Share, Comply and Thrive: how to share information legally to fight crime

Gavin Smith, Allens Lawyers

We’re fortunate to be living in a time where there is meaningful, substantive debate about privacy—and I say that not just from the perspective of my role as a privacy lawyer. There is now a clear recognition around the world that the rights of individuals to privacy need to be balanced – in a sensible way – with the ability of organisations to collect and use information for legitimate business purposes.

I recently had the opportunity to discuss how this applies to safety and security at an Organised Retail Crime Roundtable with police and leading retailers. For retailers, there’s a need to equip teams with the ability to collect the information they need to create safe stores, while also addressing the need to be responsible with the personal information they capture.

Organised Retail Criminal activity isn’t isolated to individual retailers. This means that retailers need to collaborate to effectively mitigate a common threat. Many retailers have been collaborating informally for years but are often uncertain around the extent to which they can share information about offenders, either within their own company or with other retailers.

For example, if stores collected CCTV images of an offender stealing from one store, could they reasonably retain and share that information with other retailers?

Under privacy laws in Australia, the use and sharing of information is generally permitted if a company has collected the information for that specific purpose. It can be shared with police bodies in order to assist the police to apprehend the criminals.

It can also be used and shared with others if a store has reason to suspect that unlawful activity or misconduct of a serious nature has occurred to that store, and reasonably believes that sharing the information is necessary to take appropriate action in relation to the matter (i.e., to prevent further crimes occurring).

This allows stores of a multi-site retailer to collect and use information about crimes or potential crimes that occur across their organisation. This is because it is reasonable to expect that the same offenders may target other stores within the brand.

It also allows retailers to share information about crimes or potential crimes with other retailers. That’s because the evidence shows that retail criminal activity is often organised and likely to be repeated. By sharing this sort of information with other retailers, that increases the likelihood of deterring repeat offences but also that the perpetrators may be apprehended. That in turn will reduce the likelihood of repeat crimes occurring in their own stores.

Of course, this sort of information needs to be handled very carefully. That means it should only be shared to the extent reasonably necessary, only with relevant recipients, and only through secure and well-governed means.

As long as retailers are careful about these steps, it is possible for you to collaborate to reduce and prevent crime at the same time as complying with an individual’s expectation of privacy.

 

Note:  While written in an Australian context, the general principles of privacy law are consistent across jurisdictions. For more information about Auror’s privacy practices, check out our privacy policy.