CSL views data protection and privacy as a key component of corporate sustainability. CSL collects and holds personal information about our employees and key stakeholders, such as plasma donors, healthcare professionals and patients. Unauthorised access or use of this information presents a risk to our operations, and CSL’s place as a leader in the biotherapies marketplace.
Cybersecurity remains an important focus of CSL’s senior leadership group and CSL’s Audit and Risk Management Committee of the Board. CSL regularly assesses information security risk as we continue rapid growth globally. At the same time, we continue to make strategic investments in cybersecurity and cybersecurity risk management in the areas of identity and access management, network security, application and data security. We have also taken substantive efforts to protect our patients’, donors’ and employees’ personal information through the broader use of data handling process improvement and encryption.
Security awareness is a top-priority and each year we provide mandatory security awareness training for all employees and contingent workers. This training includes an updated version of our Cybersecurity and Risk Handbook. This detailed guide provides employees with a deeper understanding of the external threats and practical guidance for data, email, mobile, network and physical security to prevent cyber-breach.
In addition, we comply with relevant privacy and health regulations in all jurisdictions in which we operate and are committed to safeguarding the privacy of personal information that we gather. Dedicated personnel operating across major jurisdictions oversee the governance and identification of privacy-related matters as relevant to their operations and local laws, such as China’s Cybersecurity Law (effective as of 1 June 2017) and the new European General Data Protection Regulation (effective as of 25 May 2018).