Information Privacy Communications update

1
Information PrivacyCommunications update

• Fred Laberge
• August 22, 2006

2
Aetna Communications Framework

• Objective
• Strengthen understanding of the Information
  Privacy, Security Compliance roles
• Drive a stronger Information Privacy Security
  Culture
• Improve employee understanding of what is
  expected and how to comply
• Audiences Leaders, Managers, Employees, Privacy
  Security Managers
• Components
• Short-term
• Develop a set of core messages that provide
  context for ongoing communications ensuring
  consistency of message. Messages focus on
• Why protecting information is so important from a
  business and customer perspective
• How Aetna protects information includes messages
  on organizational roles/responsibilities,
  policies and standards, processes (e.g., when to
  access privacy officers, how, etc.)
• Employees role in protecting information, the
  actions they are expected to take, how and why
• The unique role leaders and managers play in
  ensuring compliance with Aetnas policies and
  practices
• Develop communications to inform managers and
  employees about Aetnas organizations dedicated
  to protecting information (e.g., Privacy office,
  Privacy managers, IT Security)
• Introduce any changes to roles and
  responsibilities
• Provide information about organizations, roles
  and responsibilities, how and when to access them

3
Laptop Coverage

• The Department of Defense laptop incident
  resulted in 114 news articles mentioning Aetna
• Wire service coverage resulted in wide
  distribution of essentially similar articles
• However, various media interpreted and presented
  the same basic information in different ways,
  resulting in approximately
• 39 percent negative in tone
• 39 percent neutral in tone
• 22 percent positive in tone

4
Coverage examples

• Positive/Neutral
• National newspapers such as USA Today
• The insurer had employees re-encrypt and
  recertify files. Every company PC was audited to
  ensure files were properly encrypted. Aetna also
  tightened restrictions for storage devices such
  as thumb drives.
• Regional newspapers such as Burlington (VT) Free
  Press
• Conn.-based Aetna Inc. is pouring resources into
  encryptionAetna ordered employees to re-encrypt
  and recertify files. The insurer audited every
  company PC to ensure that files were properly
  encrypted. It also tightened restrictions for
  storage devices like flash drives.
• Negative
• Information Today, June 1, 2006 Ive been
  violated.
• Im inclined to give them brownie points for
  being upfront and proactive. However, what I do
  not find in this seven-page letter is information
  about why laptops with this type of personal
  informationthis quantity of personal
  informationare floating around all over the
  place.
• ConsumerAffairs.com, Aetna Loses Laptop
  Containing Customer Data
• The theft or loss of laptops has been the latest
  trend in data breaches, with over 500,000
  individuals potentially affected as a result of
  laptops being stolen or misplaced in the last six
  monthsThe common thread in virtually all of
  these incidents is an employee or employees
  downloading confidential data onto laptops, and
  either leaving them physically vulnerable or
  failing to encrypt them.

5
Tone of General Aetna Coverage(March August)
MediaSignal a weighted-reach metric that uses
prominence to adjust the impression count for
each article. Reach calculated by applying the
circulation (print) or impression (broadcast,
online) data of individual media outlets to each
article. Coverage measures the total volume of
articles that have at least one subject mention.
Tone measures the quality of mentions and
applies positive, neutral and negative ratings at
the subject level.