Keeping your customers' information safe

Keeping your customers' business or personal information safe from unauthorised use, loss or disclosure is vitally important, as it has the potential to negatively impact your business and customers.

What is personal information?

The information you collect about your customers may include their names, addresses, phone numbers, bank details and credit card numbers. These are all types of personal information. Business owners are responsible for protecting their customers' personal information, and for securely destroying or de-identifying it when it's no longer needed.

How does a data breach happen?

A data breach incident can occur in a number of ways, including:

  • Having an unsecure IT system which is susceptible to malicious hacking
  • Throwing out paper records which contain a customer's personal information without properly destroying the records
  • Leaving a customer's personal information on the bus
  • Leaving a customer's personal information in a car, which is then stolen

How can I keep my customers' personal information secure?

There are steps that you can take to decrease the risk of a data breach incident happening at your business. These include:

  • Secure transfer of information e.g. on a secure file transfer system, not via email
  • Ensuring your business has a privacy policy and that it is kept up to date
  • Conducting a risk assessment to make sure that your employees only have access to your customers' personal information if it's required for them to do their job, and ensuring that such access is regularly reviewed to ensure it’s still valid
  • Ensuring any personal information is securely stored and destroyed correctly when it is no longer needed
  • Using appropriate password controls, and updating passwords regularly
  • Making sure that your staff and business partners are aware of the businesses' privacy obligations - privacy is everyone’s responsibility

To find out more information on how to deal with a cyber security problem as a business or individual visit Cert NZ.

Signals publications

ASB's Cyber Security publication, Signals, aims to empower businesses with unique insights into the cyber threat environment and provide advice to ensure a robust defence.

Keep reading

What's next for your business?