Assessment of Wesfarmers Limited's Privacy Policy Compliance
VerifiedAdded on 2023/06/12
|9
|2222
|61
Report
AI Summary
This report examines Wesfarmers Limited's privacy policy in relation to the Australian Privacy Act of 1988, focusing on the thirteen Australian Privacy Principles. It compares Wesfarmers' policy with the Act, identifies limitations concerning the disclosure of personal information to third parties and the lack of specificity regarding exceptional conditions for data sharing. The report recommends providing a detailed list of authorized and unauthorized third-party recipients and clarifying the conditions under which personal information may be disclosed. It concludes that Wesfarmers' policy is generally compliant but requires these improvements for full adherence, suggesting amendments to the Act and continuous monitoring of the company's practices. The report further suggests informing stakeholders of the changes through electronic memos.
Australian Privacy Principles1
AUSTRALIAN PRIVACY PRINCIPLES
Student (Name)
Professor (Name)
College
Course
Date
AUSTRALIAN PRIVACY PRINCIPLES
Student (Name)
Professor (Name)
College
Course
Date
Paraphrase This Document
Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser
Australian Privacy Principles2
AUSTRALIAN PRIVACY PRINCIPLES
Introduction
Unknown too many, the IT departments of organizations, just like any other departments,
can, depending on how they are managed, determine whether the organization stands or falls.
This is because, in the growing world of the internet, it is becoming increasingly crucial that
specific information about a company does not fall into the hands of the wrong people. IT
professionals have, therefore, to work harder than ever before. In this regard, the Australian
government came up with a set of rules and regulations to govern issues of privacy for
organizations and individuals, called the Privacy Act of 1988 (Adrian 2013).
In this report, we are going to examine the privacy policy of Wesfarmers Limited, an
Australian union with its headquarters in Perth, Western Australia, and one of the largest
business corporations in Australia. We will then compare the privacy policy of Wesfarmers
Limited to the Privacy Act of Australia. We will then seek to find out if there are any backdrops
of this company with relevance to the Privacy Act, or if there are areas that it goes beyond the
stipulations of the Act or both. Finally, we will make recommendations, if any, that can be
implemented by the company to ensure that it fully complies with the Act.
The Australian Privacy Act
The primary function of the Act is to regulate the handling of personal information. For
that reason, the first thing it does is stipulate a detailed and exhaustive definition of “personal
information” and what it entails (Caron et al. 2016). The Privacy act rests on the Australian
Privacy Principles, thirteen in total, from which it derives its authenticity. The primary areas that
the Act is concerned about are credit reporting, tax file numbers, and health and medical
AUSTRALIAN PRIVACY PRINCIPLES
Introduction
Unknown too many, the IT departments of organizations, just like any other departments,
can, depending on how they are managed, determine whether the organization stands or falls.
This is because, in the growing world of the internet, it is becoming increasingly crucial that
specific information about a company does not fall into the hands of the wrong people. IT
professionals have, therefore, to work harder than ever before. In this regard, the Australian
government came up with a set of rules and regulations to govern issues of privacy for
organizations and individuals, called the Privacy Act of 1988 (Adrian 2013).
In this report, we are going to examine the privacy policy of Wesfarmers Limited, an
Australian union with its headquarters in Perth, Western Australia, and one of the largest
business corporations in Australia. We will then compare the privacy policy of Wesfarmers
Limited to the Privacy Act of Australia. We will then seek to find out if there are any backdrops
of this company with relevance to the Privacy Act, or if there are areas that it goes beyond the
stipulations of the Act or both. Finally, we will make recommendations, if any, that can be
implemented by the company to ensure that it fully complies with the Act.
The Australian Privacy Act
The primary function of the Act is to regulate the handling of personal information. For
that reason, the first thing it does is stipulate a detailed and exhaustive definition of “personal
information” and what it entails (Caron et al. 2016). The Privacy act rests on the Australian
Privacy Principles, thirteen in total, from which it derives its authenticity. The primary areas that
the Act is concerned about are credit reporting, tax file numbers, and health and medical
Australian Privacy Principles3
research. Other legislation includes telecommunications, criminal records, government data
matching, anti-money laundering, personal property security register and healthcare identifiers
among others (Cate and Mayer-Schönberger 2013).
The privacy new policy is distributed across all the Australian organizations, companies,
businesses, firms, public and private institutions, stakeholders, and also to individuals. We will
look at the implementation of the new policy in Westfarmers Limited and see how the policy
relates with the Act and collect the feedback from the stakeholders.
How Westfarmers privacy policy compares to the Act
Let us then see if Wesfarmers Limited abides by the requirements of the Privacy Act.
First of all, their definition of ‘personal information’ is exactly as it is in the Act. Their policy
explains their methods of collection, storage, and disclosure of personal information and the
rights of stakeholders concerning correction and submission of complaints about the company's
treatment of personal information (Choo 2010). As per the policy, the type of information they
collect is mainly dependent on the rationale for collection, and the activity for which the
information is relevant.
The Privacy Policy of Wesfarmers Limited stipulates well the type of personal
information that they collect along with the underlying conditions. They collect the names and
contact details and communication records with shareholders, employees in their group of
companies, job applicants, their suppliers, their correspondents, and people who request updates
of information about the company through their website mailing list. They do not go against
section 6(1) of the Act, which outlines the type of personal information a company can take and
from whom.
research. Other legislation includes telecommunications, criminal records, government data
matching, anti-money laundering, personal property security register and healthcare identifiers
among others (Cate and Mayer-Schönberger 2013).
The privacy new policy is distributed across all the Australian organizations, companies,
businesses, firms, public and private institutions, stakeholders, and also to individuals. We will
look at the implementation of the new policy in Westfarmers Limited and see how the policy
relates with the Act and collect the feedback from the stakeholders.
How Westfarmers privacy policy compares to the Act
Let us then see if Wesfarmers Limited abides by the requirements of the Privacy Act.
First of all, their definition of ‘personal information’ is exactly as it is in the Act. Their policy
explains their methods of collection, storage, and disclosure of personal information and the
rights of stakeholders concerning correction and submission of complaints about the company's
treatment of personal information (Choo 2010). As per the policy, the type of information they
collect is mainly dependent on the rationale for collection, and the activity for which the
information is relevant.
The Privacy Policy of Wesfarmers Limited stipulates well the type of personal
information that they collect along with the underlying conditions. They collect the names and
contact details and communication records with shareholders, employees in their group of
companies, job applicants, their suppliers, their correspondents, and people who request updates
of information about the company through their website mailing list. They do not go against
section 6(1) of the Act, which outlines the type of personal information a company can take and
from whom.
⊘ This is a preview!⊘
Do you want full access?
Subscribe today to unlock all pages.
Trusted by 1+ million students worldwide
Australian Privacy Principles4
The policy also says how the company collects personal information (Clarke 2009). The
primary method is direct collection from clients when they engage in various transactions with
the company, like corresponding or registering with them, or when providing feedback or
entering into agreements with them. Also, where circumstances dictate, they may collect
personal information from third parties. For instance, they may require the referees given by job
applicants to disclose personal information about the applicants. With the help of their service
providers, or at their secure storage locations, the information is stored electronically or, on rare
occasions, in hard copy.
The company collects and keeps personal information for various purposes. First is to
enable effective communication with shareholders when their payments are being processed, and
to ensure their compliance with legal obligations (Otlowski 2015). It further helps them to
correspond with people who contact them so they can send and receive feedback appropriately,
plus a series of other functions, all of which are in line with the postulates of the Australian
Privacy Act. Generally, as the policy states, the information is used for the primary application
for which it was intended, or for uses related to the primary purpose in a relevant manner, or for
exceptional conditions as laid out by the Privacy Act.
The Privacy policy of Wesfarmers Limited points out the reasons why they may need to
disclose personal information to third parties, and the specific third parties to who such kind of
data may be made available (Pardo and Siemens 2014). They only share such information when
it is a requirement by the law that they do so, or when they have obtained the full consent of the
person or group whose information they wish to disclose. Otherwise, they do not disclose any
personal information at all to anybody. And when they do, they do all they can to ensure that the
The policy also says how the company collects personal information (Clarke 2009). The
primary method is direct collection from clients when they engage in various transactions with
the company, like corresponding or registering with them, or when providing feedback or
entering into agreements with them. Also, where circumstances dictate, they may collect
personal information from third parties. For instance, they may require the referees given by job
applicants to disclose personal information about the applicants. With the help of their service
providers, or at their secure storage locations, the information is stored electronically or, on rare
occasions, in hard copy.
The company collects and keeps personal information for various purposes. First is to
enable effective communication with shareholders when their payments are being processed, and
to ensure their compliance with legal obligations (Otlowski 2015). It further helps them to
correspond with people who contact them so they can send and receive feedback appropriately,
plus a series of other functions, all of which are in line with the postulates of the Australian
Privacy Act. Generally, as the policy states, the information is used for the primary application
for which it was intended, or for uses related to the primary purpose in a relevant manner, or for
exceptional conditions as laid out by the Privacy Act.
The Privacy policy of Wesfarmers Limited points out the reasons why they may need to
disclose personal information to third parties, and the specific third parties to who such kind of
data may be made available (Pardo and Siemens 2014). They only share such information when
it is a requirement by the law that they do so, or when they have obtained the full consent of the
person or group whose information they wish to disclose. Otherwise, they do not disclose any
personal information at all to anybody. And when they do, they do all they can to ensure that the
Paraphrase This Document
Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser
Australian Privacy Principles5
person receiving the data has the capacity to protect and secure that information and use it only
for the purpose for which it was intended.
As we would expect, Wesfarmers Limited allows people whose personal information
they hold to access that information or request for its correction, provided they meet some
conditions. The company must first ascertain that the person seeking access is the rightful person
(Svantesson and Clarke 2010). This they do because they do not want to take chances with
confidentiality. They have provisions put in place for people who would like to give complaints
concerning their privacy policy. The claims can be submitted either electronically through an
email they have provided, or formally through writing and submission to their Privacy Officer.
Feedback collected.
The policy was good because it protected the people’s personal information from being
disclosed to the third parties. But on the other hand, it allowed the stakeholders to disclose the
personal information under some circumstances. This disclosure of people’s personal
information in spite of the conditions is a breach of their privacy.
Work Practices
The companies denies its stakeholders the rights to disclose personal information to the
third parties and if they have to do so under some defined circumstances, the company requires
that they must disclose this information only to people who can be entrusted to keep it private.
The above practice ensures that the privacy policy and procedures are applied and followed.
The organizational privacy requires that the company should only demand personal
information from job applicants, employees, shareholders, and other stakeholders when they
need to keep updating them about the actions of the company affecting them. With the help of
their service providers, or at their secure storage locations, the information is stored
person receiving the data has the capacity to protect and secure that information and use it only
for the purpose for which it was intended.
As we would expect, Wesfarmers Limited allows people whose personal information
they hold to access that information or request for its correction, provided they meet some
conditions. The company must first ascertain that the person seeking access is the rightful person
(Svantesson and Clarke 2010). This they do because they do not want to take chances with
confidentiality. They have provisions put in place for people who would like to give complaints
concerning their privacy policy. The claims can be submitted either electronically through an
email they have provided, or formally through writing and submission to their Privacy Officer.
Feedback collected.
The policy was good because it protected the people’s personal information from being
disclosed to the third parties. But on the other hand, it allowed the stakeholders to disclose the
personal information under some circumstances. This disclosure of people’s personal
information in spite of the conditions is a breach of their privacy.
Work Practices
The companies denies its stakeholders the rights to disclose personal information to the
third parties and if they have to do so under some defined circumstances, the company requires
that they must disclose this information only to people who can be entrusted to keep it private.
The above practice ensures that the privacy policy and procedures are applied and followed.
The organizational privacy requires that the company should only demand personal
information from job applicants, employees, shareholders, and other stakeholders when they
need to keep updating them about the actions of the company affecting them. With the help of
their service providers, or at their secure storage locations, the information is stored
Australian Privacy Principles6
electronically or, on rare occasions, in hard copy. The company then uses their information
security system to protect these information from the unauthorized people.
Limitations of West farmer’s privacy policy
In my opinion, the company policy has a few flaws, with regards to the Australian
Privacy Act, that they need to take care of. The first problem concerns the disclosure of personal
information to third parties (Wright and De Hert 2012). Although the company has pointed out
very well who is entitled to the personal information they hold and under what circumstances,
they have not said who is not. The Act requires that you indicate, where relevant, who is not
entitled to the personal information you sure and why.
Another limitation appertains to the exceptional conditions for which they share personal
information as stipulated by the Act. The Act requires that they should have written down the
exact situations or circumstances that may lead to sensitive personal information. Merely saying
that there are exceptional circumstances leaves one guessing what they might be, which is not
very pleasant.
Recommendations for mitigation of limitations
To ensure the organization fully complies with the act, first, they should provide a full,
detailed list of which third parties are cleared to receive the personal information they hold, and
who is not cleared (Kenny et al. 2012). This will take care of the first limitation discussed in the
preceding paragraph. The organization should communicate these changes with all their working
personnel and make them fully aware that they should provide a clear record of the list of the
third parties they should receive their personal information.
Secondly, they should provide a detailed list of conditions, including the exceptional
ones, which may compel them to disclose personal information to third parties. This way they
electronically or, on rare occasions, in hard copy. The company then uses their information
security system to protect these information from the unauthorized people.
Limitations of West farmer’s privacy policy
In my opinion, the company policy has a few flaws, with regards to the Australian
Privacy Act, that they need to take care of. The first problem concerns the disclosure of personal
information to third parties (Wright and De Hert 2012). Although the company has pointed out
very well who is entitled to the personal information they hold and under what circumstances,
they have not said who is not. The Act requires that you indicate, where relevant, who is not
entitled to the personal information you sure and why.
Another limitation appertains to the exceptional conditions for which they share personal
information as stipulated by the Act. The Act requires that they should have written down the
exact situations or circumstances that may lead to sensitive personal information. Merely saying
that there are exceptional circumstances leaves one guessing what they might be, which is not
very pleasant.
Recommendations for mitigation of limitations
To ensure the organization fully complies with the act, first, they should provide a full,
detailed list of which third parties are cleared to receive the personal information they hold, and
who is not cleared (Kenny et al. 2012). This will take care of the first limitation discussed in the
preceding paragraph. The organization should communicate these changes with all their working
personnel and make them fully aware that they should provide a clear record of the list of the
third parties they should receive their personal information.
Secondly, they should provide a detailed list of conditions, including the exceptional
ones, which may compel them to disclose personal information to third parties. This way they
⊘ This is a preview!⊘
Do you want full access?
Subscribe today to unlock all pages.
Trusted by 1+ million students worldwide
Australian Privacy Principles7
shall have removed any doubts and uncertainties in the minds of those whose personal
information they are in custody of. For this policy to be implemented in this company and also n
others, the Australian act needs to be amended to ensure that it provides a list of conditions under
which the stakeholders may be compelled to disclose personal information to third parties.
The company should inform all their employees about the improvement of the policies to
mitigate some of the risks associated with the privacy policy and their plan to keep these changes
fully operational. We will continuously follow up the company to ensure that it keeps these new
changes in practice. To inform the company stakeholders of the changes that would be made as I
have shown in the recommendations, I will write an electronic memo that would be sent to each
of the stakeholders’ emails.
Conclusion
Except for the two shortcomings we have found out, the privacy policy of Wesfarmers
Limited is generally good and in total compliance with the Australian Privacy Act (the Act).
shall have removed any doubts and uncertainties in the minds of those whose personal
information they are in custody of. For this policy to be implemented in this company and also n
others, the Australian act needs to be amended to ensure that it provides a list of conditions under
which the stakeholders may be compelled to disclose personal information to third parties.
The company should inform all their employees about the improvement of the policies to
mitigate some of the risks associated with the privacy policy and their plan to keep these changes
fully operational. We will continuously follow up the company to ensure that it keeps these new
changes in practice. To inform the company stakeholders of the changes that would be made as I
have shown in the recommendations, I will write an electronic memo that would be sent to each
of the stakeholders’ emails.
Conclusion
Except for the two shortcomings we have found out, the privacy policy of Wesfarmers
Limited is generally good and in total compliance with the Australian Privacy Act (the Act).
Paraphrase This Document
Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser
Australian Privacy Principles8
References
Adrian, A., 2013. How much privacy do clouds provide? An Australian perspective. Computer
Law & Security Review, 29(1), pp.48-57.
Caron, X., Bosua, R., Maynard, S.B. and Ahmad, A., 2016. The Internet of Things (IoT) and its
impact on individual privacy: An Australian perspective. Computer law & security review, 32(1),
pp.4-15.
Cate, F.H. and Mayer-Schönberger, V., 2013. Notice and consent in the world of Big Data.
International Data Privacy Law, 3(2), pp.67-73.
Choo, K.K.R., 2010. Cloud computing: challenges and future directions.
Clarke, R., 2009. Privacy impact assessment: Its origins and development. Computer law &
security review, 25(2), pp.123-135.
Kenny, R., Pierce, J., and Pye, G., 2012, January. Ethical considerations and guidelines in web
analytics and digital marketing: a retail case study. In AiCE 2012: Proceedings of the 6th
Australian Institute of Computer Ethics conference 2012 (pp. 5-12). Australian Institute of
Computer Ethics.
Otlowski, M.F., 2015. Disclosing genetic information to at-risk relatives: new Australian privacy
principles, but uniformity still elusive. The Medical journal of Australia, 202(6), pp.335-337.
Pardo, A. and Siemens, G., 2014. Ethical and privacy principles for learning analytics. British
Journal of Educational Technology, 45(3), pp.438-450.
References
Adrian, A., 2013. How much privacy do clouds provide? An Australian perspective. Computer
Law & Security Review, 29(1), pp.48-57.
Caron, X., Bosua, R., Maynard, S.B. and Ahmad, A., 2016. The Internet of Things (IoT) and its
impact on individual privacy: An Australian perspective. Computer law & security review, 32(1),
pp.4-15.
Cate, F.H. and Mayer-Schönberger, V., 2013. Notice and consent in the world of Big Data.
International Data Privacy Law, 3(2), pp.67-73.
Choo, K.K.R., 2010. Cloud computing: challenges and future directions.
Clarke, R., 2009. Privacy impact assessment: Its origins and development. Computer law &
security review, 25(2), pp.123-135.
Kenny, R., Pierce, J., and Pye, G., 2012, January. Ethical considerations and guidelines in web
analytics and digital marketing: a retail case study. In AiCE 2012: Proceedings of the 6th
Australian Institute of Computer Ethics conference 2012 (pp. 5-12). Australian Institute of
Computer Ethics.
Otlowski, M.F., 2015. Disclosing genetic information to at-risk relatives: new Australian privacy
principles, but uniformity still elusive. The Medical journal of Australia, 202(6), pp.335-337.
Pardo, A. and Siemens, G., 2014. Ethical and privacy principles for learning analytics. British
Journal of Educational Technology, 45(3), pp.438-450.
Australian Privacy Principles9
Svantesson, D. and Clarke, R., 2010. Privacy and consumer risks in cloud computing. Computer
law & security review, 26(4), pp.391-397.
Wright, D., & De Hert, P. (2012). Introduction to privacy impact assessment. In Privacy Impact
Assessment (pp. 3-32). Springer, Dordrecht.
Svantesson, D. and Clarke, R., 2010. Privacy and consumer risks in cloud computing. Computer
law & security review, 26(4), pp.391-397.
Wright, D., & De Hert, P. (2012). Introduction to privacy impact assessment. In Privacy Impact
Assessment (pp. 3-32). Springer, Dordrecht.
⊘ This is a preview!⊘
Do you want full access?
Subscribe today to unlock all pages.
Trusted by 1+ million students worldwide
1 out of 9
Related Documents
Your All-in-One AI-Powered Toolkit for Academic Success.
+13062052269
info@desklib.com
Available 24*7 on WhatsApp / Email
![[object Object]](/_next/static/media/star-bottom.7253800d.svg)
Unlock your academic potential
Copyright © 2020–2025 A2Z Services. All Rights Reserved. Developed and managed by ZUCOL.