Skip to main content
CSL - Governance Hero)

Data Protection and Privacy

Pictured: CSL Employees in Melbourne, Australia

Data Protection & Privacy

CSL views data protection and privacy as a key component of corporate sustainability. CSL collects and holds personal information about our employees and key stakeholders, such as plasma donors, healthcare professionals and patients. Unauthorised access or use of this information presents a risk to our operations, and CSL’s place as a leader in the biotherapies marketplace.

Man looking at a network server

Cybersecurity remains an important focus of CSL’s senior leadership group and CSL’s Audit and Risk Management Committee of the Board. CSL regularly assesses information security risk as we continue rapid growth globally. At the same time, we continue to make strategic investments in cybersecurity and cybersecurity risk management in the areas of identity and access management, network security, application, and data security. We have also taken substantive efforts to protect our patients’, donors’ and employees’ personal information through the broader use of data handling process improvement and encryption.

Group of office team members in an office watching a screen

Security awareness is a top priority, and each year we mandate information security awareness training for all employees and contingent workers, including review of CSL’s Information Security Handbook. This detailed guide provides employees with an overview of the external cybersecurity threats that CSL faces and practical guidance for data, email, mobile, network and physical security to prevent a cybersecurity breach.

In addition, we comply with relevant privacy and health regulations in all jurisdictions in which we operate and are committed to safeguarding the privacy of personal information that we process. Dedicated personnel operating across major jurisdictions provide oversight and governance of privacy risk, empowering operational compliance of data privacy laws, such as China’s Personal Information Protection Law (effective as of November 2021) and the European General Data Protection Regulation (effective as of 25 May 2018), through a robust data privacy framework and appropriate controls.