TechTarget

Eli Lilly settlement raises privacy stakes

The Eli Lilly case settlement in the US should raise concerns for anyone gathering personal information on their Web sites

The Eli Lilly case settlement in the US should raise concerns for anyone gathering personal information on their Web sites

The US Federal Trade commission (FTC) found Eli Lilly had failed to protect customer information, provide adequate training for its employees and provide proper oversight and assistance to the employee who sent out the e-mail.

Eli Lilly was ordered to establish an audited information security programme following an email blunder in June 2001 that contravened the company's Web site privacy statement.

Rosemary Jay, senior consultant at law firm Masons, said Eli Lilly's privacy statement stated that it respected personal privacy. However, in June 2001 the company sent out an email revealing the names of people subscribing to its Prozac.Com information service. Apparently, the message was sent to the subscribers using the carbon copy (CC) function rather than the blind carbon copy (BCC) email function. This had the effect of revealing the names of subscribers, and breaking the company's privacy policy.

Jay said: "If a business has a privacy statement, its business processes have to comply. Eli Lilly failed to respect its privacy policy. It is treated as a breach of trading practices."

She advised any business trading in the US to ensure its business practices comply with its Web site privacy statement. UK businesses, she explained, also need to ensure their business practices adhere to their Data Protection Registrar entry.

Non-compliance can have a profound effect on business. In the case of Eli Lilly, the FTC ordered the company to maintain an information security programme for all information it collects from its customers for the next 20 years. It also required Eli Lilly to conduct a written security review annually for the information it holds on customers, and to nominate dedicated security staff to oversee the programme.

CW+

Features

Enjoy the benefits of CW+ membership, learn more and join.

Read more

0 comments

Oldest 

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to:

-ADS BY GOOGLE

SearchCIO

SearchSecurity

SearchNetworking

SearchDataCenter

SearchDataManagement

Close