PFIZER DIAGNOSED INEPT WITH PERSONAL DATA

Starting in June of 2007, we learned from Pharmalot, a blog covering the pharmaceutical industry, that in the first incident 17,000 current and former employee names and Social Security numbers were exposed online by an employee’s spouse, some of which were accessed and copied. Then, in August, Pfizer reports the loss of two laptops containing the names, addresses, social security numbers and cell phone numbers of 950 health-care professionals considering possible contract services with Pfizer. And yet still in August, it was announced that another 34,000 employees’ names, Social Security numbers, addresses, dates of birth, phone numbers, bank account numbers, credit card info, signatures and other personal data had possibly been breached. In a recent Pharmalot post, apparently the Pfizer employees are up in arms against their employer for the lousy handling of their personal data, and also the way in which the company has reacted to the whole situation. Pfizer World, the drugmaker’s Internet system, spouts a series of protestations from employees unhappy with having their private information revealed, and then waiting weeks to learn of the breaches. Ed Silverman, founder of Pharmalot, was the first to expose these episodes, which is a dash of hope in an industry that holds an enormous amount of sensitive data on the American public. Next time it could be yours, or my private records of what medications we are taking, indicating any ailments we have been diagnosed with, no matter how personal a nature it may be. Business must be held accountable for the personal data it collects, and sometime sells, on the American public. Especially companies like Pfizer where the data is a by-product, and they may not be fully aware of its value, or potential for disaster if lost. In my 35 years as a data broker, the junk mail industry methodically and unceremoniously gathered every piece of information available on American consumers, and is selling it now to the tune of $4 billion annually. It is time that we place this sensitive data under the control of the name-holder before more commercial enterprise decides to get in the business of collecting and selling our names and private information.