HP 2015 Sustainability Report

Introduction

Environment

Society

Integrity

About this report

Contacting our Privacy Office We greatly value our customers’ opinions and encourage them to contact our Privacy Office with any concerns about how we collect and use their data, or questions and comments about our HP Privacy Statement or the HP Global Master Privacy Policy . We respond to customers and resolve complaints in a timely and appropriate way. Code of ethics for big data The rapid evolution in global data collection and analysis brings many benefits to con- sumers, business, and society. “Big data” are the vast informational inputs that business and governments analyze to draw correlations, produce insights, and inform strategy. As HP increasingly moves into service-based business models and designs solutions to meet the needs of the “internet of things,” we must understand how to analyze and process this type and volume of data in an ethically compliant way. To protect individual rights, big data collection and use must be governed in a legal, fair, and just way based on ethical considerations. Under the leadership of the Information Accountability Foundation (IAF), HP works closely with regulators, other companies, and the privacy community to develop and champion The Big Data Ethical Framework Initia- tive. This groundbreaking collaboration creates practical tools to guide companies and other organizations in how they collect, analyze, and use big data, and will help guide our approach moving forward. In 2015, Hewlett-Packard Company continued to collaborate with IAF on the project. Regulatory engagement on privacy Our privacy and government relations teams work with governments around the world to support robust and globally interoperable privacy regulations. Our objective is to reform outdated and fragmented privacy laws and regulations that have not kept pace with technology advances. We advocate for accountability-based requirements for both the public and private sectors to enhance data protection. As a global company, we collect information from customers worldwide, but our IT processing capabilities are centralized. The secure movement of data is essential to our business, and we advocate for mechanisms that enable us to easily and securely move data while maintaining privacy standards. We encourage any cybersecurity legislation and regulations to be voluntary and nonprescriptive, align with global standards, and not require disclosure of intellectual property in exchange for compliance certification. We also discourage geographic restrictions and country-specific technical standards as part of cybersecurity policies. Europe : In October 2015, the European Court of Justice (ECJ) struck down the EU-U.S. Safe Harbor, an international agreement regulating how U.S. companies export and handle the personal data of European citizens. The ruling affects thousands of companies that must now rely on alternative legal mechanisms to securely move data across the Atlantic. Due to the strength of HP’s internal frameworks and accountability mechanisms for privacy, the impact of the ECJ’s decision on HP has been minimal. Prior to the decision, Hewlett-Packard Company had prenegotiated binding corporate rules (BCRs) with the EU and model contractual clauses with clients, allowing us to continue to move the data we control with minimal disruption. By proactively achieving the regulatory certification, the company maintained its ability to operate in strategic markets. HP remains among less than 90 companies worldwide recognized by EU data protection authorities for our binding corporate rules.

124 HP 2015 Sustainability Report

www.hp.com/sustainability