Better Health for All

The company's data storage solutions provide substantial health benefits by supporting Electronic Health Records, medical imaging, AI-driven research, and enabling the development of life-saving drugs.

Its products are crucial components in Internet of Medical Things devices, improving diabetes management through automated insulin pumps and continuous glucose monitoring. The company's global recordable and lost time injury and illness incident rates (LTIR: 0.10%, TRIR: 0.14% in FY2024) are consistently lower than North American Industry Classification System (NAICS) industry averages, and all twelve manufacturing sites are ISO 45001:2018 certified. The company emphasizes protecting patient information and complying with regulations like HIPAA, offering hardware-level encryption and Self-Encrypting Drive technology. While the company offers health-related benefits to employees, such as 100% covered preventative care at its on-site wellness center, and contributes $750 annually to Health Savings Accounts, there is no evidence regarding the pricing of its core products relative to health accessibility.

Fair Pay & Worker Respect

The CEO to median employee pay ratio was 1,649:1 in FY2024.

The employee Total Recordable Incident Rate (TRIR) was 0.14% in FY2024. In FY2024, women were paid 99.2 cents for every dollar earned by men globally. Voluntary employee turnover was 8.9% in FY2024. The company settled a $7.75 million lawsuit in 2021 for claims of paying women less than men. SanDisk Corporation had a wage and hour violation with a penalty of $19,813 in 2012. Western Digital, the parent company, had an employment discrimination penalty of $7,750,000 in 2021 and a wage and hour violation penalty of $2,075,000 in 2011.

Fair Trade & Ethical Sourcing

SanDisk's finished goods factories and 90% of its tier-1 suppliers (strategic partners and single-sourced suppliers) are audited biennially by the Responsible Business Alliance (RBA) through third-party auditors.

The company has reported zero findings of child labor in the past five years.

Honest & Fair Business

Sandisk has a formal whistleblower protection policy as part of its Global Code of Conduct (GCOC).

This policy includes a dedicated Ethics Helpline managed by Navex Global, available 24/7 via web and phone in multiple languages, allowing for anonymous reporting, and explicitly prohibiting retaliation against whistleblowers. Mandatory annual training on the GCOC is conducted in English and local languages, with a certification requirement. The company also maintains a comprehensive anti-corruption policy that prohibits bribery and corruption, adhering to global laws such as the FCPA and UK Bribery Act. Regular risk assessments, including enterprise-wide and subject-specific assessments for anti-corruption, are conducted, and senior management and key employees complete an annual disclosure certification.

No War, No Weapons

Western Digital, which includes SanDisk, continued supporting companies that facilitated Chinese police and censorship systems until sanctions and U.S. government pressure forced a course correction.

The company's Global Human Rights Policy aligns with international human rights standards, and it conducts human rights impact assessments consistent with the UN Guiding Principles on Business and Human Rights, but implementation is uneven across divisions. Human rights due diligence and impact assessments are conducted at regular intervals and whenever appropriate, and ongoing communication and engagement with global production parts suppliers ensure sustained due diligence in mineral sourcing. The company strongly disapproves of violence, unsafe working conditions, and child labor in conflict-affected areas, but meets only basic humanitarian procurement guidelines. Suppliers must ensure 3TG minerals do not finance armed groups or contribute to human rights abuses, but this only covers nuclear and chemical systems. In 2024, 98% of in-scope suppliers successfully reported sourcing from conformant smelters for conflict minerals. Annual partner reviews identify low-risk partners, with remediation ongoing.

Planet-Friendly Business

The company reported total Scope 1, 2, and 3 emissions of approximately 7.74 million tCO₂e for FY2024. Its Science Based Targets initiative (SBTi) targets, approved in September 2021,

include a 42% reduction in Scope 1 and 2 emissions by 2030 from a 2020 base year, and a 50% reduction in Scope 3 use-phase emissions intensity by 2030 from a FY2020 base year. The company achieved 44% renewable energy-powered electricity consumption in FY2024 and aims for 100% by 2030. Water withdrawals were reduced by 23% in FY2024 compared to a 2022 baseline, with 22.2% of total water withdrawal from high or extremely high baseline water stress regions. The waste diversion rate was 73.7% in FY2024, with a target to divert over 95% by 2030. The company has completed nine product Life Cycle Assessments (LCAs). Recycled content in HDD products is maintained at 36%-40%, and enterprise packaging increased to 64% recycled content by weight. Zero fines were incurred for product environmental non-compliance in FY2024. The net-zero target for Scope 1 and 2 emissions is 2032. The company is a TCFD member and has developed three climate-related risk and opportunity scenarios for 2030. 38% of suppliers have set Science-Based Targets. Biodiversity efforts include employee volunteer events for turtle nesting grounds, tree planting, and pollinator protection. Packaging recycled content increased from 45% to 64% by weight for enterprise packaging.

Respect for Cultures & Communities

The company has two formal partnerships with local community groups: Orange County United Way and Silicon Valley Community Foundation.

The company conducts human rights impact assessments (HRIAs) consistent with the UN Guiding Principles on Business and Human Rights, but the consistency of implementation across operations is not specified. A global ethics helpline is available 24 hours a day, managed by an independent third party, and is available in all major languages spoken by employees and suppliers’ workers. The global ethics helpline is available in all major languages spoken by employees, indicating limited local language incorporation beyond major languages. The company promptly investigates and corrects any confirmed problems, which suggests reactive responses to cultural incidents. The company supports research in digital cultural preservation at UC San Diego, which is a form of reinvestment, but the percentage of reinvested funds is not specified. The company supports research in digital cultural preservation at UC San Diego, but the percentage of revenue donated to cultural heritage organizations is not specified.

Safe & Smart Tech

SanDisk SecureAccess 3.02 used a one-way cryptographic hash with a predictable salt and insufficient computational effort, making it vulnerable to dictionary attacks.

SanDisk PrivateAccess Version 6.3.5 now uses PBKDF2-SHA256 with a randomly generated salt. Additionally, SanDisk SecureAccess software was found to leave temporary, unencrypted copies of files on disk if the application crashed or a file was locked during closure. Western Digital experienced a network security incident on March 26, 2023, where an unauthorized third party gained access to multiple systems and obtained a copy of a database containing customer information, including names, addresses, email, phone, encrypted hashed/salted passwords, and partial credit card numbers. Western Digital's vulnerability disclosure policy aims to complete remediation and release a fix within 90 days of initial acknowledgement. SanDisk's vulnerability disclosure policy also aims for remediation and fix release within 90 days of initial acknowledgement. Neither Western Digital nor SanDisk currently offer or participate in bug bounty programs. Western Digital states, "We consider privacy at every step of all business processes that involve Personal Information." The company also instructs employees to "Only access what you need" when handling Personal Information. Western Digital has been recognized as one of the World’s Most Ethical Companies by Ethisphere for the fourth year in a row as of March 15, 2022. However, the company experienced a network security incident in March 2023 that involved unauthorized access and data theft, impacting systems used by SanDisk products.