HP 2015 Sustainability Report

Introduction

Environment

Society

Integrity

About this report

HP’s commitment to privacy: • We only collect personal information to support reasonable business requirements, and do not sell, rent, or lease the information that we collect. • We give people notice and choice about the type of personal information we collect and its intended uses, and we don’t use that information for other purposes. • We strive to ensure that all applicable personal information is accurate, complete, and current, and we give people reasonable access so they can review and correct it, as needed. • We protect personal information against unauthorized use or disclosure, and apply additional protection for sensitive data. • We don’t transfer personal information to others unless they promise to give the data the equivalent level of protection that HP provides. • We address complaints or disputes regarding personal information promptly and courteously. We are committed to safeguarding the data we collect, analyze, store, transfer, and pro- cess. Strong global privacy controls and standards are supported and enabled through robust data security. The HP Privacy Accountability Framework is our company-wide approach for assessing and managing risks associated with collecting and handling personal data. The Frame- work goes beyond minimum legal requirements, ensures transparent practices, and takes into account our company values, ethical considerations, contractual agreements, and local cultures. Privacy training is a key part of our mandatory Standards of Business Conduct (SBC) annual refresher course, completed by 99.97% of active employees in 2015. Rigorous policies and procedures ensure that employees protect and maintain the personal data we hold or process. Data security In information technology, strong data security and privacy go hand in hand. Our Cyber- security Office provides and maintains the guidance, governance, processes, resources, and vendor relationships necessary to protect customer and employee information from unwanted access, security threats, and cyberattacks.  In the event of an incident, our Cybersecurity Office also oversees the incident response processes to address and resolve such incidents as swiftly as possible. Our Privacy Office provides clear guidance as to the types of personally identifiable information for which HP has an obligation to ensure a right to privacy.  Our Cybersecurity Office defines the controls necessary to provide this type of protection, and our IT partners and vendors deliver the technology necessary to support these aims. This strong focus on security underpins our ability to uphold our commitment to privacy. Strategy, standards, and engagement

122 HP 2015 Sustainability Report

www.hp.com/sustainability