Mandatory Requirements for FTC Consent Decree Compliance

This is formal notice to any third party organization currently working with or being considered to work with consumer personal information (PI) on behalf of the Lilly USA division:

On May 15, 2002, Lilly entered into a Consent Order with the United States Federal Trade Commission ("Consent Order") stemming from a situation in 2001. Lilly also entered into voluntary Assurances with eight states ("States' Assurances") stemming from the same underlying situation. The Consent Order and States' Assurances, in nearly identical terms, require Lilly to take certain actions to address privacy issues within Lilly's operations regarding the handling of consumer PI. Therefore, all third parties that work with consumer PI in any manner for Lilly USA are required to comply with Lilly's Supplier Privacy Standard, Information Security Standard and the terms of the Consent Order and States' Assurances. As required by the Consent Decree and States' Assurances, these documents are provided for your review. At a minimum, you will need to have privacy and security measures equivalent to those identified in the documents referenced above with respect to the consumer PI you are handling on behalf of Lilly.