States, Eli Lilly settle privacy case

By Linda Rosencrance

July 25, 2002 12:00 PM ET

Recommended

(3)

Digg

Twitter

Share/Email

Computerworld - Eight states have settled a complaint against pharmaceutical company Eli Lilly and Co., stemming from the release of e-mail addresses of nearly 700 subscribers to its prozac.com e-mail alert, New York Attorney General Eliot Spitzer said today.
The release of the e-mail addresses occurred June 27, 2001, when an employee created a computer program to access subscribers' e-mail addresses and then sent the customers an e-mail announcing the termination of the service (see story). However, the addresses of 669 customers were included in the "To" field of the message header and were visible to every subscriber.
At the time, Eli Lilly called the incident an isolated event.
"The agreement will protect U.S. consumers from exposure of their sensitive and personal data collected by the company," Spitzer said in a statement.
The settlement requires Lilly to strengthen its internal standards relating to privacy protection, training and monitoring.
Lilly has agreed to institute automated checks for any of its software that accesses databases containing consumer information, Spitzer said. Lilly will also pay a fine of $160,000 to be divided among the eight states -- New York, Massachusetts, Connecticut, Idaho, Iowa, New Jersey, Vermont and California.
In January, Lilly reached a similar agreement with the U.S. Federal Trade Commission (see story). However, Brad Maione, a spokesman for Spitzer, said the FTC settlement is in effect for 20 years, while the agreement with the states has no expiration date.
"Eli Lilly sincerely regrets that one of our employees made a mistake which resulted in the disclosure of individual e-mail address to all subscribers to our Medi-Messenger service. As a result, we promptly put into place additional measures to prevent it from ever happening again," Indianapolis-based Lilly said in a statement provided to Computerworld.
Lilly said that while the company was disappointed that the states felt that a one-time, inadvertent human error warranted a consent decree, it was committed to implementing the agreement.

Recommend Digg Twitter ShareThis

Email Print Send Feedback Reprints

Jump to comments

Privacy

Additional Resources

Xerox

Win a color printer!

By using solid ink technology only from Xerox, you could save up to 65% by printing color for the cost of black and white. Enter for a chance to WIN a PhaserTM 8860 network color printer!

Microsoft

Upgrade to Internet Explorer 8 today.

Save time and mitigate security risk. Deploy it now.

Sybase

NEXT-GENERATION MOBILITY PLATFORMS

In this white paper, IDC analyzes the role of next-generation mobile enterprise platforms as organizations seek a more strategic deployment of mobile solutions.

Learn the important issues you must consider before starting your next mobility initiative. Get your mobility white paper from IDC now, compliments of Sybase.