Guest author Mazen Kassis, Head of Data and Analytics at Foodstuffs North Island with a duty to help embed good data and analytics and privacy practice across the 25,000 person-strong, 100% Kiwi-owned co-operative.

At Foodstuffs North Island (the Co-operative behind the PAK’nSAVE, New World, Four Square and Gilmours brands in the North Island), we are on a mission to help New Zealanders get more out of life by becoming one of the most customer-driven grocery retailers in the world. This means putting customers and their trust at the centre of decisions made across our organisation.

The theme of this year’s Privacy Week reminded us that one of the foundations of trust is privacy and it is important to ensure the trust of our customers by treating their personal information as precious and with respect.

It was in this spirit that we commemorated Privacy Week in 2022. We decided to build on the last year’s momentum by trying to do something novel and thought it may be worthwhile sharing our story in case others can benefit from learning about it.

What was the game plan for Privacy Week?

The idea was that, for each of the first four days of Privacy Week (9-12 May), we would share a practical real-world scenario. One scenario would be released each morning, enabling people to go over them and think about what they mean and how they would respond in a similar scenario. At the end of each day, we looked to release guidance about best practice in each scenario. This “best practice” would include reference to the relevant sections of the Privacy Act 2020 as well as some practical tips to think about dealing with the scenarios.

On the fifth and final day of Privacy Week, we scheduled a Q&A session, hosted by an influential member of the Executive team (our Chief Digital Officer) and panellists representing our Foodies Triangle of Trust – one of the terms we use to refer to our Legal, Information Security and Data teams. The session was a virtual, open forum in which anyone from Foodstuffs was welcome to join. One of the intentions of the scenarios was that they would get people thinking, such that they could come to the Q&A session better prepared with questions that we’d do our best to respond to in relation to data and privacy.

We designed a digital Privacy Portal to house all this content and enable us to assess, anonymously, levels of engagement (e.g., page views, links opened, etc.). In addition to the above referenced content, the Portal included a fun and friendly educational video we put together to mark the occasion, which you can check out here.

What were some learnings?

  • The more relevant and real-world applicable the privacy scenarios, the higher the level of general engagement.
  • Simplicity in message trumps completeness.
  • Planning and then bringing to life meaningful content takes time, so plan ahead.
  • Sponsorship, promotion and/or involvement from senior stakeholders helps boost image and profile of content and events.
  • Approach to content and attitude responding to questions can make or break things, so aim to keep things friendly and make people feel safe that they could ask virtually anything, across a variety of engagement channels.

We’re certainly looking forward to next year’s event and to continuing this critical work, every day.

source: Office of the Privacy Commissioner