Haymarket 2000
Join LegalVision and Bluebird at the Spark Festival to ask a lawyer and founder your startup questions. Register now.
Register Now

Construction Industry Update: What To Expect in 2026

Online
Stay ahead of major construction regulatory changes. Register for our free webinar.
Register Now
See more webinars >
Chloe Sevil

Chloe Sevil

Read all articles by Chloe

About LegalVision

LegalVision is an innovative commercial law firm that provides businesses with affordable, unlimited and ongoing legal assistance through our membership. We operate in Australia, the United Kingdom and New Zealand.

Learn more

We’re an award-winning law firm

  • Award

    2025 Future of Legal Services Innovation Finalist - Legal Innovation Awards

  • Award

    2025 Employer of Choice - Australasian Lawyer

  • Award

    2024 Law Company of the Year Finalist - The Lawyer Awards

  • Award

    2024 Law Firm of the Year Finalist - Modern Law Private Client Awards

  • Award

    2022 Law Firm of the Year - Australasian Law Awards