Data Protection and Privacy

Cybersecurity remains an important focus of CSL’s senior leadership group and CSL’s Audit and Risk Management Committee of the Board. CSL regularly assesses information security risk as we continue rapid growth globally. At the same time, we continue to make strategic investments in cybersecurity and cybersecurity risk management in the areas of identity and access management, network security, application, and data security. We have also taken substantive efforts to protect our patients’, donors’ and employees’ personal information through the broader use of data handling process improvement and encryption.

Security awareness is a top priority, and each year we mandate information security awareness training for all employees and contingent workers, including review of CSL’s Information Security Handbook. This detailed guide provides employees with an overview of the external cybersecurity threats that CSL faces and practical guidance for data, email, mobile, network and physical security to prevent a cybersecurity breach.

In addition, we comply with relevant privacy and health regulations in all jurisdictions in which we operate and are committed to safeguarding the privacy of personal information that we process. Dedicated personnel operating across major jurisdictions provide oversight and governance of privacy risk, empowering operational compliance of data privacy laws, such as China’s Personal Information Protection Law (effective as of November 2021) and the European General Data Protection Regulation (effective as of 25 May 2018), through a robust data privacy framework and appropriate controls.