Scott Taylor was named Chief Privacy Officer last year, with responsibility for HP’s global data protection and privacy strategy and standards. Since the recent investigations into leaks of information from the Board of Directors, this role carries extended responsibilities ensuring that HP’s approach to privacy determines the way employee and customer data is handled throughout the organisation. We talked to him about HP’s approach to Privacy and his role.
|
|
 |
|
Q: What is HP’s definition of Privacy?
ST: Our approach to Privacy is based on the principles of the EU Directive, which is one of the strictest pieces of framework legislation on Privacy and Data Protection in the world. At HP, Privacy is one of the key pillars of HP’s Global Citizenship strategy. And our policies are built on the values articulated in our Standards of Business Conduct.
We see Privacy as a fundamental human right, which includes the right to be left alone, the right to have personal information treated confidentially and the right to determine how personal information is used. Respect for an individual’s privacy and the protection of individual or business data is fundamental to our culture and we see it as an important way to distinguish ourselves as an industry leader. That does not mean that we cannot use data robustly to create value for our customers – it simply means we are committed to the responsible use of that data – in a fashion that is consistent with the expectations of our customers.
|
Q: Can you explain what your role involves?
ST: The Chief Privacy Officer and the extended Privacy team have global responsibility for HP’s Privacy policy and practices as well as ensuring the appropriate use of information throughout the organisation. We work across our functions and business groups to uphold our policies and standards, which go beyond what is required by legislation in most countries.
In terms of what I and my team do, it includes monitoring, consulting and compliance activities, but training and communication is gaining in importance. It used to be fairly straight forward to identify employees who were dealing with sensitive data and ensure they knew our policies, practices and when to consult with us directly. But I would argue that this is changing due to new technologies and a larger, more distributed organisation. Education and simple protocols are critical in ensuring that every employee around the company that is managing and handling personal information understands the appropriate philosophies, policies and practices.
|
Q: What can customers expect from HP in terms of data protection and privacy?
ST: Our privacy policy is based on the principles of notice and choice, access, accuracy, security, transparency and accountability and HP implements these principles through robust standards. Assurance happens through internal audits, manual compliance processes and by participating in programmes such as SafeHarbor or BBBOnline which provide external validation.
|
Q: How does HP ensure data protection?
ST: A critical part of what the Privacy team does is about ensuring that everybody at HP understands our philosophies and policies for Privacy – and that they follow our guidelines and processes when dealing with personal data. To help our workforce in interpreting our policies, the Privacy team has developed a “rule book” that summarises our implementation standards very explicitly, so different parts of the organisation, including marketing, sales, support and product development have clear guidelines and best practices to reference. And when the rule book does not provide the necessary clarity or guidance, there are named Privacy experts for every area that can be consulted.
HP has a Global Master Privacy Policy and three more specific policies that relate to employees, customers and our online/email interactions with customers and prospects. The Global Master sets the overall tone and principles for privacy at HP and the three subordinate policies allow us to specifically address the differing external requirements and expectations of the individuals covered.
Another important component of ensuring privacy and data protection is in our contracts with partners and third-parties. We work closely with our legal counsel on standard contractual clauses to protect HP and uphold our high standards for privacy and data protection.
|
Q: What data protection standards does HP enforce?
ST: Data protection and privacy is highly regulated in the EU, parts of Asia Pacific and parts of the Americas. In these situations we always strive to adhere to and where possible exceed data protection standards set by legislation. In those areas we actively promote an open and mutually beneficial dialogue with the authorities and local stakeholders. This is essential to ensure the most appropriate set-up to comply with regulations is in place and is aligned with our policies and values and efficiently supports HP businesses growth.
In countries where there is less regulation or clarity on data protection, we also work closely with data protection authorities, government regulators and industry bodies that promote responsible, self-regulated industry standards.
We are a member of Safe Harbor, a programme developed by the US Department of Commerce in response to EU data protection laws to ensure US companies meet EU requirements. We also subscribe to the BBB Online seal standard. In fact, HP was a founding sponsor of BBB Online and we were the first large US company to participate in Safe Harbor.
|
Q: What do you consider to be the key trends that will shape HP’s privacy and data protection policies going forward?
ST: One of the most important trends is that consumers themselves are becoming much more concerned about privacy and expect their data to be handled securely and in a responsible manner. From the beginning of our Privacy activities in HP we always considered that privacy was first and foremost a customer benefit and a customer expectation rather than just considering it to be a compliance requirement. We believe this trend will increase in the next years to become one of the main enabler of the Information society business.
In addition, our customers are citizens of specific nation states that enforce their own rules and regulations about privacy. As a multi-national company, we need to join forces with consumer advocacy groups, NGOs, government agencies and the private sector to set standards that satisfy a range of different requirements. We cannot set these standards in isolation; these solutions need to be developed collectively.
Beyond advocating international standards on privacy, we also continue to work on developing our own company’s standards further. Right now we are working on what we call the Privacy Accountability Model. This model envisages that ethics and values will become crucial factors in all our decision-making processes.
|
|
|
Global Citizenship Reports 2006 (*) |
|
|
|
|
|
|
|
|
Printable version
