Skip to content
Responsible Business Practices
Ethics & Values

Information Security & Data Privacy

African American Father Hugging Daughter

Johnson & Johnson is strongly committed to protecting the privacy of those who entrust us with their personal information. In addition to our Code of Business Conduct and all the laws that apply to our operating companies’ handling of personal information, we also maintain global privacy policies to which all our businesses worldwide must adhere. Our policies reflect our commitment to fair and transparent information practices. Similarly, through our Information Security and Risk Management organization, we safeguard the Company’s networks, systems, products and information against evolving cyber threats to prevent unintended or unauthorized access to both business and personal information.

In 2020, we increased efforts to ensure compliance with the growing number of new privacy and cybersecurity laws around the globe which all have security or data protection requirements, including the California Consumer Privacy Act, the Brazilian LGPD (Lei Geral de Proteção de Dados Pessoais) compliance law, as well as other new regulations in China, South Korea and Thailand. Generally, these regulations require new processes and systems to help ensure consumers and patients have greater knowledge of their privacy rights, and the ability to exercise such rights with respect to access, correction of, and deletion of their data. We are updating websites controlled by Johnson & Johnson and establishing new or enhanced processes to support consumer, patient and other data subject requests to address these requirements. Furthermore, to enhance our cybersecurity capabilities, we deployed a new Medical Device Product Cybersecurity Quality Standard, increasing confidence that cybersecurity controls are in place to ensure the availability of the devices and the confidentiality and integrity of their associated data. We also expanded our cybersecurity controls to address the expanding and evolving global cybersecurity threats.

Externally, we partnered with industry groups in different regions—both to help ensure new privacy regulations are effective in addressing the needs of patients, consumers and businesses in managing the use of personal information, and to share cybersecurity threat intelligence and best practices. These partnerships are critical for research, innovation, and building patient and consumer engagement, particularly in emerging areas of health technology.

Also, as part of our global COVID-19 response, we worked intensively across the Enterprise to assist in the rapid transitioning to virtual business models and remote working in ways that protect Company information and respect the privacy rights of individuals, including privacy support and guidance for on-site COVID-19 testing and our vaccine development. Additionally, we launched a separate cybersecurity program dedicated to the security of Janssen vaccine development, manufacturing and distribution.

See also our Positions on Information Security and Data Privacy.

Back to Corporate Governance Up next Human Rights
Back to Top
You are leaving and entering a third-party site. This link is provided for your convenience, and Johnson & Johnson disclaims liability for content created or maintained by third parties.
Yes, let's go