some past studies have found that driving factors behind privacy regulation & legislation are 1) denial of service (by institutions) and 2) identity theft
http//www.computerworld.com/securitytopics/security/privacy/story/0,10801,82051,00.html By Marne Gordan JUNE 12, 2003 Computerworld With the Health Insurance Portability and Accountability Act (HIPAA) privacy deadline recently passed, most health care providers and plan companies are preparing to implement the final rule for security. While many of these organizations are focused on the lack of budgetary and staff resources necessary to fulfill another unfunded federal mandate, most have lost sight of why this level of protection is necessary. As organizations (known in the legal jargon as "covered entities") begin their risk assessments and risk management planning, it's important to remember one of the key principles of the regulations, and that is patient protection. The standard clearly states that the organization must ensure the confidentiality, integrity and availability of protected health information (PHI) and safeguard it from threats, hazards and unauthorized disclosure, but the act neglects to underscore why it's important to do so. ... snip ... -- Internet trivia, 20th anv: http://www.garlic.com/~lynn/rfcietff.htm