How MiClub protects user data
Posted: 21st May 2019 in About us, Latest news
As a provider of golf and club management software, MiClub is responsible for processing user data for thousands of people all over Australia. This is why we would like to take some time to share how we protect this information.
Data security is a big topic, especially following the Cambridge Analytica scandal in 2018. Over 50 million Facebook users had their data exposed. This event raised global awareness on the importance of privacy. Businesses in Australia must comply with the Australian Privacy Act 1988 and the Notifiable Data Breaches (NDB) Scheme when managing and processing personal information. Under Australian privacy laws, a business must notify individuals and the office of the Australian Information Commissioner (AIC) when there has been unauthorised access or disclosure of personal data if this breach could cause serious harm to the individual.
What personal information does MiClub process and how is it used?
MiClub only stores and processes personal information necessary to provide our products and services. This includes contact information for members and public players used in golf or membership management systems. First and last names, addresses, emails and phone numbers. Registered user information for TeeNet or MiTournament websites. MiClub does not collect any sensitive personal information relating to health, race, relationships or personal finances. The data we process is used to enhance our products and services, investigate complaints and send communications via direct marketing. Client contact information is also processed for customer relationship management.
You can read more about MiClub’s privacy policy on our website.
How does MiClub protect personal information?
MiClub has a number of processes and technical systems in place to protect personal data including;
1. Organisational policy
To prevent human error or misuse of information MiClub has clear privacy and data protection policies. These are implemented throughout all organisational departments. Employees are aware of appropriate use of sensitive information when conducting regular business activities.
2. Data storage
We store this data on servers located in Australia under multiple layers of security to prevent breaches from malicious attacks. Bio-metric security devices and firewalls are in place to limit access to a select few individuals who are responsible for maintaining servers.
3. HTTPS
MiClub uses HTTPS encryption as an extra layer of security to prevent malicious attacks online. This safeguard is used when transferring data between web browsers and websites. HTTPS encryption is commonly used for online shopping transactions or other websites that require a high level of security.
4. User authentication
Multiple incorrect login attempts will result in an IP block for 2 minutes. This protects against brute force online or denial of service attacks. Member and Administrator passwords also have a high password strength requirement, containing one lower and uppercase character, a number and minimum length.
5. Reporting and monitoring
Activity log reports are accessible to MiClub root administrators. These reports show user activity which can help identify breaches in security.
6. Destruction
In the event data is no longer needed, information is safely disposed of to protect privacy.
How golf clubs can help protect personal information
There are several ways you can actively help protect personal customer information:
- Have appropriate privacy and data protection policies in place.
- Train staff on correct practice when handling personal information.
- Don’t use generic logins like “admin”!
- Set a strong password with a minimum of 8 character, a mix of upper and lower-case letters, numbers and special characters.
- Do not share your username or password with anyone.
- Restrict staff access to sensitive personal information.
- Remove outdated administrator accounts for terminated staff members.
- Destroy outdated member data or sensitive documentation.