Ads by TechWords

See your link here
Receive the latest technology news and information.
Security
Computerworld Daily News (First Look and Wrap-Up)
Computerworld Blogs Newsletter
The Weekly Top 10
Cloud Computing
View all newsletters




Privacy Policy
 

States, Eli Lilly settle privacy case

July 25, 2002 12:00 PM ET

Computerworld - Eight states have settled a complaint against pharmaceutical company Eli Lilly and Co., stemming from the release of e-mail addresses of nearly 700 subscribers to its prozac.com e-mail alert, New York Attorney General Eliot Spitzer said today.
The release of the e-mail addresses occurred June 27, 2001, when an employee created a computer program to access subscribers' e-mail addresses and then sent the customers an e-mail announcing the termination of the service (see story). However, the addresses of 669 customers were included in the "To" field of the message header and were visible to every subscriber.
At the time, Eli Lilly called the incident an isolated event.
"The agreement will protect U.S. consumers from exposure of their sensitive and personal data collected by the company," Spitzer said in a statement.
The settlement requires Lilly to strengthen its internal standards relating to privacy protection, training and monitoring.
Lilly has agreed to institute automated checks for any of its software that accesses databases containing consumer information, Spitzer said. Lilly will also pay a fine of $160,000 to be divided among the eight states -- New York, Massachusetts, Connecticut, Idaho, Iowa, New Jersey, Vermont and California.
In January, Lilly reached a similar agreement with the U.S. Federal Trade Commission (see story). However, Brad Maione, a spokesman for Spitzer, said the FTC settlement is in effect for 20 years, while the agreement with the states has no expiration date.
"Eli Lilly sincerely regrets that one of our employees made a mistake which resulted in the disclosure of individual e-mail address to all subscribers to our Medi-Messenger service. As a result, we promptly put into place additional measures to prevent it from ever happening again," Indianapolis-based Lilly said in a statement provided to Computerworld.
Lilly said that while the company was disappointed that the states felt that a one-time, inadvertent human error warranted a consent decree, it was committed to implementing the agreement.

Read more about privacy in Computerworld's Privacy Knowledge Center.



Jump to comments

Privacy

Additional Resources

Microsoft
Here are some of the key reasons why you would want to run Unified Access Gateway with DirectAccess.
Microsoft
Review how one energy firm tightened protection and simplified IT work using business-ready security solutions.
Sybase
In this white paper, IDC analyzes the role of next-generation mobile enterprise platforms as organizations seek a more strategic deployment of mobile solutions.

Learn the important issues you must consider before starting your next mobility initiative. Get your mobility white paper from IDC now, compliments of Sybase.

IT Jobs