Wesfarmers Health - Data and cyber security

Community expectations regarding the collection, use and protection of personal information continue to evolve, especially where the data contains sensitive information and relates to the health and wellbeing of individuals.

Wesfarmers Health recognises the importance of establishing and maintaining the trust of those whose data it holds, maintaining community confidence and adhering to legal and regulatory standards.

Cyber security and data governance are critical to Wesfarmers Health’s operations and reputation.

During the year, Wesfarmers Health established a data governance framework, enhanced data governance and privacy impact assessment procedures and uplifted privacy and data literacy training. 

Key milestones achieved include:

• Establishment of the Wesfarmers Health Data Council.  The objective of the Council is to ensure that Wesfarmers Health data assets are optimised, effectively managed, secure, compliant and used responsibly and ethically. This objective is achieved by ensuring that Wesfarmers Health has appropriate systems and resources in place whilst establishing and enforcing policies, procedures and standards;
• Review and update of key internal data policies that govern the collection, storage, use, destruction and sharing of data across the Wesfarmers Health business: Data Classification Policy, Data Retention & Destruction Policy, Data Sharing Policy, Data Use Policy, Data Access Policy, Data Quality Policy; and
• Review and update of the Data Breach Response Plan in conjunction with the cyber security team to enable Wesfarmers Health, in the event of a data breach, to contain, assess and respond quickly and mitigate potential harm.
  

In the 2025 financial year, Wesfarmers Health will invest in further embedding data governance capability within team members and look at key areas of opportunity to further strengthen operational data controls.