Risk-area specific programs In addition to the corporate compliance and ethics programs that address general enterprise-wide topics, other programs are designed to mitigate more specific risks. Two examples include Privacy and Anti-Corruption. Privacy program Patient, customer and employee privacy, security and confidentiality are critical at McKesson, and we are committed to maintaining the privacy and security of personal information. McKesson has adopted specific policies, procedures and privacy principles that guide how we collect, store, access and use personal information throughout the company. We provide clear and timely notice about our privacy practices. This includes how we collect, use, retain, protect and disclose personal information. Our Privacy Notice is available on our website . McKesson has established a Global Privacy Office responsible for the support and coordination of key privacy initiatives across the enterprise involving the collection, use and disclosure of personal information, including cross-border data transfers. This includes developing the enterprise privacy program strategy, developing and maintaining enterprise policies and training, along with developing enterprise tools, processes and controls for the promotion of organizational consistency and efficiency. We also take steps to help ensure that our business partners protect personal information before we share it with them. Anti-corruption program We succeed based on the quality of our products, services, and people. Corruption or bribery of any sort is counter to the way we do business and is strictly prohibited. Our policies prohibit promising, offering, or giving “anything of value” with the intent to improperly influence the conduct of a government official, an employee or representative of our commercial business partners, a medical professional, and others. Our policies also do not allow the receipt of anything of value that could be perceived to improperly influence our conduct. We expect our business partners and third parties acting on our behalf to comply with all applicable anti-bribery and anti-corruption laws and standards. This includes third parties who might interact with a customer or government official on our behalf. Training and communication McKesson has implemented a focused compliance training and communications plan to educate employees, business partners and our Board on business risks and policies relevant to their roles. For example, McKesson delivers training on its Code of Conduct to the Board on an annual basis. Our approach combines various training methods reinforced through supporting communication resources available via our corporate intranet and through leadership messaging and communications. These training and communication resources are McKesson has adopted specific policies, procedures and privacy principles that guide how we collect, store, access and use personal information throughout the company. Introduction Stories Employees Access Equity Climate Operations >Table of Contents | 60 FY21 Impact Report