We are committed to keeping secure the personal information you provide to us.
What you need to know
In order to ensure best practice security standards to protect our online communications and your personal information, both we and you have important and significant roles to play at each step of the way when you use our online services. These steps and the respective roles and obligations are outlined below.
Step 1: When you use your computer to access FirstNet via the internet.
It is important that you, and only you, are able to gain access to your accounts via your computer. To assist with protecting your information, WE:
- Issue you with an Member ID (OIN) and PIN
- Provide a secure way for you to enter your Member ID (OIN) and PIN
- Send your PIN only by mail to your registered address
- Automatically log you out of your account if you have been inactive for more than 30 minutes in the case of investors, and 3 hours in the case of advisers. This prevents unauthorised people from accessing your online investing session if you leave your PC unattended without logging out.
The easiest way for someone to gain unauthorised access to your personal information is by guessing, stealing or overlooking your password, rather than by accessing your password over the internet. To ensure our security measures work effectively, YOU must:
- Protect your Member ID (OIN) and PIN from access by others (don't write it down or store it on your computer)
- Never click on the browser pop-up option to "Auto-Complete - remember this password" when entering your Member ID (OIN) and PIN
- Regularly (ie, each month) change your PIN via FirstNet
- Not choose a PIN that can be easily associated with your obvious personal information
- Correctly log off from your accounts after accessing FirstNet
- Notify us immediately if you believe your PIN has been lost or stolen, or of any unauthorised use.
Step 2: Sending your personal information via the internet.
The information that we exchange via the internet must not be read or changed by unauthorised parties. To assist with this, WE:
- Provide the necessary technologies to enable us to exchange messages protected from access by unauthorised parties. This is achieved by using the strongest level of industry accepted encryption. Encryption is supported by Secure Sockets Layer technology.
- Continuously monitor the system for suspicious activity and immediately follow up on any detected issues. This includes the utilisation of technology, people and best practice processes which allows us to isolate the system in the event of detected risk or vulnerability.
To ensure our security measures work effectively, YOU must:
- Install the appropriate version of web browser, Microsoft Internet (version 7.0 or higher) or Mozilla Firefox
- Install and regularly use an up to date, recognised virus scanner. Some viruses may be able to obtain passwords, PINs and other personal information from your computer.
Step 3: Protecting our systems from the internet.
Our systems that are connected to the internet must be protected from unauthorised access. To assist with this, WE:
- Have installed a series of sophisticated firewalls that protect our systems. A firewall is a type of computer system that recognises and accepts messages or requests from desired parties and accepts only those with appropriate authorisation.
Step 4: Storing your data on our systems.
Your personal information stored on our systems must be protected from unauthorised access both from outside and within Colonial First State. To assist with this, WE:
- Provide physical and technical protection for the information storage systems
- Implement and enforce rigid guidelines and policies for our own use of personal information
- Provide access to allow you to update your information
- Ensure that for changes to critical information such as your address, we receive your written authorisation prior to making a change. You will also be able to do this via FirstNet soon.
To ensure our security measures work effectively, YOU:
- Must keep your personal information up to date.
Step 5: Collection of information via web site activity.
For statistical purposes we collect information on web site activity (such as the number of users who visit our web site, the date and time of visits, the number of pages viewed, navigation patterns, what country and what systems users have used to access the site and, when entering our web site from another web site, the address of that web site) through the use of our website log files.
This information on its own does not identify an individual but it does provide us with statistics that can be used to analyse and improve our web site. We may also collect your personal information via your use of online forms available through our web site.
When you use our FirstNet, we send you a temporary cookie that gives you a unique identification number. A different identification number is sent each time you use our web site. Cookies are used for the temporary storage of information that allows us to deliver online applications and customisation of the users of our web site.
To evaluate the effectiveness of our web site, we may use third parties to collect statistical data.
You can configure your browser to accept all cookies, reject all cookies, or notify you when a cookie is sent. Please refer to your browser instructions or help screens to learn more about these functions. If you reject all cookies, you may not be able to use our web sites.
At the end of your interaction with our web site, the cookie "crumbles". This means it no longer exists on your computer and therefore it cannot be used for further identification or access to your computer.
Some commonly used security related terms
Encryption: information sent is coded using random mathematical "keys" in a technique that allows only you and us to easily unscramble the information. These keys are created each time you log onto our system, and are only used for the duration of the session.
Secure Sockets Layer (SSL): this technology allows us to communicate with you in a way that prohibits data transmission from being altered or disclosed. It provides encryption and authentication. Information is encrypted to prevent unauthorised disclosures. Information is then authenticated to ensure that it is being sent and received by the correct parties. SSL provides "message integrity" to prevent the information from being altered during interchanges between us and you. We use "128 bit" encryption which is at the highest and strongest level of encryption currently available online. For further information, you may wish to visit www.verisign.com.
Cookies: A 'cookie' is a packet of information that allows our applications to identify and interact more effectively with your computer. For further information, you may wish to visit www.w3.org.
For further information about the security related terms we have used in this statement you may wish to visit www.w3.org.