Product safety and data privacy
We are committed to providing consumers with safe products and protecting their privacy.
All of the consumer products we supply must be safe and meet consumer guarantees under the consumer laws of the countries where we operate. We ensure that all our products comply with relevant mandatory standards before they are offered for sale and we do not sell banned products. As well as safety testing and compliance with required standards, our divisions implement product recalls where possible safety issues may arise.
During the year as part of our materiality process data privacy emerged as a key material issue for Wesfarmers and its businesses. We are committed to complying with the Australian Privacy Act and all relevant legislation.
We have systems and procedures in place to protect customer and employee information and acknowledge that privacy protection requires ongoing significant resources. This remains a high priority.
During the year we continued to implement a number of controls to minimise risk, including enhanced monitoring and vulnerability testing of our systems and procedures.
In June 2018, Coles, Kmart, Target and Officeworks were among a large number of Australian businesses which were notified that a data security incident at technology provider PageUp may have involved personal data of some candidates, their referees and team members, as PageUp provided them with software services used in recruitment and employment. All our affected businesses responded swiftly to the incident, including suspending job portals for further recruitment, until satisfactory and independent assurances were received that the system was secure to use.
While PageUp was unable to confirm who may have been specifically affected, current and past job applicants who might have been affected were informed as a precaution and advised what action they should take. Wesfarmers businesses’ also engaged with the Australian Government’s Joint Cybersecurity Centre, the Office of the Australian Information Commissioner and other data security bodies and experts to understand the extent of the issue, risk management and data protection options.
GRI 417-1, GRI 103-1, GRI 103-2, GRI 103-3, GRI 418-1