Data privacy is an increasingly important issue in the healthcare industry. All individuals – including patients, employees, consumers or investors – expect protection of their personal data, which can comprise name, work and home address, family information, employment or financial details, or more sensitive health information.
Novartis Group companies adhere to all privacy laws and regulations around the world that apply to areas of our business. We fully support the protection of confidential medical information, including genetic information. We strongly condemn the disclosure of any information that could lead to any form of discrimination, as well as the use of identifiable genetic data without the individual's informed consent and authorization.
Our policy on the protection of personal information serves as the framework of our data privacy program. Our program includes a global organization and infrastructure as well as procedures and trainings to support local activities and ensure compliance. This data privacy framework has now been formalized through the Novartis Binding Corporate Rules (BCR). The BCR are a system of principles, rules and tools, provided by European law, in an effort to ensure effective levels of data protection, in particular relating to transfers of personal information outside the EEA and Switzerland.