Personal Information Security
We are committed to keeping secure the personal information you provide to
us. We take all reasonable precautions to protect the personal information we
hold about you from misuse and loss and from unauthorised access, modification
We have a range of physical and technology policies in place to provide a robust
security environment. We ensure the ongoing adequacy of these measures by
regularly reviewing them. Our security measures include, but are not limited
- restricting access to our computer systems and physical records to authorised
persons and preventing users from accessing information they have no need to
- requiring employees to use unique passwords to gain access to systems. These
passwords are changed regularly and their use is independently monitored;
- encrypting data sent from your computer to our systems during internet
transactions and customer access codes transmitted across networks;
- employing firewalls, intrusion detection systems and virus scanning tools to
prevent unauthorised persons and viruses from entering our systems;
- using dedicated secure networks or encryption when we transmit electronic data
for purposes of outsourcing;
- providing secure storage for physical records; and
- detecting and preventing unauthorised access to buildings by employing physical
and electronic means such as alarms, cameras and guards as required. Where
information we hold is identified as no longer needed for any purpose we ensure
it is effectively and securely destroyed.
|Receiving communications by email? Things to be aware of.
|Email is a fast, convenient and environmentally friendly way to receive your Colonial First State communications. Set out below are some of the steps that Colonial First State is taking to help keep your email communications reliable and secure, together with some tips for you to consider.
|Ensuring the security of your personal information
In the unlikely event that correspondence we email you is intercepted by someone else, key aspects of your personal information may be 'masked'.
Some of the details that may be masked include your address, online identity number (OIN), tax file number, salary and smoking status. In place of this information will be the '*' character.
Your Colonial First State account number and your bank account number may also be masked, except for the last three digits.
Your date of birth will display the year you were born, while the day and month may be masked.
Masking details is not possible when it is an ad-hoc request. An ad-hoc request is when email is not the preferred communication choice and you advise us to send document/information via email on a one off basis.
|Ensuring our emails are delivered to you
There may be occasions when we can’t deliver an email to your inbox. For example, there may be a problem with your email server, your mailbox box may be full or the email communication may be affected by a telecommunications failure. When we can’t deliver an email to your inbox, we will mail you a paper copy instead. If you don’t receive correspondence, either by email or post, in a reasonable period of time, call us on 13 13 36.
Also, we encourage you to check that your spam filters are not blocking Colonial First State emails.
|Ensuring your email address is current
In order to receive your Colonial First State communications by email, your email address needs to be current. There are a number of ways you can update your email address with us.
|Phone||Call us on 13 13 36
|FirstNet||Log into FirstNet then select [Change my details]
|Post||Write to us at Colonial First Sate, GPO 3956, NSW 2001
|Ensuring you can open our attachments
Some of the correspondence we email you will be in the form of an attachment. You will need Adobe Reader software to open these attachments. It’s possible you already have this software on your computer. However, if you don’t have this software, click on the following link to install it.
|Ensuring you follow safe computing practices
| We encourage that you follow safe computing practices and to consider the following tips.
- Password protect your computer to stop others accessing your email. Safeguard any computer-related passwords.
- Never click on an email that asks you to login or asks for personal information. Colonial First State will never send you an email containing such requests.
- Use email spam filters to help protect you from receiving hoax/spam emails. Anti-virus/anti-spam software and Internet Service Providers (ISPs) now offer email spam filtering services. These spam filtering services intercept many hoax emails preventing them from reaching your email inbox. You may need to contact your ISP either by telephone or via their website in order to activate spam filtering on your email account. You should check that your or your ISP's spam filters are not blocking Colonial First State emails.
- Avoid opening, running, installing or using programs/files you have obtained from a person or organisation that you do not know you can trust. Be particularly careful of unsolicited emails containing file attachments.
- Always scan new programs/files for viruses and spyware before and after opening, running, installing or using them.
- To help keep emails secure, you should always maintain up-to-date versions of firewalls, anti-virus, anti-spam, anti-spyware, anti-phishing and other security software and tools. A number of vendors provide such products. You should also download and install the most up-to-date patches and fixes for the operating system and other software that you use on your computer.
In order to ensure best practice security standards to protect our online
communications and your personal information, both we and you have important
and significant roles to play at each step of the way when you use our online
services. These steps and the respective roles and obligations are outlined
Step 1: when you use your computer to access FirstNet via the internet.
It is important that you, and only you, are able to gain access to your accounts
via your computer. To assist with protecting your information, WE:
- issue you with an online identity number and PIN
- provide a secure way for you to enter your online identity number and PIN
- send your PIN only by mail to your registered address
- automatically log you out of your account if you have been inactive for more
than 30 minutes in the case of investors, and 3 hours in the case of advisers.
This prevents unauthorised people from accessing your online investing session
if you leave your PC unattended without logging out.
The easiest way for someone to gain unauthorised access to your personal
information is by guessing, stealing or overlooking your password, rather than
by accessing your password over the internet. To ensure our security measures
work effectively, YOU must:
- protect your online identity number and PIN from access by others (don't write
it down or store it on your computer)
- never click on the browser pop-up option to "Auto-Complete - remember this password" when entering your OIN and PIN
- regularly (ie, each month) change your PIN via FirstNet
- not choose a PIN that can be easily associated with your obvious personal
- correctly log off from your accounts after accessing FirstNet
- notify us immediately if you believe your PIN has been lost or stolen, or of
any unauthorised use.
Step 2: sending your personal information via the internet
The information that we exchange via the internet must not be read or changed by
unauthorised parties. To assist with this, WE:
- provide the necessary technologies to enable us to exchange messages protected
from access by unauthorised parties. This is achieved by using the strongest
level of industry accepted encryption. Encryption is
supported by Secure Sockets Layer technology.
- continuously monitor the system for suspicious activity and immediately follow
up on any detected issues. This includes the utilisation of technology, people
and best practice processes which allows us to isolate the system in the event
of detected risk or vulnerability.
To ensure our security measures work effectively, YOU must:
- install the appropriate version of web browser, Microsoft Internet (version 7.0 or higher) or Mozilla Firefox.
- Install and regularly use an up to date, recognised virus scanner. Some viruses may be able to obtain passwords, PINs and other personal information from your computer.
Step 3 - protecting our systems from the internet
Our systems that are connected to the internet must be protected from
unauthorised access. To assist with this, WE:
- have installed a series of sophisticated firewalls that protect our systems. A
firewall is a type of computer system that recognises and accepts messages or
requests from desired parties and accepts only those with appropriate
Step 4 - storing your data on our systems
Your personal information stored on our systems must be protected from
unauthorised access both from outside and within Colonial First State. To
assist with this, WE:
- provide physical and technical protection for the information storage
- implement and enforce rigid guidelines and policies for our own use of
- provide access to allow you to update your information
- ensure that for changes to critical information such as your address, we
receive your written authorisation prior to making a change. You will also be
able to do this via FirstNet soon.
To ensure our security measures work effectively, YOU:
- must keep your personal information up to date.
Step 5 - Collection of information via web site activity
For statistical purposes we collect information on web site activity (such
as the number of users who visit our web site, the date and time of visits, the
number of pages viewed, navigation patterns, what country and what systems
users have used to access the site and, when entering our web site from another
web site, the address of that web site) through the use of our website log
files. This information on its own does not identify an individual but it does
provide us with statistics that can be used to analyse and improve our web
site. We may also collect your personal information via your use of online
forms available through our web site.
When you use our FirstNet, we send you a temporary cookie that gives you a
unique identification number. A different identification number is sent each
time you use our web site. Cookies are used for the temporary storage of
information that allows us to deliver online applications and customisation of
the users of our web site.
To evaluate the effectiveness of our web site, we may use third parties to
collect statistical data.
You can configure your browser to accept all cookies, reject all cookies, or
notify you when a cookie is sent. Please refer to your browser instructions or
help screens to learn more about these functions. If you reject all cookies,
you may not be able to use our web sites.
At the end of your interaction with our web site, the cookie "crumbles".
This means it no longer exists on your computer and therefore it cannot be used
for further identification or access to your computer.
Some commonly used security related terms
Encryption: information sent is coded
using random mathematical "keys" in a technique that allows only you and us to
easily unscramble the information. These keys are created each time you log
onto our system, and are only used for the duration of the session.
Secure Sockets Layer (SSL): this technology allows us
to communicate with you in a way that prohibits data transmission from being
altered or disclosed. It provides encryption and authentication. Information is
encrypted to prevent unauthorised disclosures. Information is then
authenticated to ensure that it is being sent and received by the correct
parties. SSL provides "message integrity" to prevent the information from being
altered during interchanges between us and you. We use "128 bit" encryption
which is at the highest and strongest level of encryption currently available
online. For further information, you may wish to visit
Cookies: A 'cookie' is a packet of information
that allows our applications to identify and interact more effectively with
your computer. For further information, you may wish to visit
For further information about the security related terms we have used in this
statement you may wish to visit www.w3.org.