Chief Privacy Officer, Eli Lilly
Stanley Crosley, 45, installed an aggressive new system atafter the company suffered a privacy breach in 2001. Last year, the International Association of Privacy Professionals recognized Lilly’s plan as one of the best.
“We had a wake-up call in 2001. In a mass email, we inadvertently exposed the email addresses of several hundred people who had registered on the Prozac Web site by mistakenly not using the bcc option. Privacy advocates had a field day. The FTC came down on us hard. The critics were right. We were not paying attention to these issues as much as we should. Now every Lilly employee, 40,000 globally, goes through privacy training, to learn the right and the wrong ways of ensuring information is protected. That goes for employees’ own data, too. We also require that our vendors are privacy certified, and they are subjected to periodic audits. Lilly has 20 people dedicated full time to privacy issues, plus four full-time auditors who monitor internal operations internationally.
The goal has to be to meet standards that are stricter than the law. No offense to my friends in consumer goods, but we aren’t making peanut butter over here.”