Data and cyber security

We are committed to data protection.


Data and cyber security

As expectations about data protection evolve, Wesfarmers remains committed to being a trusted and responsible custodian of customer and team member data.

As expectations on the protection of data evolve rapidly, Wesfarmers remains committed to being a trusted and responsible custodian of the customer and team member data we hold. We are continuing to invest in data and digital assets and capabilities, with this investment underpinned by our core values of integrity, accountability and openness. Across the Group, our teams collaborate on data privacy, cyber security, information technology and advanced analytics, including with external innovators, researchers and strategic partners.

During the year, the Group enhanced its privacy frameworks, processes and resourcing, including through initiatives to:

  • update privacy policies, privacy hubs and preference centres
  • improve privacy impact assessments, de-identification frameworks and controls, and
  • increase focus on privacy-by-design including during digital product development.

The Group maintains a data governance framework, including a data governance policy. This policy aligns standard foundational data types to a Group data classification scheme. This approach helps to support the strategic value of our data assets while balancing security, integrity, compliance and reputational issues inherent in collecting, using, retaining, sharing and destroying or deleting data.

Where customer cardholder data is managed or handled, the divisions continue to demonstrate Payment Card Industry Data Security Standard assurance. During the year, our businesses implemented various customer data initiatives. These included enhancements to security monitoring through security operations centres and web security protective controls.

Wesfarmers has enhanced technology‑related governance to include the appropriate use of generative AI, new cyber security awareness programs and introduced an algorithmic impact assessment process.

We continue to participate in industry and government consultations to support cyber security resilience and enable safe use of emerging technologies. Across our businesses and supply chains, we continue to observe and respond to a heightened, active cyber threat landscape, globally and locally – with a focus on geopolitical tensions, rapid technology development and increased regulator interest.

GRI 3-3, GRI 413-2, GRI 418-1