Data and IT security

We are committed to protecting our customers privacy.

CyberSecurity POD

Wesfarmers is committed to complying with the laws governing privacy and data security and acting in an ethical manner with honesty, integrity, fairness and accountability.

Wesfarmers’ Code of Conduct and Group Policies apply to all team members across the Group and outlines guiding principles on privacy, confidentiality, record keeping and the use of, and access to, the Group’s assets and information systems. The Group also has policies relating to privacy and information technology.

Consistent with the Group’s continuing focus on accelerating its data and digital capabilities, privacy and data security are a high priority.

During the year, the Group continued working on enhancing its data privacy and security processes. This work included a review of privacy law compliance and development of data ethics principles. It also included the strengthening of cyber threat detection and response capabilities and further development of data protection processes including a Group risk management solution for IT vendors and minimum standards on cyber-security. The Group established quarterly reporting on cyber-security matters to divisional and Group Audit and Risk Committees and expanded the remit of the Data and Digital Steering Committee to include reviews of key data analytics projects. The Corporate Office conducted cyber-security training and created new roles focussed on data management and data and digital policy.

In the coming year, the Group will continue developing its systems and data governance frameworks, including in the areas of privacy assessment and training, and reviews of data analytics projects and data management and security.

GRI 103-1, GRI 103-2, GRI 103-3, GRI 413-2, GRI 418-1