More NewsStates Settle With Eli Lilly on Data Gaffe

States Settle With Eli Lilly on Data Gaffe

The pharmaceutical giant agrees to beefed-up data protection procedures.

Eli Lilly & Co. will be required to adopt stronger privacy safeguards as part of a settlement with state attorneys general stemming from its accidental release of consumer information online last year.

In a settlement with eight states, the Indianapolis-based pharmaceutical giant, which makes the anti-depression medication Prozac, agreed to adhere to enhanced privacy safeguards to protect the data of its consumers.

The terms are intended to forestall any reoccurrence of another privacy debacle. Last year, Lilly disclosed the email addresses of 669 Prozac users who had opted in to receive mailings from Prozac.com, in violation of its stated privacy policies.

Through the settlement with California, New York, Connecticut, Idaho, Iowa, Massachusetts, New Jersey, and Vermont, Eli Lilly agreed to pay $160,000 to the states, and to better protect consumers’ privacy in the future by beefing up internal policies.

Additionally, the company will reconfigure its marketing software and practices to automatically verify that software accessing its consumer databases is in compliance with its policies. Eli Lilly also agreed to five years of annual, independently monitored compliance reviews, and to report the findings of those reviews to the states.

The focus on Lilly’s data-protection policies stems from the fact that the pharmaceutical maker blames last year’s gaffe on internal regulations that had not been followed.

Originally, Lilly had promised in its privacy policy to safeguard the confidentiality of subscribers to its Medi-Messenger email alert service, which distributes reminders to take or refill medications. To alert users to the program’s termination in late June, a Lilly employee created a new computer program to access the subscribers’ email addresses and send them a message. However, the mailing included the subscribers’ email addresses in its “To:” header.

The settlement with the states expands on a 20-year administrative order issued by the Federal Trade Commission in January. The FTC determined that Lilly had failed to provide appropriate training and oversight for its employees regarding consumer privacy and information security, and neglected “appropriate” checks and controls on the process.

The settlement with the FTC required Lilly to establish a security program that assigns employees to track down potential privacy risks and perform annual privacy reviews.

New York Attorney General Eliot Spitzer said he commended Lilly for working with the states to develop an implementation plan, which he said would serve as a model for other major companies collecting large volumes of individual information.

“A privacy policy without adequate privacy practices does not protect confidentiality,” Spitzer said. “A company should fulfill its commitment to consumer privacy by using the same safeguards that responsible companies use to protect their other valuable information assets.”

The news comes a day after Lilly reported a 20 percent drop in second-quarter earnings, on slowing Prozac sales, and also warned that possible manufacturing quality control issues could hamper the rollout of new drugs.

Related Articles

GDPR: The role of technology in data compliance

Data & Analytics GDPR: The role of technology in data compliance

3m Clark Boyd
What companies can learn from the We-Vibe lawsuit about the Internet of Things

Legal & Regulatory What companies can learn from the We-Vibe lawsuit about the Internet of Things

10m Al Roberts
Has advertising arrived on Google Home?

Media Has advertising arrived on Google Home?

10m Al Roberts
Target is the top retail digital marketer, so why is it struggling?

Ecommerce Target is the top retail digital marketer, so why is it struggling?

10m Al Roberts
YouTube is "on pace to eclipse TV" thanks to savvy algorithm use

More News YouTube is "on pace to eclipse TV" thanks to savvy algorithm use

11m Al Roberts
YouTube is getting rid of 30-second unskippable pre-roll ads

Ad Industry Metrics YouTube is getting rid of 30-second unskippable pre-roll ads

11m Al Roberts
Is Twitter slowly dying?

More News Is Twitter slowly dying?

11m Al Roberts
FedEx launches fulfillment service to take on Amazon

Ecommerce FedEx launches fulfillment service to take on Amazon

11m Al Roberts