|
|
|
|
|
|
|
 |
25 |
 |
|
|
Information Privacy and Security
Many countries where we do business
have privacy or data protection laws
requiring the responsible management
of their citizens' personally identifiable
information - information that can be
used to identify, locate or contact an
individual. These laws, and Schering-
Plough policies, require that the
Company and its representatives
respect the privacy of personally
identifiable information, and use
reasonable and appropriate security
safeguards to protect such information
from unauthorized access, use or
disclosure. This may include, for
example, personally identifiable
information collected from our
colleagues, clinical trial subjects and
site personnel, and personal information
collected through our sales and
marketing initiatives.
This means:
- Respecting the privacy of personally
identifiable information, and using
appropriate security safeguards to
protect such information against loss,
misuse and unauthorized access,
disclosure, alteration or destruction.
- Collecting and protecting all
personally identifiable information in
compliance with Company policy or
local law, whichever sets the highest
standard.
- Reporting any data security breaches
immediately to the Global Services
Help Desk, your local Data Privacy
Steward or the Office of Global
Privacy.
|
|
|
|
|
Information Privacy and
Security
Q. In my job, I sometimes
transfer personal information about colleagues to a vendor for
processing. How do I make sure I'm doing everything I can to protect the information?
A. You need to make sure that the
only personal information being sent to the vendor is that which is
needed for the specific business purpose. You should also verify
that the vendor uses appropriate levels of security to protect the
information and that there are privacy and security agreements
in place. You may also want to consider encrypting the
information before you transfer it. If you have any questions about
any of these measures, please contact your local Data Privacy
Steward, the Office of Global Privacy or the Office of Global
Information Technology Security.
Q. I am a sales representative.
During a sales call, a physician revealed confidential information
about a patient. Can I include that information in my call notes?
A. No. You should never include personal health
information or other sensitive personal information about...
(Continued on next page)
|
|
