FTC settles e-mail privacy probe

Drugmaker Eli Lilly , which unintentionally disclosed e-mail addresses for hundreds of people, agrees to beef up its existing security, but the settlement does not include fines.

The Federal Trade Commission said Friday that it has settled a privacy investigation into drugmaker Eli Lilly's unintentional disclosure of e-mail addresses for hundreds of people.

The FTC said Eli Lilly violated its online privacy policy during the incident. The company has agreed to beef up its existing security and to create an internal program to prevent future privacy violations.

The company does not face fines because the incident was unintentional and not a clear case of fraud, J. Howard Beales, III, director of the FTC's bureau of consumer protection, said during a press conference.

The privacy incident occurred last June when an employee accidentally sent an e-mail to 669 people with all of their e-mail addresses included in the "to:" line. The message announced the discontinuation of the company's Medi-messenger service, which allowed people taking the anti-depressant medication Prozac to create automated e-mail reminders.

The FTC alleged that Eli Lilly failed to implement safeguards to prevent these types of privacy and security breaches. The agency also said the company did not provide adequate employee training to prevent these situations from happening.

"They made a promise which we understood to mean that Lilly employees measure and take steps to protect privacy," Beales said. "They didn't take the measures and steps."

Featured Video

Why do so many of us still buy cars with off-road abilities?

Cities are full of cars like the Subaru XV that can drive off-road but will never see any challenging terrain. What drives us to buy cars with these abilities when we don't really need them most of the time?

by Drew Stearne