Transforming IT Blog
Join us in the Transforming IT HP Blog where we will discuss reinventing IT to overcome obstacles and take advantage of Instant on Enterprise opportunities.

Privacy please: the growing challenge of protecting private information

Mark Colaluca is the Vice President of the Global Support Delivery (GSD) Americas Organization, which includes the Brazil, Canada, Mexico, and MCA (Multi-Country Area), and the United States, within HP’s Technology Services (TS) business unit. The GSD Americas team delivers support services to HP customers, supporting warranty, break/fix, Proactive and Datacenter Care services, while maintaining high quality and Total Customer Experience (TCE) standards. Since joining HP in 1984, Mark has held numerous management and executive positions within customer support services and supply chain operations. Prior to HP, Mark served in the United States Air Force. Mark currently lives in Dallas, Texas.

Protecting the privacy of sensitive information used to be hard enough. Even though your organization installed the best IT security applications and conducted extensive training to create a high-security environment that protected it from external threats, all it took was for one employee to send one fax to a machine in a public or even semi-public area.  Suddenly, you were out of compliance with HIPAA/HITECH or one of the many other regulations that now deal with data privacy. If the violation was willful, your organization also faced civil and/or criminal penalties. The same could happen if someone carelessly disposed of any technology asset (printer, PC, laptop, etc.) with built-in memory that stored private information.  

Now, new approaches like the Cloud and Bring Your Own Device (BYOD) have made the dissemination of information even more difficult to control and compliance with privacy regulations even harder to achieve. So how do you respond?

There’s no app for that
Most security threats can be defused with the use of commercially-available security programs and occasional training, e.g., don’t open attachments in emails from unknown senders. Privacy requires a more holistic approach that addresses technology, processes and people. This is where HP Technology Services (TS) can help.  

TS knows how to help you best utilize the privacy-sustaining characteristics of HP products and has a portfolio of Data Privacy services designed to keep sensitive information private throughout the lifecycle of each technology asset. The portfolio includes defective media retention, data sanitization, and asset recovery services to assist businesses and government entities maintain an auditable chain of custody in the maintenance, reuse, and retirement of IT equipment. Recently, HP TS launched two services that can expand an organization’s ability to keep private information private.  

  • HP Onsite Media Sanitization service provides regularly-scheduled visits to sanitize loose media, enabling organizations like yours to return or dispose of drives with the assurance that sensitive data has been removed and cannot be retrieved
  • HP Data Sanitization for Servers extends these sanitization capabilities by offering onsite sanitization of drives attached to servers  


Keeping Cloud and BYOD under control
HP Technology Services also offers expert consulting to help optimize privacy in cloud implementations. These services can leverage the privacy knowledge that HP has in cloud services from our extensive involvement in the Cloud Security Alliance and our own experience in using cloud services internally and as HP commercial offerings. HP TS has also established basic ground rules to promote privacy with the use of BYOD. These involve restricting data on certain platforms, creating a company-specific BYOD policy and providing data storage in the cloud, rather than within individual devices. We can help organizations define and implement these ground rules in a way that allows them to make optimum use of BYOD, while also protecting the privacy of sensitive information.

A special focus on HIPAA
HIPAA/HITECH impacts HP customers who are Covered Entities under HIPAA. They, in turn, require HP to sign Business Associate Agreements (BAA). HP employees dealing with these Covered Entities must undergo mandatory training through the HP HIPAA Compliance Program. HP TS is fully aware of HIPAA requirements and can help you achieve compliance with a combination of proven products and approaches.  

Risky business
The complexity associated with maintaining compliance with HIPAA/HITECH and other privacy regulations has never been greater. Neither have the risks and potential costs associated with non-compliance. However, the expertise and tools available from organizations like HP Technology Services to achieve compliance have evolved to allow any organization to create an effective and tailored response to even the toughest privacy challenges.

- Mark Colaluca

Leave a Comment

We encourage you to share your comments on this post. Comments are moderated and will be reviewed
and posted as promptly as possible during regular business hours

To ensure your comment is published, be sure to follow the community guidelines.

Be sure to enter a unique name. You can't reuse a name that's already in use.
Be sure to enter a unique email address. You can't reuse an email address that's already in use.
Type the characters you see in the picture above.Type the words you hear.
Search
About the Author


Follow Us
The opinions expressed above are the personal opinions of the authors, not of HP. By using this site, you accept the Terms of Use and Rules of Participation