Audio & Video
Business Center
Cameras
Cell Phones & PDAs
Desktop PCs
Gadgets
Gaming
HDTV
Laptops
Macs & iPods
Monitors
Printers
Software
Spyware & Security
Storage
Upgrading
Windows Vista & XP
Resource Centers
Asus Notebook Center
Intel Technology Center
CDW Solution Center
Lenovo Laptop Showcase
Try It Free
White Paper Library
Webcast Library
Most Popular Products
Most Popular Downloads
Saturday, September 09, 2006 3:21 PM PT Posted by Harry McCracken
HP's Privacy Fiasco
At PC World, we're product people; corporate intrigue is not normally our beat. So even though HP is unquestionably one of the most important companies in the small-w PC world, I haven't blogged until now about the bizarre, fascinating melodrama that's unfolding at that company. (If you haven't heard, a subcontractor in HP's investigation of boardroom leaks got access to the phone records of company board members and reporters by posing as the people involved, using a technique known as "pretexting.")This is far from the first privacy breach involving a major technology company--just ask AOL--but it may be the weirdest. The data involved wasn't stuff that HP already had, and the people whose privacy was violated were not customers but HP's own board members and reporters at CNET NEWS.com, the Wall Street Journal, BusinessWeek, and (Today, CBS News is reporting that the phone records of the father of Stephen Shankland, one of the CNET reporters, were also involved.) Essentially, private gumshoes working on behalf of HP were engaged in a form of identity theft against a handful of people.
So should anyone who's not a member of the HP board, a reporter on the HP board, or the relative of such a reporter pay attention to this story? I think so, and here's why: In this digital age, doing business with a company means, almost by definition, that you're entrusting it with sensitive personal information. Evidence that a company takes privacy seriously is a strong argument for becoming its customer; signs that it doesn't are reason to proceed with caution.
This is anything but a brilliant insight on my part--actually, the sizable privacy section in HP's own "Global Citizenship Report" makes the point itself. And to be fair to HP, there's every indication that the pretexting scandal is an unfortunate, inexplicable aberration at a company that's committed to being a leader when it comes to privacy issues. (Hewlett-Packard has won a number of privacy-related awards, including one in 2005 from our sister publication, Computerworld.)
In the wake of this privacy fiasco, the most reassuring thing for HP customers--or at least this HP customer--would be if the company admitted it screwed up badly--no excuses--and that what happened was a basic violation of the trust that a very large number of HP employees have worked very hard to earn over a very long time.
So far, the actions and comments of HP Chairman Patricia Dunn, who sits at the center of the scandal, haven't exactly suggested that she gets this. First of all, when HP board member Tom Perkins resigned in disgust over the investigation in May, the reason for his actions remained secret; it's unclear when Dunn learned that the pretexting happened as part of the investigation, but the most charitable explanation for HP not disclosing the pretexting as soon as Dunn knew about it would be to assume she didn't realize it was a big, big deal.
Dunn has said she didn't know what was going on. (How did she think the investigators had gotten ahold of other people's phone records?) She's called the pretexting "absolutely appalling" and "embarassing". (I'll say.) She's said "there were things not done particularly well..." and that there "it looks like there was sloppy work along the way". (Yep.) And she's said she's going to apologize to the reporters whose identities were stolen by HP's investigators. (You think?)
What she hasn't seem to have done is to take responsibility for the privacy violations committed as part of her leak investigation--in fact, she told the New York Times that the the current controversy is a "brouhaha" for which board member Perkins is to blame. And an HP filing with the SEC said that the company was under the belief that pretexting "was not generally unlawful," as if that meant that it was acceptable to pose as someone else to gain access to their personal data. (California's Attorney General seems to have a slight disagreement with the notion that no laws were broken.)
Whether Patricia Dunn survives all this is yet to be seen--HP's board is apparently holding an emergency phone conference this weekend to review the situation. I'm not here to angrily demand her ouster; like I said, I'm a product guy.
But whether she stays or goes, an humble apology from the company to the millions of people who entrust it to be a scrupulous steward of their data is in order...and would help reaffirm that HP's longstanding policies rather than Dunn's recent manuevers reflect its real attitude on privacy.
Archives
View posts from:
PC World's Marketplace
PC World's Free Whitepapers
QUICK LINKS:
cheap laptops
cell phones
laser printers
HDTV reviews
LCD TV Plasmas
digital cameras
laptop reviews
security antivirus
windows vista reviews
digital camera reviews
inexpensive desktop
LCD wide screen monitors
tech news tech blogs community & forums laptop prices software reviews downloads
tech news tech blogs community & forums laptop prices software reviews downloads
It is Federal law that no one can pretext for medical or banking information but everything else is up for grabs unless your state (like California) outlaws a particular practice which most don't. This is a consequence of technology being ahead of law.. Private Investigators have been doing it for years (think divorces and scoff law debtors). It has just become a lot easier with the Internet. It IS despicable but until we talk to our Congress people and/or our state legislators it is onlygoing to get worse.
This is an unfortunate incident. As a recent MBA graduate I must adhere the concepts of corporate ethics, regardless to the need of implementing a complete internal auditing project. She made the mistake of undermining her entire board. The reason that the board wanted her to stay was probably to ensure that she does not have any information on them.
This should not affect HP's earnings although it might deter certain talented engineers, consultants and executives from joining Hewlett Packard. Headhunters will probably have a difficult time convincing their clients that HP is the place to be.
HP is not at fault in this situation. Depending on the contractual agreement that was made with the PI company it must have been arranged that the liability was not with HP. They can always say that they were not aware as to the methods that were to be used in order to ensure that these members were not divulging corporate information.
What is most unfortunate about this is that she was caught.
Don't do the crime if you can't to the time! Don't do it!
This is an unfortunate incident. As a recent MBA graduate I must adhere the concepts of corporate ethics, regardless to the need of implementing a complete internal auditing project. She made the mistake of undermining her entire board. The reason that the board wanted her to stay was probably to ensure that she does not have any information on them.
This should not affect HP's earnings although it might deter certain talented engineers, consultants and executives from joining Hewlett Packard. Headhunters will probably have a difficult time convincing their clients that HP is the place to be.
HP is not at fault in this situation. Depending on the contractual agreement that was made with the PI company it must have been arranged that the liability was not with HP. They can always say that they were not aware as to the methods that were to be used in order to ensure that these members were not divulging corporate information.
What is most unfortunate about this is that she was caught.
Don't do the crime if you can't to the time! Don't do it!