Jump to content United States-English
HP.com Home Products and Services Support and Drivers Solutions How to Buy
» Contact HP
 
HP.com home
 HP Global Citizenship Report  >  Privacy

Approach


 Add to my report Go to my report
» 

FY07 Global Citizenship Report
» Introduction
» Global citizenship at HP
» Ethics and compliance
» Supply chain responsibility
» Climate and energy
» Product reuse and recycling
» Product innovation
» Operations
» Privacy
» Approach
» Goals
» Employees
» Social investment
» About this report
» At a glance
» Build and print custom report
» Downloads
» Feedback
» Global Citizenship home
» Global Citizenship news View rss feed for Global citizenship news

Take the executive tour

Custom Report Builder: Compile and print any parts of this report

Content starts here

Accountability approach to privacy

We demonstrate our commitment internally in our privacy policies and procedures, comprehensive standards for implementing these policies, assurance and audit reviews, and employee training and communication programs. We have developed a Privacy Accountability Model that aims to ensure that we make responsible decisions affecting people's personal information. We also have formed a Privacy and Data Protection Board to ensure the relevant corporate businesses and functions share responsibility for making those decisions and implementing them in their business processes systemically.

To hold ourselves accountable when implementing our privacy policies, we review decisions not only for compliance with the law, codes of conduct and our own privacy policies, but also in light of our company values, customer desires and expectations, and a range of potential risks.

The model begins by ensuring we comply with all applicable laws and regulations where we operate. We then make certain that we operate in accordance with major industry codes of conduct, contractual agreements and international programs like Safe Harbor. These actions are the core of a traditional liability-based model. Our model goes beyond legal and industry norms to make decisions consistent with our own commitments to privacy and data protection.

In 2007, we added an evaluation of decisions against the values articulated in our Standards of Business Conduct and against six types of risks. Our values include integrity, transparency and respect for the individual. The risks we consider are those that could affect reputation, investment and business continuity, among others. HP managers use this model when making decisions affecting privacy and data protection.

We developed the model with the Center for Information Policy Leadership and have been collaborating with this global think tank and engaging with government regulators to encourage wider adoption of this approach across the private sector.

“The capacity of new technologies to aggregate sensitive information has increased privacy concerns among companies, policymakers and consumers alike. HP was one of the first companies to embrace the idea of a comprehensive U.S. privacy law and has shown that it can build meaningful protection into its products. The challenge for the future will be whether HP can use the same technology to actually provide consumers with more control over their information, rather than less or equal.”
—Ari Schwartz, Deputy Director of the Center for Democracy and Technology

Privacy and Data Protection Governance Board

We formed a Privacy and Data Protection Governance Board to address the growing complexity of data protection. Departments throughout the company have a stake in managing privacy and data protection. If we are to meet our commitment to be fully accountable and to address the new challenges facing privacy, integrated information governance is critical. The board facilitates shared responsibility among the Privacy Office, Legal Department, Security Division, Human Resources, Government Affairs, and the business and corporate functions.

The board's charter is to:

  • Develop privacy and data protection policies, practices, procedures and training
  • Monitor and audit compliance with laws, codes of conduct and policies
  • Provide a process for issue resolution
  • Facilitate shared decision-making and seamless interaction among the HP functions supporting privacy

The board is staffed with key company leaders and is fully operational.

Training, monitoring and compliance

HP requires all employees to take annual privacy training. In 2007, 140,118 employees (81 percent) completed our yearly Standards of Excellence Data Privacy training. This number exceeded our goal of 80 percent completion.

HP monitors compliance with its policies through:

  • Customer and employee feedback submitted online, by post or by phone
  • HP privacy team compliance reviews and assessments
  • Privacy audits conducted within HP and with our suppliers

By contract, all suppliers and third-party vendors worldwide who handle HP customer and employee personal data must do so in accordance with applicable portions of HP's privacy policies and contractual requirements supporting those policies.

Privacy and our products and services

HP's Design for Privacy program provides guidance in incorporating privacy features into products to build trust with consumers and help corporate customers comply with privacy regulations. For example, our Privacy Office and product research and development groups have collaborated to evaluate impacts and implementation of technologies such as RFID (radio frequency identification) in high-volume consumer products such as cameras or printers. The collaboration resulted in product design and supply chain management that ensures a user's privacy. Our new companywide privacy product development standard will be deployed by April 2008.

External policy development

In 2007, HP was involved in several areas of public policy relating to privacy and data protection:

  • We worked to advance the development of unified U.S. privacy law through the Consumer Privacy Legislative Forum.
  • We actively participated in the Asia Pacific Economic Cooperative's (APEC) Electronic Commerce Steering Group to help advance accountability and create a framework for developing cross-border privacy rules relevant to the Asia Pacific and Japan region.
  • We were invited by the Chinese Academy of Social Science's Institute of Law to participate in a series of symposia that may help to develop the Chinese government's personal data legislation. We plan to continue our participation.
  • We worked closely with the Center for Information Policy Leadership to help influence emerging privacy policy in key markets.
  • We actively participated in numerous industry forums, including RFID and anti-spyware coalitions.
  • We met with government officials and regulators in all regions to understand their concerns and initiatives and to help them fully appreciate the potential implications for privacy of new technologies, including behavioral targeting, RFID, spyware and emerging technologies like our Memory Spot chip. This tiny device makes it possible to attach digital information to almost any surface.

 

 
Printable version
Privacy statement Using this site means you accept its terms Feedback to webmaster
© 2008 Hewlett-Packard Development Company, L.P.