HP 2015 Sustainability Report

Introduction

Environment

Society

Integrity

About this report

Customer privacy through the separation HP is committed to upholding transparency and choice for our customers worldwide. During 2015, Hewlett-Packard Company confirmed the confidence of its customers through a vast undertaking to communicate directly with every customer about their pri- vacy rights during the company separation. As Hewlett-Packard Company separated into two companies and prepared to transfer existing customer data from one company to two, it notified customers of its intent to separate and affirmed that they would receive the same level of protection at each com- pany. Customers also received the choice to “opt out” of having their data transferred during the separation process. Notifications were sent to 38 million Hewlett-Packard Company customers and less than 1% of those opted out of their information being retained by either company. Global compliance in privacy HP invests significant resources in managing privacy risks across the company. We mon- itor compliance with applicable privacy laws and our own privacy policies and processes through ongoing internal reviews. All relevant business units are required to follow HP privacy policies and develop remediation plans when problems arise. The HP Privacy and Data Protection Board (PDPB), consisting of executive representatives from across our business units and functions, is designed to oversee these compliance efforts, assess risks annually, and design and lead mitigation strategies. In developing HP’s privacy policies and standards, we consider the major principles and frameworks in place around the world. These include the Organization for Economic Cooperation and Development (OECD) Guidelines on the Protection of Privacy and Trans- border Flows, the EU Directive 95/46/EC, the Asia-Pacific Economic Cooperation (APEC) Privacy Framework, and the Madrid Resolution on International Privacy Standards. We also monitor development of new regulatory instruments, such as the pending EU General Data Protection Regulation, for which HP has begun the compliance preparation process. HP tracks the number of substantiated complaints of third parties about customer priva- cy and data, as shown in the table.

Number of substantiated complaints regarding breaches of customer privacy and losses of customer data at Hewlett-Packard Company, 2013–2015*

2013

2014

2015

Substantiated complaints from outside parties (including customers)

0

6 **

2

Substantiated complaints from regulatory or other official bodies

0

0

0

* Breaches of customer privacy cover any noncompliance with existing legal regulations and voluntary standards regarding the protection of customer privacy related to data for which HP is the data controller. Substantiated complaints are written statements by regulatory or similar official bodies addressed to the organization that identify breaches of customer privacy, or complaints lodged with the organization that have been recognized as legitimate by the organization. ** In two separate incidents emails containing nonsensitive data were sent to a number of recipients in error and several customers reported this to Hewlett-Packard Company. These multiple notifications have been treated as one complaint for the purposes of this report.

123 HP 2015 Sustainability Report

www.hp.com/sustainability