Damage control: protecting customer privacy

By Frank Hayes, Computerworld |  Business

Eli Lilly & Co. did just about everything it was supposed to do to protect its customers' privacy. When the company set up its Medi-Messenger e-mail service to remind people to take their medications, the automated system sent the messages as blind carbon copies -- the "To:" line was blank. That worked fine for two years -- until June 27, when Lilly sent one last mass e-mail to notify users that it was discontinuing the service. Because of human error, that one included hundreds of names -- all the Medi-Messenger users in the "To:" line.

Now that was a privacy failure. And it wasn't the worst of it. Because when something goes wrong with privacy, we don't just have to deal with what happened. We also have to deal with what people think happened.

As IT people, it's easy to assume that when something blows up on us whether because of a technical glitch, operational error, policy mistake or just one of those things we have to deal only with the problems we actually created. That just makes sense, right?

And that's what Lilly's people did. After that last message went out, complaints started coming in. The company responded individually to every complaint and sent a separate message to all Medi-Messenger users, apologizing for exposing their names. Lilly's IT people also set up new code-review procedures and blocked all outgoing messages with more than one name in the "To:" field.

In short, they cleaned up the mess they made.

But it wasn't enough. One Medi-Messenger user, who used the service to remind him to take his Prozac, was outraged. Now hundreds of other people knew he was taking antidepressants, he thought. He contacted the American Civil Liberties Union (ACLU), which fired off a letter to the Federal Trade Commission accusing Eli Lilly of negligence, deceptive trade practices and violations of Lilly's own published privacy policy.

A week later, stories in The Washington Post and other news outlets were quoting the ACLU's letter and focusing on the exposure of Prozac users.

Did Eli Lilly accidentally expose hundreds of Prozac users? No. Not everyone using Medi-Messenger was taking Prozac. True, patients could sign up for the service through the Prozac.com Web site. But people who don't take Prozac also signed up for the service.

In other words, privacy was violated. But no one was exposed as a Prozac user just as a Medi-Messenger user.

That's not the mess Eli Lilly created. But it's still a mess that Lilly has to clean up.

Join us:






Answers - Powered by ITworld

Ask a Question