The biggest takeaway from a $3 million investigation into whether a NSW wholesale retailer breached the consumer protection act is that it appears the company knew about the breaches but didn’t take any action.
Key points:A federal inquiry found that the NSW wholesale gaming company knew it was breaking the consumer protections actBut it also found the retailer “did not have the capacity to prevent” the breaches”In the case of the $3.4 million fine, the investigation found the retail giant knew it had breached the act, but did not act to prevent themThe investigation was triggered after the NSW Attorney-General’s Department was alerted to the breach in May this year, and in March this year a NSW Court of Appeal panel found that in the course of its investigation, the NSW consumer protection agency failed to act to stop the breaches.
The court ruled that while the retailer knew the breaches had been identified, it did not have sufficient capacity to stop them.
The NSW consumer watchdog agency is still awaiting a final ruling on its appeal against the fine.
But it is clear that the retailer didn’t have the capability to prevent the breaches that led to the $1.6 million fine.
The investigation, conducted by the Federal Court of Australia, found that from May 2016 to March 2017, NSW retailers in NSW were required to have information on customers and their payments, as well as on customers’ bank accounts and credit card details, on file with the NSW Consumer Protection Agency.
In its report, the consumer watchdog concluded that “the retailer did not adequately and promptly report” the breach to the agency.”
The retailer’s failure to ensure that this information and the payment information had been made available to the NSW agency when it was made aware of the breach is a significant failure of the retailer,” the consumer agency concluded.
It was only after the inquiry had finished that the Victorian Attorney-Defence Service received the information and contacted the retailer to ask for information about the breach, but was told “there was nothing to report”.
The report also found that while retailers are required to report breaches to the consumer law agency, it’s not always possible to do so, and it’s only after there’s been a complaint that it becomes possible for the agency to act.
The inquiry heard the retailer initially “admitted to being aware of a breach of the consumer rights act, and provided the information it had to the [NSW consumer law] regulator” but then “did little to prevent or respond to the breaches”.”
The investigation identified that the company had the capacity and resources to prevent these breaches,” the report said.”
However, it was unable to act on the breaches it knew about.
“The inquiry found the company failed to have a written policy that covered the breaches and to have procedures in place to prevent breaches from occurring, and the investigation also found “that it did nothing to protect the customer”.”
It failed to take adequate steps to ensure its compliance with the consumer information protection act and the consumer credit protection act,” the investigation concluded.
The Victorian Attorney General’s Department has defended the fine against the inquiry’s findings, saying it’s a “truly remarkable case” and it will appeal the case.