Case Summary
A general practitioner complained about a Univadis mailing from Merck Sharp & Dohme. Univadis was a free on-line service from Merck Sharp & Dohme which provided medical information, news and general information to health professionals.
The complainant noted that the mailing gave his name, user name and password but as it was not labelled private and confidential it had been opened by his surgery staff. The complainant did not consider this appropriate or ethical.
The complainant further noted that he had twice asked Univadis to deregister him and not send him any further information. At least once deregistration had been confirmed so the complainant was upset to receive the mailing which showed yet again that he had not been fully deregistered in spite of asking to be. The complainant understood that this also broke data protection regulations.
The Panel noted that Univadis was an internet information service from Merck Sharp & Dohme and a mechanism through which it sent promotional material. It further noted from Merck Sharp & Dohme that in January 2006 the complainant was removed from the promotional mailing list.
This did not delete his Univadis account altogether which remained active. It appeared that this led to the personally addressed mailing at issue, sent in May.
The Panel considered that it was most unfortunate that following the complainant’s request in January to unsubscribe so that no further emails were sent, Merck Sharp & Dohme did not check with him that he was still happy to receive non-promotional emails and mail. Subscribers could unsubscribe from promotional emails as well as every email or overland mail sent. It was reasonable to assume from the complainant’s email to Univadis in January that he did not want any mailings from Univadis.
The Panel further noted that the complainant’s confidential data had been posted to him in an envelope which had not been suitably marked such as to prevent others opening it. The terms of use agreement referred to ‘Registration and privacy’ and stated ‘We take your privacy very seriously. Signing up to the Univadis service guarantees the safety of your data’.
The Panel noted that the complainant’s name had been removed from a promotional mailing list as requested and that his email address had thus not been used for further promotional mailings. The Panel ruled no breach of the Code. However the Panel considered that in its administration of the Univadis service Merck Sharp & Dohme had not maintained high standards. The Panel ruled a breach of the Code.
CASE AUTH/1839/5/06 GENERAL PRACTITIONER v MERCK SHARP & DOHME
Communications from Univadis
A general practitioner complained about a Univadis mailing from Merck Sharp & Dohme. Univadis was a free on-line service from Merck Sharp & Dohme which provided medical information, news and general information to health professionals.
The complainant noted that the mailing gave his name, user name and password but as it was not labelled private and confidential it had been opened by his surgery staff. The complainant did not consider this appropriate or ethical.
The complainant further noted that he had twice asked Univadis to deregister him and not send him any further information. At least once deregistration had been confirmed so the complainant was upset to receive the mailing which showed yet again that he had not been fully deregistered in spite of asking to be. The complainant understood that this also broke data protection regulations.
The Panel noted that Univadis was an internet information service from Merck Sharp & Dohme and a mechanism through which it sent promotional material. It further noted from Merck Sharp & Dohme that in January 2006 the complainant was removed from the promotional mailing list. This did not delete his Univadis account altogether which remained active. It appeared that this led to the personally addressed mailing at issue, sent in May.
The Panel considered that it was most unfortunate that following the complainant’s request in January to unsubscribe so that no further emails were sent, Merck Sharp & Dohme did not check with him that he was still happy to receive non-promotional emails and mail. Subscribers could unsubscribe from promotional emails as well as every email or overland mail sent. It was reasonable to assume from the complainant’s email to Univadis in January that he did not want any mailings from Univadis.
The Panel further noted that the complainant’s confidential data had been posted to him in an envelope which had not been suitably marked such as to prevent others opening it. The terms of use agreement referred to ‘Registration and privacy’ and stated ‘We take your privacy very seriously. Signing up to the Univadis service guarantees the safety of your data’.
The Panel noted that the complainant’s name had been removed from a promotional mailing list as requested and that his email address had thus not been used for further promotional mailings. The Panel ruled no breach of the Code. However the Panel considered that in its administration of the Univadis service Merck Sharp & Dohme had not maintained high standards. The Panel ruled a breach of the Code.
A general practitioner complained about a Univadis mailing from Merck Sharp & Dohme Limited. Univadis was a free on-line service from Merck Sharp & Dohme which provided medical information, news, general information to health professionals and communication from Univadis. The document stated that it was a service from Merck Sharp & Dohme.
COMPLAINT
The complainant stated that he had recently received a mailing in the post which was not labelled private and confidential and gave his name, user name and password. As it was not labelled confidential it had been opened by his surgery staff. The complainant did not consider this appropriate or ethical.
The complainant further noted that he had twice asked Univadis to deregister him and not send him any further information about it. On at least one of these occasions it had been confirmed by Univadis so the complainant was extremely upset to receive the mailing which showed yet again that he had not been fully deregistered in spite of registering this. The complainant understood that this also broke data protection regulations.
When writing to Merck Sharp & Dohme, the Authority asked it to respond in relation to Clauses 9.1, 9.9 and 12.3 of the Code.
RESPONSE
Merck Sharp & Dohme stated that Univadis was a free, medical internet site which provided UK physicians, and other individually approved health professionals, access to a range of unbiased and relevant medical news, non medical news and interactive services.
The complainant had registered on the portal in 2003 and had visited the site infrequently. At the time of registration he opted in to receive relevant information about medical news and related services on the portal. The site clearly stated that promotional updates could take the form of emails or overland mail sent to the addresses he specified.
On 5 January 2006, the complainant emailed the Univadis helpdesk to complain that he had tried to unsubscribe from the Univadis email subscriptions. This was achieved by clicking on a link at the bottom of every email. However, some emails continued to be sent to him and he wished this to stop immediately. Appropriate action was taken on the same day by the helpdesk to remove him from all internally held email lists.
This did not delete his Univadis account but simply ensured he would receive no further promotional emails.
The ‘Terms and Conditions of Use’ for Univadis – which must be read and accepted at sign-up – clearly outlined the policy for contact between Univadis and a member. It specifically stated that even if a new registrant did not give agreement to receive promotional emails (or unsubscribed from them at any time), Univadis still reserved the right to contact them, should the need arise, with information about their account, or major changes to the Univadis service. Merck Sharp & Dohme submitted that this was standard practice for all membership based websites and was clearly essential to be able to service all active accounts, which included the complainant’s.
On 2 May 2006, as part of Merck Sharp & Dohme’s communication plan when launching the new version of the portal in April, all currently registered users were sent a personally addressed, sealed, ‘security’ envelope via overland mail. This envelope could only be opened by tearing off the three perforated edges. Enclosed and printed on the inside of the envelope was the recipient’s username and password.
On 4 May 2006, the complainant telephoned the Univadis helpdesk and complained about receiving an envelope with his username and password enclosed and that it did not have private and confidential on the outside. As a result of this his secretary had opened the envelope and he now considered that he had to change a number of other login details for other sites that he used. The
Univadis helpdesk took immediate and appropriate action to ensure that the complainant’s account was completely deleted on that day.
On 5 May 2006, as requested by the complainant, a letter was sent to his surgery confirming that his account was deleted and that he would not receive any further correspondence from Univadis. The letter also stated that the Univadis team had taken his comments very seriously and all future overland mailings containing personal information would have ‘confidential – addressee only’ written prominently on the front of each envelope.
PANEL RULING
The Panel noted that Univadis was an internet information service from Merck Sharp & Dohme and a mechanism through which it sent promotional material. It further noted from Merck Sharp & Dohme that on 5 January 2006 the complainant was removed from the promotional update mailing list. This did not delete his Univadis account which remained active. It appeared that this led to the personally addressed letter sent to the complainant in May.
The Panel considered that it was most unfortunate that following the complainant’s request in January to unsubscribe so that no further emails were sent, Merck Sharp & Dohme did not check with him that he was still happy to receive other emails and mail. The terms of use agreement stated that subscribers could unsubscribe from promotional emails as well as every email or overland mail sent. The email from the complainant to the Univadis helpdesk, dated 5 January, clearly stated that he did not want emails from Univadis. In the Panel’s view, given the tone of that email and the use of block capitals, it was reasonable to assume that the complainant was referring to all mailings, not just promotional ones.
The Panel further noted that the complainant’s confidential data had been posted to him in an envelope which had not been suitably marked such as to prevent others opening it. The terms of use agreement referred to ‘Registration and privacy’ and stated ‘We take your privacy very seriously. Signing up to the Univadis service guarantees the safety of your data’.
The Panel noted that the complainant’s name had been removed from a promotional mailing list as requested and that his email address had thus not been used for further promotional mailings. The Panel ruled no breach of Clauses 12.3 and 9.9 respectively. However the Panel considered that in its administration of the Univadis service Merck Sharp & Dohme had not maintained high standards. The Panel ruled a breach of Clause 9.1 of the Code.
Complaint received 11 May 2006
Case completed 4 July 2006
