- HP maintains one of the most robust privacy programs in the world.
- HP Privacy policies derive from individual expectations, Organization for Economic Co-operation and Development (OECD) Guidelines inspired fair information practice principles and laws in Europe, Asia Pacific and North America.
- HP is committed to privacy leadership and accountability. We support responsible legislation, promote consumer privacy education, and advocate the use of consumer empowering technologies.
- Different and sometimes divergent legislation on this issue increases the difficulty and cost for compliance. There is a need for policy convergence and diffusion.
- Emerging or revised privacy policy should include a balance for protection of individual rights and the need to achieve business outcomes.
- HP has developed a set of privacy principles that when implemented achieve the needed balance between protection and achieving business outcomes.
Privacy is a fundamental human right and is becoming an increasingly important consumer interest. At the same time, governments expect information to drive economic development and consumers expect tailored services and products. The use of new technologies makes tailoring services and products to consumers useful. There is a need to guarantee the individual rights of consumers and employees are protected and to ensure business continuity and growth in all HP business operations. Achieving the right balance is essential to realize both business outcomes and consumer choice. Existing and future legislation and regulation should reflect this need for balance.
HP maintains one of the most robust privacy programs in the world, with policies derived from the OECD Rules and the EU Directive. HP is also the first large company to participate in the Safe Harbor agreement. HP policies are applied globally and set above most country and regional laws. Challenges come from the emergence of different and sometimes divergent legislation on this issue, which make it difficult to establish global regulatory requirements. HP would like to see policy convergence and rules that permit the free flow of information across borders to maintain the highest possible level of protection for individuals' right to privacy and meet business objectives.
HP would like to see public policy and legislation adhere to international principles similar to the Asia-Pacific Economic Cooperation (APEC) Data Privacy Principles and within the OECD Data Privacy Guidelines. Regardless of this, HP adheres to strict data privacy principles and would favor a regulatory framework that produces the least bureaucratic burden, is most cost effective to implement and permits the information exchange for commercial purposes. HP advocates the establishment of a workable flexible benchmark that unifies divergent regulations and endorses consumer notice and choice.
The data privacy principles below are the foundation of the HP Global Customer Data Privacy Policy for customers and applies to any Personally Identifiable Information (personal data) collected, used, transferred and stored by HP. Some "non-personal" (anonymous) data use is also covered by this policy.
- Notice: HP will inform individuals about the purposes for which it collects Personal Information, how to contact HP with inquiries or complaints, and, where appropriate, the types of third parties to which it discloses data and the choices and means HP offers for limiting its use and disclosure.
- Choice: HP will ensure that the rights of people, whose personal data is held by HP, must be fully able to exercise their rights. This includes the right of an individual to choose how their data will be utilized and the right to choose whether and how personal data provided is used or disclosed to third parties, where such use is incompatible with the original purpose or authorizations.
- Onward Transfer: HP will ensure that personal data is not transferred without suitable safeguards, in accordance with applicable law. Personal data will only be transferred outside of HP if the receiving party has signed a Personal Data Protection Agreement (PDPA) with HP agreeing to abide by privacy practices that are equivalent to those of HP. In some cases, the individual will be required to give their explicit permission (opt-in) to having their data transferred outside of HP.
- Security: HP is committed to ensuring the security of personal data. To prevent unauthorized access, maintain data accuracy, and achieve the appropriate use of data, HP has put in place appropriate physical technical and organizational security measures to safeguard personal data. In adherence with privacy laws worldwide and internal HP policies, HP will address detailed security at four levels: network, database, application and user.
- Data Integrity: HP will fully observe conditions regarding the fair collection and use of personal data. HP will collect and process data, only to the extent needed to manage business relationships, to fulfill operational needs and/or to comply with legal requirements. HP will take reasonable steps to see that all personal data is accurate, complete and current.
- Data Access: HP will provide individuals with reasonable access to their personal data and, when appropriate as required by law and/or HP policies, allow the individuals the ability to change their data or request the data be changed by HP.
HP will address any complaints or disputes regarding personal data promptly and courteously. Investigations regarding non-compliance with this policy will be handled by the responsible person designated by local management. HP will perform regular self-assessments to verify that this privacy policy is accurate, comprehensive, prominently displayed, correctly implemented, communicated and accessible. HP will participate in an appropriate third party certification program that will provide oversight to the HP Privacy Program. HP will co-operate with the relevant Data Protection Authorities in the investigation and resolution of any complaints relating to this policy and will respond to the decisions of these authorities as appropriate.
|
|
|
Printable version
