MSD Korea allegedly breached the Personal Information Protection Act by collecting doctors’ information without their consent, the company’s labor union said.

The suspicion emerged after the company came under fire for recording private conversations of doctors through its Self-Assurance Program (SAP) last year.

MSD Korea’s trade union submitted an official complaint to the management recently, listing examples of privacy breach in the operation of SAP and MSDonline, the company’s healthcare information website for physicians.

The labor union said that it received legal advice to assert the management’s violation of the Personal Information Protection Act and that the management was working with a legal counseling firm to review the labor union’s allegations.

Among several suspicions raised by the labor, the SAP operation has created the fiercest conflict between management and labor.

The SAP is a program to place an external monitoring agent randomly in 5 percent of small meetings of two to 25 persons for product briefings for doctors to record the meetings' content.

Last year, Korea Biomedical Review’s exclusive report on the monitoring agents’ recording of physicians’ private conversations made doctors furious. Under mounting criticism, MSD Korea promised to improve the monitoring process and to have monitoring agents use “objective indicators as much as possible” when writing reports.

However, MSD Korea broadened the SAP application scope from meetings of five to 25 people to those of two to 25. Moreover, the company notified the drug sales representatives and doctors only 45 minutes before the meeting that the monitoring agent would record the product briefing conversations.

In response to the enhanced SAP, the labor union rapped the management’s “unilateral and sudden notification” and excessive monitoring level. However, the management kept insisting that the SAP was “the company’s continuous effort to maintain transparency and compliance.”

The labor union claimed that external monitoring agents, dispatched for the enhanced SAP compliance, might be engaged in illegal acts.

The trade union said the company internally asked drug sales reps to save the guestbook of doctors who attended product briefings. The guestbook contains information, including names, organizations, and signatures. MSD Korea forced employees to upload the information on a company's website and attach the guestbook when reporting company expenses, the labor union said.

According to the labor, the company collected the guestbook of doctors without asking them whether they agreed on the collection of their signatures.

Under the SAP, the external monitoring agent shot a picture of the guestbook and reported it to MSD Korea, which could be illegal, the labor group said.

The labor union inquired with the state-run Korea Internet & Security Agency (KISA) to see if the external monitoring agent’s act was legal.

If taking pictures of personal information in the guestbook is cited in the consignment contract, the act is not a violation of the law, the labor union said, quoting an official at the KISA.

However, the consignment company must notify the client of the collection activity in a publicly available written form. If there is no such notice, it is a violation of the law.

MSD Korea made it mandatory for doctors to agree on the marketing and public relations items when signing up for MSDonline, its healthcare information website. This was in breach of the Personal Information Protection Act's Article 1, 2, and 3, the labor union claimed.

Personal information of physicians who joined MSDonline has been transferred and came under management by an overseas company. Still, the company did not notice this when doctors signed up for the website, according to the labor. This was a violation of the Personal Information Protection Act’s Article 39, Paragraph 12-2, the union said.

Copyright © KBR Unauthorized reproduction, redistribution prohibited