Skip to content

What Should I Do to Protect Customers’ Personal Information?

Your business may hold customers’ personal information. This information could include details about customers’:

  • health;
  • racial or ethnic origin;
  • political opinions;
  • religious beliefs;
  • sexual orientation; and
  • criminal record.

Therefore, you need to have adequate security measures in place to ensure this personal information is protected. At a minimum, you should have industry standard security measures. This article focuses on three approaches you can take to ensure you have an adequate level of security to protect your customers’ personal information.

1. Choose a Reliable Hosting Provider

When storing customer information in the cloud, it is crucial you choose a reliable hosting provider. Specifically, you should look for a provider that takes security seriously and is willing to work with you to protect your customers’ personal information. You should also ensure that the provider proactively responds to data breaches.

When considering a hosting provider, there are a number of matters to consider.

Does the Hosting Provider Monitor the Network?

If your hosting provider regularly monitors its network, the chances of your customer information being protected are much higher. This is because the provider does not have to wait until a customer complains that the servers are down before taking action.

Servers can go down as a result of a number of types of attacks, such as:

  • denial of service;
  • phishing; and
  • viruses.

A hosting provider that monitors the network can actively identify these types of activities. It is also likely to be fighting the intrusion before it affects customer data.

Does the Hosting Provider have Denial of Service Prevention?

Your hosting provider should also have Denial of Service (DDoS) prevention measures in place. There is no point in your hosting provider monitoring its network if it does not have a way of preventing a data breach from happening.

DDoS attacks occur when a website receives thousands, sometimes millions, of requests to access the website. This can happen legitimately. For example, when thousands of users are trying to access a website at the same time. However, sometimes, a malicious attacker might artificially create requests to access a website, in turn bringing the site down. Therefore, your hosting provider needs to have measures in place to prevent or limit the damage caused by a DDoS attack.

DDoS prevention is important because DDoS can leave:

  • your website or information unavailable; and
  • customer information exposed and easily stolen, while the system is down.

Does the Hosting Provider Have Secure Socket Layers?

If your customers are entering sensitive data, such as credit card and bank details or health information, then your hosting provider should have secure socket layers (SSL). This is crucial to protect their personal information.

You might recognise an SSL certificate by the little lock that appears in your browser’s address bar and the ‘s’ in ‘https’. SSL certificates mean the connection between a customer’s browser and your website is secure. Therefore, a customer’s personal information will be protected when they enter it.

Other Matters to Consider

When you choose a hosting provider, make sure you review the contract and discuss it with them. You should also check that the provider has ‘uptime guarantees’. Server uptime refers to the amount of time in any given period a server stays up and running. A hosting provider may guarantee a certain uptime, such as 99% or 99.9%. However, they may exclude planned maintenances or unexpected occurrences.

Furthermore, you should choose an Australia-based hosting provider. This means your website might work more quickly and customer service may be more responsive.

2. Restrict Access and User Permissions

You should ensure access to customer information is restricted only to the employees that need access to the information.

To enforce this, set up access and user permissions. This means that even if an attacker enters the system, they will not be able to access the files you hold easily. This delay might also give your hosting provider time to recognise suspicious requests for access and kick those unwelcome users out of the system.

Continue reading this article below the form
Loading form

3. Implement a Data Breach Response Plan 

You should have a data breach response plan in place. The plan should set out how to deal with a breach and mitigate the damage. This is important to ensure your business complies with the mandatory data breaches scheme in Australia.

Businesses within the scope of this scheme need to notify customers affected by an eligible data breach. Failure to notify may result in significant administrative penalties.

Key Takeaways

You should take the security of your customers’ information seriously by choosing a reliable hosting provider. It should consist of a responsive and cooperative team, with good security measures. On your end, you should restrict access to customer files in your database, so employees have access only when necessary.

Finally, consider implementing a data breach response plan so you know who to notify in the event of a data breach and what measures you should take to mitigate damage. If you have any questions, contact LegalVision’s IT lawyers on 1300 544 755 or fill out the form on this page.

Register for our free webinars

ACCC Merger Reforms: Key Takeaways for Executives and Legal Counsel

Online
Understand how the ACCC’s merger reforms impact your legal strategy. Register for our free webinar.
Register Now

Ask an Employment Lawyer: Contracts, Performance and Navigating Dismissals

Online
Ask an employment lawyer your contract, performance and dismissal questions in our free webinar. Register today.
Register Now

Stop Chasing Unpaid Invoices: Payment Terms That Actually Work

Online
Stop chasing late payments with stronger terms and protections. Register for our free webinar.
Register Now

Managing Psychosocial Risks: Employer and Legal Counsel Responsibilities

Online
Protect your business by managing workplace psychosocial risks. Register for our free webinar.
Register Now
See more webinars >
Chloe Sevil

Chloe Sevil

Read all articles by Chloe

About LegalVision

LegalVision is an innovative commercial law firm that provides businesses with affordable, unlimited and ongoing legal assistance through our membership. We operate in Australia, the United Kingdom and New Zealand.

Learn more

We’re an award-winning law firm

  • Award

    2025 Future of Legal Services Innovation Finalist - Legal Innovation Awards

  • Award

    2025 Employer of Choice - Australasian Lawyer

  • Award

    2024 Law Company of the Year Finalist - The Lawyer Awards

  • Award

    2024 Law Firm of the Year Finalist - Modern Law Private Client Awards

  • Award

    2022 Law Firm of the Year - Australasian Law Awards