In 2010, Merck established a new, comprehensive privacy program.

The new program is based on a strong foundation of privacy and data protection practices and standards from both Merck and Schering-Plough, and carries on our tradition of upholding high ethical values and standards. Our program is based on four key privacy values and five core elements.

Our comprehensive privacy program is structured around a system of five core elements that we use to ensure that the broad range of privacy activities we undertake are aligned with our corporate commitment to an effective privacy and data protection program that supports our privacy values.

Awareness

• Promote and maintain a corporate culture that respects privacy and protects information about people
• Communicate timely information about updates to privacy laws, regulations, rules, guidelines and policy issues

Policies & Standards

• Implement privacy and data protection policies and standards that set forth operational principles and procedures, governance, accountability, incident handling and individual redress

Training

• Implement a privacy training curriculum designed to support core elements of "Awareness" and "Policies & Standards," and to provide functional knowledge aligned to roles and responsibilities

Accountability

• Prospectively build and document appropriate privacy and data protection requirements into Merck processes and systems that will be maintained throughout process and system life cycles
• Periodically verify privacy and data protection compliance through audits, assessments and investigations
• Report to government authorities as required by law
• Management acknowledgement and responsibility for ensuring that requirements are addressed

Metrics

• Define baseline and target metrics to determine the effectiveness, maturity and risks associated with the privacy program
• Collect and analyze data for each metric and evaluate program effectiveness, maturity and risks, and areas for enhancement, improvement and risk mitigation

Consistent with our privacy values, we continue to believe that trust is core to our privacy mission. We define privacy TRUST to support each of the operational privacy and data protection principles to which we adhere:

T - Transparency: being clear about how personal information is collected, used and disclosed (Supports our privacy principle of Notice)

R - Respecting Choices: such as whether or not people want to participate in our programs (Supports our privacy principle of Choice)

U - Understanding Perspectives: including that people have different levels of concerns about their privacy based on cultural perspectives and personal experiences (Supports our privacy principle of Necessity)

S - Security: protecting personal information from loss, misuse, unauthorized access, disclosure, alteration or destruction (Supports our privacy principles of Data Integrity, Security and Data Transfer)

T - Treating our stakeholders in a manner consistent with the company's values (Supports our privacy principles of Access, Correction, Enforcement and Dispute Resolution)

Global Cross-Border Data Flows

As a U.S.-based corporation, we have relied on the Safe Harbor Framework for transfers of personal data from the European Economic Area ("EEA") to the United States (the "Safe Harbor") as a primary mechanism for facilitating cross-border data flow originating from European countries. We also have utilized the Safe Harbor principles to support the development of our comprehensive privacy program, including incorporation of Safe Harbor standards for movement of personal data to and from other countries.

Merck first certified its adherence to the Safe Harbor in November 2001, and was one of the first pharmaceutical companies to do so. U.S. organizations that certify to the Safe Harbor are recognized as providing adequate protection for personal data transferred from the EEA. Our Safe Harbor certification applies to transfers of personal information about a broad range of stakeholders from the EEA, including employees, patients, clinical investigators, healthcare professionals and others. We have reaffirmed our adherence to the Safe Harbor annually since 2001.

In 2007, we expanded our Safe Harbor Privacy Policy to govern transfers from Switzerland to our operations in the United States. In 2009, we also certified our adherence to the U.S.-Swiss Safe Harbor Framework. In 2010, we harmonized our global privacy compliance verification and risk assessment processes, and the Merck certifications to the U.S.-E.U. and U.S.-Swiss Safe Harbor Frameworks, with three separate certifications of the Schering Corporation for personal data used for human resources, and commercial and clinical operations, and we reaffirmed our adherence to the Safe Harbor as one combined company.

Privacy Concerns

In 2010, we implemented a new, harmonized procedure and coordinated process for escalation, investigation and response to concerns regarding the company's privacy practices, including concerns about potential unauthorized access to personal information raised by customers, employees and other stakeholders. We treated any violation of the standards of the operating privacy principles, set forth in our privacy policies, or applicable laws, as well as any breach requiring Merck or third parties to notify individuals or government authorities, as a substantiated privacy concern. Corrective and/or preventative remediation guidance was provided for all substantiated concerns.

Advocacy

Merck is a member of the International Pharmaceutical Privacy Consortium (IPPC), an association of research-based pharmaceutical companies formed in 2002 that supports worldwide responsibility for the protection of personal health information and other types of personal data. Merck also participates in other privacy organizations, such as the Centre for Information Policy Leadership (CIPL), that encourage responsible information governance. Merck has been actively involved in IPPC and CIPL efforts to engage in constructive discussions with data protection authorities and other privacy regulators on privacy accountability and privacy standards for health care innovation, including biomedical research.

Transparency & Privacy

We continue to build upon our approach to transparency in how we collect, use and disclose personal information about our stakeholders. In 2007, we published our first comprehensive Privacy Notice for U.S. Patients, Consumers and Caregivers in a new standard format based in part on the U.S. interagency model privacy notice format first proposed in 2007.¹

This standard format uses a tabular approach to categorize the information provided in the notice, generally consisting of descriptions of why personal information is used and disclosed, what personal information is used and disclosed, how we protect personal information and how to exercise privacy choices. We believe that this new standard notice format is easier for stakeholders to understand and will enable them to make informed choices about how Merck collects, uses and discloses personal information about them.

In April 2009, we published a Global Data Practices Commitment to Health Care Professionals that follows this standard format. In July 2009, we also published in 20 languages a standard Global Privacy Notice for Employment-Related Purposes. As part of our commitment to privacy in the new Merck, we made these standardized Global Privacy Notices for Employment-Related Purposes available to employees globally, following completion of the merger of Merck and Schering-Plough. We also developed local versions of these notices for certain countries. For more information, please visit our website.

In 2009, we updated our Internet Privacy Policy to include explanations of new ways in which we planned to collect personal information online using social media and mobile computing, the transparency standards we apply to these types of online technologies, and additional disclosures regarding collection of information from personal computers and other electronic devices.

¹ The proposed Model Privacy Notice was included in the Interagency Proposal for Model Privacy Form under the Gramm-Leach-Bliley Act, 72 FR 14940 (March 29, 2007).