Personal Information Security

We are committed to keeping secure the personal information you provide to us. We take all reasonable precautions to protect the personal information we hold about you from misuse and loss and from unauthorised access, modification or disclosure.

We have a range of physical and technology policies in place to provide a robust security environment. We ensure the ongoing adequacy of these measures by regularly reviewing them. Our security measures include, but are not limited to:

  • restricting access to our computer systems and physical records to authorised persons and preventing users from accessing information they have no need to access;
  • requiring employees to use unique passwords to gain access to systems. These passwords are changed regularly and their use is independently monitored;
  • encrypting data sent from your computer to our systems during internet transactions and customer access codes transmitted across networks;
  • employing firewalls, intrusion detection systems and virus scanning tools to prevent unauthorised persons and viruses from entering our systems;
  • using dedicated secure networks or encryption when we transmit electronic data for purposes of outsourcing;
  • providing secure storage for physical records; and
  • detecting and preventing unauthorised access to buildings by employing physical and electronic means such as alarms, cameras and guards as required. Where information we hold is identified as no longer needed for any purpose we ensure it is effectively and securely destroyed.

Email security

Receiving communications by email? Things to be aware of.
Email is a fast, convenient and environmentally friendly way to receive your Colonial First State communications. Set out below are some of the steps that Colonial First State is taking to help keep your email communications reliable and secure, together with some tips for you to consider.

Ensuring the security of your personal information
In the unlikely event that correspondence we email you is intercepted by someone else, key aspects of your personal information may be 'masked'.

Some of the details that may be masked include your address, online identity number (OIN), tax file number, salary and smoking status. In place of this information will be the '*' character.

Your Colonial First State account number and your bank account number may also be masked, except for the last three digits.

Your date of birth will display the year you were born, while the day and month may be masked.

Masking details is not possible when it is an ad-hoc request. An ad-hoc request is when email is not the preferred communication choice and you advise us to send document/information via email on a one off basis.

Ensuring our emails are delivered to you
There may be occasions when we can’t deliver an email to your inbox. For example, there may be a problem with your email server, your mailbox box may be full or the email communication may be affected by a telecommunications failure. When we can’t deliver an email to your inbox, we will mail you a paper copy instead. If you don’t receive correspondence, either by email or post, in a reasonable period of time, call us on 13 13 36.

Also, we encourage you to check that your spam filters are not blocking Colonial First State emails.

Ensuring your email address is current
In order to receive your Colonial First State communications by email, your email address needs to be current. There are a number of ways you can update your email address with us.

PhoneCall us on 13 13 36
FirstNetLog into FirstNet then select [Change my details]
PostWrite to us at Colonial First Sate, GPO 3956, NSW 2001

Ensuring you can open our attachments
Some of the correspondence we email you will be in the form of an attachment. You will need Adobe Reader software to open these attachments. It’s possible you already have this software on your computer. However, if you don’t have this software, click on the following link to install it.

Get Adobe Reader

Ensuring you follow safe computing practices
We encourage that you follow safe computing practices and to consider the following tips.
  • Password protect your computer to stop others accessing your email. Safeguard any computer-related passwords.
  • Never click on an email that asks you to login or asks for personal information. Colonial First State will never send you an email containing such requests.
  • Use email spam filters to help protect you from receiving hoax/spam emails. Anti-virus/anti-spam software and Internet Service Providers (ISPs) now offer email spam filtering services. These spam filtering services intercept many hoax emails preventing them from reaching your email inbox. You may need to contact your ISP either by telephone or via their website in order to activate spam filtering on your email account. You should check that your or your ISP's spam filters are not blocking Colonial First State emails.
  • Avoid opening, running, installing or using programs/files you have obtained from a person or organisation that you do not know you can trust. Be particularly careful of unsolicited emails containing file attachments.
  • Always scan new programs/files for viruses and spyware before and after opening, running, installing or using them.
  • To help keep emails secure, you should always maintain up-to-date versions of firewalls, anti-virus, anti-spam, anti-spyware, anti-phishing and other security software and tools. A number of vendors provide such products. You should also download and install the most up-to-date patches and fixes for the operating system and other software that you use on your computer.

Online security

In order to ensure best practice security standards to protect our online communications and your personal information, both we and you have important and significant roles to play at each step of the way when you use our online services. These steps and the respective roles and obligations are outlined below.

Step 1: when you use your computer to access FirstNet via the internet.

It is important that you, and only you, are able to gain access to your accounts via your computer. To assist with protecting your information, WE:

  • issue you with an online identity number and PIN
  • provide a secure way for you to enter your online identity number and PIN
  • send your PIN only by mail to your registered address
  • automatically log you out of your account if you have been inactive for more than 30 minutes in the case of investors, and 3 hours in the case of advisers. This prevents unauthorised people from accessing your online investing session if you leave your PC unattended without logging out.

The easiest way for someone to gain unauthorised access to your personal information is by guessing, stealing or overlooking your password, rather than by accessing your password over the internet. To ensure our security measures work effectively, YOU must:

  • protect your online identity number and PIN from access by others (don't write it down or store it on your computer)
  • never click on the browser pop-up option to "Auto-Complete - remember this password" when entering your OIN and PIN
  • regularly (ie, each month) change your PIN via FirstNet
  • not choose a PIN that can be easily associated with your obvious personal information
  • correctly log off from your accounts after accessing FirstNet
  • notify us immediately if you believe your PIN has been lost or stolen, or of any unauthorised use.

Step 2: sending your personal information via the internet

The information that we exchange via the internet must not be read or changed by unauthorised parties. To assist with this, WE:

  • provide the necessary technologies to enable us to exchange messages protected from access by unauthorised parties. This is achieved by using the strongest level of industry accepted encryption. Encryption is supported by Secure Sockets Layer technology.
  • continuously monitor the system for suspicious activity and immediately follow up on any detected issues. This includes the utilisation of technology, people and best practice processes which allows us to isolate the system in the event of detected risk or vulnerability.

To ensure our security measures work effectively, YOU must:

  • install the appropriate version of web browser, Microsoft Internet (version 7.0 or higher) or Mozilla Firefox.
  • Install and regularly use an up to date, recognised virus scanner. Some viruses may be able to obtain passwords, PINs and other personal information from your computer.

Step 3 - protecting our systems from the internet

Our systems that are connected to the internet must be protected from unauthorised access. To assist with this, WE:

  • have installed a series of sophisticated firewalls that protect our systems. A firewall is a type of computer system that recognises and accepts messages or requests from desired parties and accepts only those with appropriate authorisation.

Step 4 - storing your data on our systems

Your personal information stored on our systems must be protected from unauthorised access both from outside and within Colonial First State. To assist with this, WE:

  • provide physical and technical protection for the information storage systems
  • implement and enforce rigid guidelines and policies for our own use of personal information
  • provide access to allow you to update your information
  • ensure that for changes to critical information such as your address, we receive your written authorisation prior to making a change. You will also be able to do this via FirstNet soon.

To ensure our security measures work effectively, YOU:

  • must keep your personal information up to date.

Step 5 - Collection of information via web site activity

For statistical purposes we collect information on web site activity (such as the number of users who visit our web site, the date and time of visits, the number of pages viewed, navigation patterns, what country and what systems users have used to access the site and, when entering our web site from another web site, the address of that web site) through the use of our website log files. This information on its own does not identify an individual but it does provide us with statistics that can be used to analyse and improve our web site. We may also collect your personal information via your use of online forms available through our web site.

When you use our FirstNet, we send you a temporary cookie that gives you a unique identification number. A different identification number is sent each time you use our web site. Cookies are used for the temporary storage of information that allows us to deliver online applications and customisation of the users of our web site.

To evaluate the effectiveness of our web site, we may use third parties to collect statistical data.

You can configure your browser to accept all cookies, reject all cookies, or notify you when a cookie is sent. Please refer to your browser instructions or help screens to learn more about these functions. If you reject all cookies, you may not be able to use our web sites.

At the end of your interaction with our web site, the cookie "crumbles". This means it no longer exists on your computer and therefore it cannot be used for further identification or access to your computer.

Some commonly used security related terms

Encryption: information sent is coded using random mathematical "keys" in a technique that allows only you and us to easily unscramble the information. These keys are created each time you log onto our system, and are only used for the duration of the session.

Secure Sockets Layer (SSL): this technology allows us to communicate with you in a way that prohibits data transmission from being altered or disclosed. It provides encryption and authentication. Information is encrypted to prevent unauthorised disclosures. Information is then authenticated to ensure that it is being sent and received by the correct parties. SSL provides "message integrity" to prevent the information from being altered during interchanges between us and you. We use "128 bit" encryption which is at the highest and strongest level of encryption currently available online. For further information, you may wish to visit

Cookies: A 'cookie' is a packet of information that allows our applications to identify and interact more effectively with your computer. For further information, you may wish to visit

For further information about the security related terms we have used in this statement you may wish to visit

  Financial Services Guide | Terms of Use | Privacy | Security | Complaints
Copyright © 2021 all rights reserved Colonial First State Investments Limited ABN 98 002 348 352, AFS Licence 232468 (Colonial First State).