United States Securities and Exchange Commission
Washington, D.C. 20549
NOTICE OF EXEMPT SOLICITATION
Pursuant to Rule 14a-103
Name of the Registrant: Laboratory Corporation Holdings of America
Name of persons relying on exemption: Tara Health Foundation
Address of persons relying on exemption: 47 Kearny Street, San Francisco,
CA 94108
Written materials are submitted pursuant to Rule 14a-6(g) (1) promulgated
under the Securities Exchange Act of 1934. Submission is not required of this filer under the terms of the Rule, but is made voluntarily
in the interest of public disclosure and consideration of these important issues.
PROXY MEMORANDUM
| TO: |
Shareholders of Laboratory Corporation Holdings of America |
| RE: |
Proposal No. 6 (“Reproductive Healthcare and Data Privacy”) |
| DATE: |
May 6, 2024 |
| CONTACT: |
Corporate.Engagement<at>rhiaventures.org |
This is not a solicitation of authority to vote your proxy. Please
DO NOT send us your proxy card; Tara Health Foundation is not able to vote your proxies, nor does this communication contemplate such
an event. Tara Health Foundation urges shareholders to vote for Proposal
No. 6 following the instructions provided on management's proxy
mailing.
Tara Health Foundation urges shareholders to vote YES on Proposal
No. 6 on the 2024 proxy ballot of Laboratory Corporation Holdings of America (“Labcorp” or the “Company”). The
Resolved clause states:
Shareholders request the Board issue a public
report detailing known and potential risks and costs to the Company of fulfilling information requests relating to Labcorp customers for
the enforcement of state laws criminalizing abortion access, and setting forth any strategies beyond legal compliance that the Company
may deploy to minimize or mitigate these risks. The report should be produced at reasonable expense, exclude proprietary or legally privileged
information, and be published within one year of the annual meeting.
The full text of the proposal is appended below.
About Tara Health Foundation
Tara Health Foundation aims to improve the health and well-being of
women and girls through the creative use of philanthropic capital. Our main areas of focus are reproductive and maternal health in the
United States, equitable workplaces, and gender lens impact investing.
Tara Health Foundation is a long-term shareholder in Labcorp. We support
this proposal because Labcorp collects massive amounts of women’s personal health data but lacks transparency as to how such
data is or may imperil access to reproductive healthcare. In a time when abortion access is criminalized or severely restricted by
half of the states, greater understanding about the Company’s data handling practices is warranted.
Background on the Proposal
Following the unprecedented revocation of the constitutional right
to abortion in June 2022, about one half of the states have banned or severely restricted abortion care. Law enforcement in these abortion-restrictive
states often rely on consumer digital data to investigate and prosecute individuals who provide, aid, or receive the procedure, even if
conducted in states where abortion remains legal.
A digital reproductive health footprint could be easily accessed by
law enforcement and lead to criminal charges. In one example from 2022, Meta received significant negative press after complying with
a data request from a Nebraska police department for private Facebook messages between a mother and daughter, who were both subsequently
convicted for felony crimes related to the alleged illegal termination of the daughter’s pregnancy.1 Police in Mississippi
and Indiana have similarly used text messages, as well as web searches about abortion and online abortion medication order details as
digital evidence against women facing criminal charges related to the end of their pregnancies.2
_____________________________
1 https://tinyurl.com/5dzny56t
2 https://wapo.st/44aVYug
Labcorp has been largely silent on the issue, even though it is
a nationwide provider of reproductive healthcare services and is heavily investing in women’s healthcare.3 Indeed,
the Company asserts that it has “decades of commitment to women’s health and reproductive genetics” having performed
“over 250 million women’s health tests each year,” ranging from infertility to pregnancy and general women’s health.4
In addition, the Company in 2021 acquired Ovia Health, a digital health app used by over 15 million women seeking information and support
with family planning, pregnancy, and parenting.5
Given the nature of the Company’s sensitive data, Labcorp
is especially vulnerable to law enforcement data requests related to abortion and reproductive healthcare, particularly with respect
to interstate conflicts regarding exercise of reproductive rights in states where abortion remains legal. Shareholders have reason to
be concerned about whether the enforcement of criminal abortion laws will impact the reputation and financial wellbeing of the Company.
The proposal therefore calls upon management to examine the risks associated with the Company’s current data handling practices,
including its response to government information requests, in the face of new restrictive abortion laws.
Rationale in Support of the Proposal
| 1. | Labcorp’s data handling policies may expose individuals to serious risks. |
| 2. | The Company does not offer transparency reporting regarding data privacy. |
| 3. | Regulatory and legal compliance is insufficient to minimize privacy risks related to reproductive healthcare. |
| 4. | Production of the requested report would be feasible and cost-effective. |
Labcorp’s data handling policies may expose individuals to
serious risks.
Users interact with Labcorp in a number of ways governed by different
Labcorp privacy policies that are unclear, incomplete, and at times do not reflect industry best practices.
Consumers may access the Labcorp website to research information, make
inquiries, or pay for Company products and services related to reproductive healthcare. They may also provide the Company with personal
health information (“PHI”) when using Labcorp’s health products and services. Furthermore, users may interact with the
Ovia Health app, which collects personal sensitive information that may also be relevant to abortion-related criminal investigations,
including “date of last period, due date, and other fertility, pregnancy, health, sex life and life” information, in addition
to data about the user’s habits, purchases, geolocation, and “photos or videos” uploaded to the app.6
_____________________________
3 https://ir.labcorp.com/static-files/22c019b9-6961-43d3-80ad-0f3edc11ca8d
4
https://womenshealth.labcorp.com/about
5 https://www.labcorp.com/newsroom/labcorp-extends-leadership-womens-health-acquisition-ovia-health
6 https://www.oviahealth.com/privacy-policy/
Despite the sensitive nature of these data, Labcorp’s privacy
policies in some instances do not provide strong privacy safeguards that have been recognized as best practices by many industries and
privacy leaders. For example, the Company’s Website Privacy Policy7 does not affirm a prohibition against selling
or licensing consumer data to third parties like advertisers, nor does it disclose what privacy guidelines, if any, third parties who
have access to such data for business purposes must follow in order to minimize their vulnerability to leaks or law enforcement data requests.
The policy also does not provide that in response to law enforcement data requests, the Company, where permissible, will notify the affected
individual.
The requested report would serve as a mechanism to systematically analyze
Labcorp’s multiple privacy policies to identify vulnerabilities and areas where the Company could adopt stronger privacy safeguards
that would minimize individual users’ exposure to law enforcement data requests for abortion-related prosecutorial purposes.
Labcorp does not offer transparency reporting regarding data privacy,
exposing the Company to financial and reputational risks.
A recent empirical study in the Journal of Marketing showed
that vulnerabilities concerning the misuse of commercial data can generate negative outcomes for businesses, including negative abnormal
stock returns and damaging customer behaviors such as negative word of mouth and switching to a close business rival.8 These
findings could apply to data vulnerabilities from actual and potential disclosures of abortion-related data to law enforcement, thereby
amplifying consumer worries about data misuse. Consequently, corporations collecting large troves of consumer data, such as Labcorp, are
likely exposing themselves to higher financial and reputational risks. Apropos to the current Proposal, the study found that data transparency,
among other things, can alleviate these detrimental effects.
_____________________________
7 https://www.labcorp.com/about/web-privacy-policy
8 https://doi.org/10.1509/jm.15.0497
Labcorp does not publish transparency reporting regarding data privacy.
Conversely, many publicly traded companies offer transparency reporting specifically on the issue of government data requests.9
Meta, Amazon, Google and many other companies across different industries offer such periodic reporting, which includes details on the
types of requests, compliance rates, jurisdictional information and case studies. In response to a similar shareholder proposal from the
2023 proxy season, CVS bolstered customer privacy protections, including publishing semiannual transparency reports on the number of legal
information requests.10 CVS’s inaugural transparency report was released this year,11 to positive media attention.
This information would be extremely helpful for investors to make determinations about the Company’s risk exposure as well as serve
as an accountability tool. In turn, consumers would gain more assurances that Labcorp respects the privacy of their data.
Why a YES Vote is Warranted: A Response to Labcorp’s Opposition
Statement
In opposing the Proposal, the Company states it has systems and processes
that are designed to comply with applicable privacy laws and regulations. The Company further provides that preparation and publication
of the requested report would “create an undue burden and incur an unnecessary cost to the Company and the shareholders.”
However, existing privacy regulations may not be sufficient to minimize the privacy risks contemplated by the proposal, and the requested
report could be prepared at minimal cost.
Regulatory and legal compliance is insufficient to minimize privacy
risks related to reproductive health care
Data privacy laws in the United States are considered by many experts
to be lacking in scope and woefully outdated. In fact, there is no single, comprehensive federal law regulating how companies collect,
store, or share customer data.
As the New York Times reports, “[t]he data collected by
the vast majority of products people use every day isn’t regulated.”12 In most states, companies can use, share,
or sell most data they collect about consumers without notifying them that the company is doing so. There is no federal law standardizing
when (or if) a company must notify consumers if their data is breached or exposed to unauthorized parties. If a company shares consumer
data – including sensitive information such as an individual’s health or location – with third parties (e.g., data brokers),
those third parties can often sell the data or share it without notifying the affected consumers. HIPAA – one of the few federal
privacy laws but which only protects PHI – has loopholes that could allow Labcorp to disclose information to law enforcement seeking
to prosecute abortion-related crimes.
_____________________________
9
https://bit.ly/3y8J6ZU
10 https://tinyurl.com/yf497dsp
11 https://www.cvshealth.com/impact/esg-reports/resource-library/legal-record-requests.html
12 https://www.nytimes.com/wirecutter/blog/state-of-privacy-laws-in-us/
As a result of this lax regulatory environment, many businesses
have implemented firmer privacy practices that more fully protect consumers from nefarious data uses and increase brand trust. One
such practice is abiding by the principle of “data minimization,” in which companies only collect personal data that is strictly
necessary for delivering the service a user is expecting to receive, and use it for only that purpose.13 Data minimization
is already a legal requirement for certain companies doing business in the European Union.14 As a result of data minimization,
companies amass less information that may be subject to law enforcement information requests or shared with third parties seeking to participate
in the enforcement of abortion-restrictive laws. Notably, data minimization would also reduce the Company’s liability, reputational
risk exposure, and storage costs.15 Labcorp has nonetheless failed to disclose in its various privacy policies whether it
abides by this or other widely recognized data privacy principles.
Yet, sharing consumer data without proper security measures could
expose the Company to significant risks, including the threat of burdensome litigation. In 2021, for example, the most popular fertility
and period tracking app developer, Flo Health, faced legal action upon claims that the platform shared sensitive health information with
third parties, including Google and Facebook (which could in turn share the data with law enforcement), without the users’ consent.16
Finally, most companies doing business in California, Virginia and
the European Union are also required to provide consumers with “deletion rights,” as contemplated by the Proposal.17
Deletion rights generally grant consumers the ability to have personal information erased in instances where the business is not required
to maintain the data. Implementing a sustainable data deletion program can help Labcorp reinforce its standards and governance for data
deletion, meet regulatory requirements, reduce the risk of data breaches, and improve data hygiene overall.18
Since Labcorp already complies with data deletion requirements under
California and Virginia law, applying deletion rights or other related data deletion mechanisms nationwide could be a feasible and cost-effective
mitigation measure to the problems raised identified in the proposal. Synalab Group, one of Labcorp’s international competitors,
automatically deletes or anonymizes a website visitor’s IP address from the company data logs, while other remaining website-visitor
data “is stored for a limited period of time” with the explicit purpose of improving the “operation of [Synalab’s]
website.”19 DaVita, a leading healthcare provider, gives consumers the opportunity to “amend or delete” information
collected from them through the company’s online platforms.20 The requested report would advise investors whether such
measures indeed provide such benefits to the Company.
_____________________________
13 https://pirg.org/articles/do-you-know-where-your-data-is-because-facebook-doesnt/
14 https://www.business.com/articles/how-to-apply-data-minimization/
15 https://tinyurl.com/2p92fr8t
16 https://tinyurl.com/2sduk56f
17 https://oag.ca.gov/privacy/ccpa (California); https://law.lis.virginia.gov/vacodefull/title59.1/chapter53/
(Virginia); https://gdpr-info.eu/art-17-gdpr/ (European Union)
18 https://www.grantthornton.com/insights/articles/advisory/2020/how-data-deletion-empowers-data-protection
19 https://www.synlab.com/privacy-policy
20 https://www.davita.com/privacy-policy
Production of the report would be feasible and cost-effective
While ignoring the substance of the Proposal, Labcorp focuses its opposition
statement on the supposed undue burden and unnecessary costs associated with the preparation of the requested report.
However, the scope of research involved in the production of the
requested report is narrow and limited to the risks associated with the Company’s fulfillment of information requests relating
to Labcorp customers for the enforcement of state laws criminalizing abortion access. The proposal and a number of reports and studies
have already identified many of the potential risks, thereby providing useful guidance that the Company may follow in preparing the requested
report. Notably, the proposal suggests that the Company consult with reproductive rights and civil liberties organizations in preparing
the report, which could reduce the burden of identifying relevant data privacy risks associated with criminal abortion laws.
Production of the requested report would be cost-effective and feasible.
A similar shareholder proposal submitted to Interpublic Group Companies for the 2023 proxy season was withdrawn after that company conducted
an assessment of their policies and practices regarding reproductive health data, ultimately finding there was no significant risk to
customers in the face of newly-enacted state laws criminalizing abortion.21
Labcorp’s claim that “[d]eveloping such a report and conducting
the related assessment set forth in the proposal would involve a substantial level of effort involving issues related to privacy, protection
of customer information, and compliance with applicable laws” raises concerns. Yet the Board has a responsibility to oversee the
“Company’s cybersecurity and other information technology risks, controls and procedures, including . . . the potential impact
of such risks on the Company’s business, financial results, operations and reputation.”22 Thus, the requested report
would entail the kind of analysis that falls within the purview of the Board's oversight duties.
Indeed, Labcorp should be periodically conducting the assessments contemplated
in the proposal. We believe existing Labcorp counsel and technical experts, in consultation with outside experts and groups, could satisfy
the request report analyzing, among other things, such mitigation measures without incurring substantial cost.
_____________________________
21 https://tinyurl.com/mvrmfj2x
22 https://ir.labcorp.com/static-files/5ffbe8bd-0695-4ac6-947e-1e877e1a33ec
In sum, we believe that implementing the requested report will help
ensure that Labcorp does more to monitor its data handling practices so that they do not expose consumers to serious risks stemming from
abortion-related criminal prosecutions, thereby eroding shareholder value by diminishing the Company’s reputation, consumer loyalty,
brand, and values.
Vote “Yes” on Shareholder Proposal No. 6.
For questions, please contact Corporate.Engagement<at>rhiaventures.org.
THE FOREGOING INFORMATION MAY BE DISSEMINATED TO SHAREHOLDERS VIA TELEPHONE,
U.S. MAIL, E-MAIL, CERTAIN WEBSITES AND CERTAIN SOCIAL MEDIA VENUES, AND SHOULD NOT BE CONSTRUED AS INVESTMENT ADVICE OR AS A SOLICITATION
OF AUTHORITY TO VOTE YOUR PROXY. PROXY CARDS WILL NOT BE ACCEPTED. PLEASE DO NOT SEND YOUR PROXY TO TARA HEALTH FOUNDATION. TO VOTE YOUR
PROXY, PLEASE FOLLOW THE INSTRUCTIONS ON YOUR PROXY CARD.
Item No. 6 – “Shareholder proposal regarding a Board
report on risks of fulfilling information requests”
Reproductive Healthcare and Data Privacy
WHEREAS: Following the revocation of the constitutional right
to an abortion in June 2022, policymakers are concerned about the use of personal digital data to enforce state laws that ban or limit
abortion access. Law enforcement may demand data held by Labcorp, seeking evidence of consumer acts that were legal in the state where
they occurred, but illegal in the consumer’s state of residence, such as laboratory testing related to reproductive healthcare.
Law enforcement’s reliance on digital consumer data has become
increasingly common. While Labcorp does not publicly report figures on compliance with law enforcement requests, Alphabet and Meta alone
collectively received around 119,000 requests in the second half of 2022, and each complied with about 84% of those requests.[1] In one
example from 2022, Meta satisfied, to significant negative press, a data request from Nebraska police for private Facebook messages between
a mother and teenage daughter regarding plans to end the daughter’s pregnancy. Based on those messages, both were convicted for
felony crimes and will serve prison time.[2]
Labcorp collects sensitive information from consumers about their
personal health, location, and Internet and commercial activity. Labcorp also owns Ovia Health, a digital app used by over 15 million
women for reproductive healthcare purposes, which collects detailed personal health data from users including information about their
cycles, fertility and pregnancy.[3]
Shareholders are concerned that such data will be accessed without
consumer consent by states that criminalize abortion. Labcorp’s privacy policies allow disclosure of certain personal consumer
information “in response to duly authorized information requests of any law enforcement agency,”[4] which may include instances
where compliance with the request is voluntarily sought.
Labcorp is not immune to abortion-related law enforcement requests
that may create significant reputational, financial, and legal risks. There is a strong brand benefit to upholding and increasing longstanding
consumer privacy expectations.
This is the second year that this proposal has been tiled. Labcorp
has declined multiple invitations from the proponents to discuss the matters raised herein.
RESOLVED: Shareholders request the Board issue a public report
detailing known and potential risks and costs to the Company of fulfilling information requests relating to Labcorp customers for the
enforcement of state laws criminalizing abortion access, and setting forth any strategies beyond legal compliance that the Company may
deploy to minimize or mitigate these risks. The report should be produced at reasonable expense, exclude proprietary or legally privileged
information, and be published within one year of the annual meeting.
SUPPORTING STATEMENT: Shareholders recommend, at management
discretion, input from reproductive rights and civil liberties organizations be solicited and reflected in the report, and that the report
contain an assessment of the benefits and feasibility of:
| ● | implementing a nationwide data privacy policy wherein consumers may request that Labcorp delete personal data that it is not legally
required to retain; |
| ● | notifying consumers about law enforcement information requests regarding their data prior to, and with sufficient time for consumer
response, complying with any such request. |
[1] https://transparencyreport.google.com/user-data/overview?hl=en;
https://transparency.fb.com/data/government-data-requests/country/us/
[2] https://www.nytimes.com/2023/09/22/us/jessica-burgess-abortion-pill-nebraska.html
[3] https://www.oviahealth.com/privacy-policy
[4] https://www.labcorp.com/hipaa-privacy
Laboratory Corporation o... (NYSE:LH)
Historical Stock Chart
From Apr 2024 to May 2024
Laboratory Corporation o... (NYSE:LH)
Historical Stock Chart
From May 2023 to May 2024
