I know HP to be a company that values privacy enormously. They have a full contingent of privacy professionals distributed around the world - many of whom are Certified Information Privacy Professionals. These dedicated privacy teams have implemented policies and procedures to ensure that business operations function using best-in-class standards. HP's reputation for its consumer privacy practices is reflected in the recognition the company received earlier this year from TRUSTe and The Ponemon Institute, which awarded HP with The Most Trusted Company for Privacy Award.
After the criminal charges against the former board chairwoman and four others were announced earlier this month, California Attorney General Bill Lockyer noted the company's longstanding record for ethics and professionalism, referring to HP as "one of our state's most venerable institutions." He went on to say that in an effort to plug boardroom leaks, "people inside and outside HP violated privacy rights and broke state law."
We can't know for sometime whether prosecutors will ultimately prove their case in the face of vows of vigorous defenses. However, what is clear at this juncture is that the HP pretexting scandal - which has embroiled the HP Board of Directors and executive team - is a stark reminder that privacy needs to be pushed below, across and above the Chief Privacy Officer. The HP case is an indicator that some boards of directors and other members of the executive suite may not have the right sensitivities regarding when a privacy issue does, or does not, emerge. It also should serve as a cautionary tale: The value of privacy is not just in the CPO, but in the very DNA of the organization. Simply put, privacy must be a part of the entire organization.
Pundits, privacy experts and others are anticipating that the HP case will have lasting impacts. While it is too early to know whether the scandal will propel passage of privacy legislation or unleash widespread revisions of best practices related to workplace privacy, we know that as privacy professionals, we must effectively, forcefully and successfully prevail on the tenet that privacy must be engrained in our organizations' corporate cultures - throughout every part of the organizational chart.
J. Trevor Hughes, CIPP
Executive Director, IAPP