Data and privacy protection

Data Privacy is an increasingly important legal compliance issue in the pharmaceutical industry, in particular in the areas of Human Resources, Development, Marketing & Sales, Public Affairs as well as IT outsourcing activities. All individuals, including patients, employees, consumers or investors, expect – and can require – protection of their personal data. Personal information, meaning information relating to an identified or identifiable person, can include the health, employment or financial details that individuals share with the companies with which they choose to do business.

Novartis adheres to the many privacy laws and regulations around the world which apply to areas of its business that collect and otherwise process personal data. We fully support the protection of confidential medical information, including genetic information. We condemn the disclosure of individually identifiable genetic data without the individual's informed consent and explicit authorization, or any use or disclosure of such information which could lead to discrimination.

The Novartis Data Privacy Program aims primarily at closing the control gaps relating to personal information and to make data privacy an integral part of business processes. This ensures business continuity and increases the trust of patients, employees, customers and authorities, thus fostering our corporate reputation. Our approach sets a clear accountability at country level for local compliance with data privacy laws and internal regulations as well as for implementing the privacy program.

Our Policy on the Protection of Personal Information, approved by the Executive Committee of Novartis and the Board of Directors and effective since January 2008, serves as the framework of our Data Privacy Program. Further, our program includes a global organization and infrastructure as well as procedures and trainings to support local activities and ensure compliance with cross- functional and border projects.

Particular challenges include ensuring appropriate security, keeping up with new laws and requirements and evaluating how to handle conflicts between privacy laws and other legal requirements, such as drug safety adverse event reporting laws. We also engage in outreach efforts with regulators and stakeholders to assist them in understanding why we need certain types of data and how consumers benefit from our programs.

In 2006, Novartis Pharmaceuticals Corporation in the US became certified to the Safe Harbor Program, which enables transfer of personal data between the EU and the US, based on a commitment to adhering to certain privacy standards. The Novartis Institute for Functional Genomics, Novartis Corporation, Novartis Consumer Health, Ciba Vision Corporation and Novartis Vaccines & Diagnostics have since been Safe Harbor certified. Sandoz, Animal Health and the Novartis Institutes for Biomedical Research (NIBR) are expected to be Safe Harbor certified in 2009.

 

Back to top