By Tracy Miller
Sep 07, 2018
| External CFO | News


We are committed to being responsible data custodians, protecting your privacy and ensuring that your personal information does not get misused. We take our obligations to you seriously and understand how important it is that your personal information is kept secure and not disclosed to any unauthorised entities or used for any unauthorised purposes. We also understand and respect that, in the event of a notifiable data breach, you are entitled to be made aware of this breach so you can take appropriate actions to protect yourself.

Our updated Privacy Policy (which we encourage you to read) has gone into effect on 22 February, 2018 as part of compliance to The Notifiable Data Breaches (NDB) scheme under Part IIIC of the Privacy Act 1988 (Privacy Act) established requirements for entities in responding to data breaches.

Here’s a brief summary of the changes:

  • The firmwide rollout of Practice Protect technology tool, so all team members have secure, company-controlled access to applications through a single username and password with the additional security of 2-step authentication.
  • Data breach protection, metadata removal, failsafe redaction and/or password protection for confidential and personal information such as Tax File Numbers (TFNs) via DocsCorp. Passwords used to protect these documents will be the recipients DOB in the following format e.g. 01JAN1980
  • Policy Document rollout & Industry Recognised Endorsement to minimise breach exposure, set clear guidelines for staff and/or third parties that need access to our systems and provide the relevant information to client.

If you have any queries or concerns, please reach out to us at

Furthermore the measures we have put in place to protect your personal information and data include (but are not limited to):

  • The ability to apply two step (2SA) authentication to access across all sensitive
    applications (not on an application by application basis)
  • Restriction of remote access to specific locations and/or block overseas access to our systems
  • Track and monitors attempted access to our systems and identify suspicious activity
  • Log usage in an audit trail and retrospectively determine the suspected source of a breach to report to authorities. With this tool we can see what applications were
    accessed, when they were accessed and from where.
  • Terminate user access to all sensitive cloud applications by disabling a single user account
  • Remotely wipe mobile devices in the event they’re breached, lost or the user associated with the device is terminated We can restrict access to reasonable times such as business hours
  • We are able to share access to applications using a single user ID without having to divulge cloud app passwords to staff
  • Our staff only need to remember one single password to all sensitive applications
    decreasing the risk associated with ‘password sprawl’
  • The ability to federate our identity systems so that access to desktops, servers and browser-based cloud applications are accessed via one single identity.

We have policies and documentation in place that

  • Educates and sets expectations on best practice password and access management to staff in the form of an IT and Internet usage policy.
  • Third party access agreements that govern and limit liability in the event a third party such as an IT contractor or outsourced provider should breach our data security policies
  • A privacy policy that makes clear how we manage client information
  • A data breach response plan that lays out the steps we take in the event of a breach and communicates our obligations under the Notifiable Breach Legislation
  • A specialist data security legal service contracted to support us in the event of a breach to ensure the appropriate remediation and notification steps are taken.
  • A retainer-based engagement with a specialist cyber-security firm that provides
    guidance and best practice systems to protect our clients’ privacy
  • This cloud best practice certification that validates our firm as a responsible data

We also have access to external advisors with expertise to handle privacy and data protection matters.

If you have any queries or concerns, please reach out to us at