Privacy at HP

Oct. 2005 -- Information technology makes our lives simpler and faster. But at what price? Is someone spying on you - online? Has your computer been hacked?  Do you receive too many unsolicited emails? Is your personal information being collected and sold for profit by companies without your knowledge or permission?

The European Union Charter of Fundamental Rights defines privacy as a human right. HP's definition of privacy includes the all-important right to determine how your information is used.

With security breaches, spamming concerns and online fraud on the rise, consumers, businesses and government organizations are growing more concerned about protecting individuals' privacy.

EU Online surveys showed that virtually two-thirds (64%) of EU citizens(1) said they were worried about leaving personal information, such as their name, address, or date of birth on the Internet and 69% of customers are afraid their personal data could be misused when they buy online(2).

Rather than simply complying with privacy laws and regulations, HP has helped set industry standards for protecting data and has been recognized as a leader and model for other companies. HP was one of the first global companies to join Safe Harbor, a data protection agreement between the European Union and the US governments enabling the safe and legal transfer of personal data in line with EU data protection legislation.

In Jan. 2005, TRUSTe, the leading US online Privacy non-profit organization, and the Ponemon Institute, also based in the US, honored HP with "The Most Trusted Company for Privacy" Award.

After a review of 50 eligible American companies that topped the list in a consumer-focused study, HP was recognised for establishing and enforcing progressive privacy practices that build a high level of consumer trust.

Moreover, it is just good business sense; dealing correctly and honestly with privacy matters can pay off in terms of customer satisfaction and business opportunities. HP's privacy policies made a direct contribution to more than $700 million in contract wins in 2004.

"Making privacy a strategic priority creates a reputation in the marketplace that cascades to our customers and their preference to buy HP products," says Barb Lawler, HP's chief privacy officer.

Conversely, worries about poor protections of personal data can hurt business.

 

HP is expanding privacy on two fronts. HP labs are developing new privacy-related applications and Customer Support is offering a suite of online privacy services to better serve global customers.

A team of HP researchers is developing new technology that will help empower HP customers to exercise their privacy rights. "What we mean by privacy is the ability of individuals to retain control over their personal information," says Pete Bramhall, who manages privacy and identity research at HP Bristol Labs in the UK.

The HP Labs team is dedicated to building systems with stronger protections for personal data - how it's accessed, processed, managed, transferred and eventually deleted.

HP is acting both on its own initiative and as a member of the PRIME (Privacy and Identity Management for Europe) consortium. PRIME is a four-year effort, partly funded by the European Union focused on the research and development of solutions for people to better manage their cyberspace privacy.         

Managing privacy is an incredibly complex task. Enterprises store vast amounts of personal data about their customers, their employees and their partners.

The researchers in HP Labs Bristol are developing solutions that perform three key tasks involved in handling private information:

·        Access control -- a common approach to enforcing an enterprise's privacy policies, as well as the preferences that customers and/or employees have regarding access to personal data.

·        Obligation management -- automating a consistent approach to handling personal information according to government regulations, corporate policies and individuals' preferences.

·        Evaluating the trustworthiness of a corporation's data-processing applications, services, hardware and software platforms, and networks.

HP's Customer Support operation in Ireland has developed an innovative service - Web Governance - that enhances online privacy.

In fact, it is a comprehensive set of tools used to remotely scan and monitor customers' Web sites, to carry out detailed analysis and deliver recommendations for corrective actions. As part of the service, two internal privacy tools have been commercialised. 

The privacy impact assessment tool gives enterprises the ability to assess potential privacy issues early in the development process when they can be readily managed. The Privacy Rulebook and Reference Guide helps an organisation to manage global risks and build privacy into its business processes.

Companies need to continuously monitor, analyse and manage their Web sites to be confident of adherence to government laws, regulations and corporate standards for privacy.

Because of the dynamic nature and the sheer size of Web sites, trying to achieve this manually is no longer a feasible option. “The Web Governance service provides an automatic solution to assist global companies manage online privacy risks,” says Vincent Kelly, the Web Governance program manager.

HP researchers will continue to develop the technology that makes it easier and simpler for companies and governments to design products and services that protect individual privacy.

They will also be working with industry and university partners to standardise the languages used to express policies for privacy-enhanced access control.

"Our goal is nothing less than universal participation by citizens and consumers in the digital society and economy," says Bramhall.

(1)September 2003 Eurobarometer survey #196.

(2)September 2002 Questionnaire on implementation of EU directive 95/46.