FAQs

How does AV Membership protect my personal information?


Your personal details are kept in our secured database.  We run regular audits to ensure all information has been accessed by approved agents only. Any changes made within a record are required to have an audit trail with timestamp and user log for traceability.
 
We actively monitor for system breeches and compromised credentials or accounts in partnership with the Australian Cyber Security Centre (ACSC). This process involves the notification of any suspected data privacy breach or credential leak.
 
You must create a password to access your online membership record and 3 points of ID are required when you contact the Membership Service Centre. Third parties cannot access information without authorisation, verbally or in writing from the owner of the membership.

We upgraded our banking system to increase security measures when processing payments.  This change has greatly increased the security and privacy of managing membership payments as we no longer hold credit card details in our database, but instead communicate directly with our banking partner to manage the payments.  Credit card details are encrypted and only the last four digits of the card are visible to allow for validation and updating as required. PayPal was also introduced in 2019.

Furthermore, consultants who work out of our Membership Service Centre (located in William Street, Melbourne) are monitored at all times by team leaders and do not have access to pens or paper when taking calls.  AV’s (ROD) phone system also blanks out credit card payments on recorded calls so that your payment information is not recorded.
 
What happens if there is a data breach?
 
Data breaches will be dealt with on a case by case basis, by undertaking an assessment of the risks involved and using that risk assessment to decide on an appropriate course of action.  We will take action as listed in the four steps below:

Step 1: Immediately contain breach & perform preliminary assessment
  • Ensure evidence is preserved that may be valuable in determining the cause of the breach
  • Consider developing a communications or media strategy to manage public expectations and media interest
Step 2: Evaluate the risks for individuals associated with the breach including
  • the type of personal information involved in the breach
  • how the breach was discovered and by whom
  • a list of the affected individuals, or possible affected individuals
Step 3: Consider breach notification
  • Inform Data Breach Response Team (DBRT) of breach and action response plan
  • Determine who needs to be made aware of the breach (internally, and potentially externally) at this preliminary stage
  • Determine whether to notify affected individuals
  • Consider whether others should be notified, including police/law enforcement
Step 4: Review the incident and take action to prevent future breaches
  • Fully investigate the cause of the breach
  • Provide DBRT with full details of breach and actions taken.
  • Update security and response plan if necessary
  • Consider the option of an audit to ensure necessary outcomes are effected.
Our Incident Response Plan will be modified according to lessons learned after each data security incident, and to incorporate industry developments, so that the plan is current and capable of handling emerging threats and security trends.
 
For more information regarding what AV Membership does with your data - click here
For more information around deleting data - click here

Back To FAQs
Back To FAQ Search

Was this answer helpful?