States, Eli Lilly settle privacy case

By Linda Rosencrance

July 25, 2002 12:00 PM ET

Recommended

(3)

Digg

Twitter

Share/Email

Computerworld - Eight states have settled a complaint against pharmaceutical company Eli Lilly and Co., stemming from the release of e-mail addresses of nearly 700 subscribers to its prozac.com e-mail alert, New York Attorney General Eliot Spitzer said today.
The release of the e-mail addresses occurred June 27, 2001, when an employee created a computer program to access subscribers' e-mail addresses and then sent the customers an e-mail announcing the termination of the service (see story). However, the addresses of 669 customers were included in the "To" field of the message header and were visible to every subscriber.
At the time, Eli Lilly called the incident an isolated event.
"The agreement will protect U.S. consumers from exposure of their sensitive and personal data collected by the company," Spitzer said in a statement.
The settlement requires Lilly to strengthen its internal standards relating to privacy protection, training and monitoring.
Lilly has agreed to institute automated checks for any of its software that accesses databases containing consumer information, Spitzer said. Lilly will also pay a fine of $160,000 to be divided among the eight states -- New York, Massachusetts, Connecticut, Idaho, Iowa, New Jersey, Vermont and California.
In January, Lilly reached a similar agreement with the U.S. Federal Trade Commission (see story). However, Brad Maione, a spokesman for Spitzer, said the FTC settlement is in effect for 20 years, while the agreement with the states has no expiration date.
"Eli Lilly sincerely regrets that one of our employees made a mistake which resulted in the disclosure of individual e-mail address to all subscribers to our Medi-Messenger service. As a result, we promptly put into place additional measures to prevent it from ever happening again," Indianapolis-based Lilly said in a statement provided to Computerworld.
Lilly said that while the company was disappointed that the states felt that a one-time, inadvertent human error warranted a consent decree, it was committed to implementing the agreement.

Recommend Digg Twitter ShareThis

Email Print Send Feedback Reprints

Jump to comments

Privacy

Additional Resources

WHITE PAPER

Do You Know the 7 Steps to Successful Data Migration?

Approximately 60 percent of data migration projects overrun time or budget, while some fail completely. Download this white paper, "Enhancing Your Chance for Successful Data Migration," to learn the critical steps you need to take to execute a data migration project with minimum cost and risk to your business.

WHITE PAPER

Total Cost of Ownership of Server Computing Vs. PCs

Read the Gartner research note to learn why the TCO of a server-based computing deployment used to deliver all applications to users is around 50% lower than that of an unmanaged desktop deployment.

WHITE PAPER

IDC White Paper: Linux in a Global Recession

Economic downturns have a tendency to accelerate emerging technologies, boost the adoption of effective solutions, and punish solutions that are not cost competitive or that are out of synch with industry trends. This IDC White Paper presents the results of an IDC survey of 330 companies in Western Europe, Asia/Pacific and the Americas that measures the receptiveness to Linux and takes into consideration changing views driven by the disruptive economic environment that businesses face today.