Skip to main content

Information security  & data privacy

  • GRI
  • 418-1

    Substantiated complaints concerning breaches of customer privacy and losses of customer data

We believe in maintaining a proactive information security strategy to protect information assets against threats to our business. Similarly, J&J is committed to data privacy and ensuring that protecting personal information is integral to our core way of operating. In addition to our Code of Business Conduct and compliance with the laws that apply to our operating companies’ handling of personal information, we maintain robust data privacy controls to protect the personal information of our employees, customers, partners and all those who entrust their information to us.

We improved the robustness of our information security and privacy programs in 2023 in the following ways:

  • Expanded cyber capabilities: To enhance protection of company assets, we deployed a new solution for modernizing the security for access to company applications and systems. This new solution securely connects users to applications and was deployed to more than 60% of users in 2023. Deployments to remaining users are targeted for early 2024. Additionally, we initiated the deployment of data protection measures to increase the security of sensitive company data against threats of unauthorized removal, including employee, customer, patient, and partner data. The measures were deployed to the majority of the global user base in 2023 and will be deployed to remaining users in early 2024.
  • Enhanced protection against cyber risk at multiple supply chain sites: We completed a targeted effort to enhance the security at multiple critical supply chain sites, helping establish an effective baseline level of security controls. These efforts reduced the risk to operations at the sites and increased our ability to provide products to patients and customers.