At PC World, we're product people; corporate intrigue is not normally our beat. So even though HP is unquestionably one of the most important companies in the small-w PC world, I haven't blogged until now about the bizarre, fascinating melodrama that's unfolding at that company. (If you haven't heard, a subcontractor in HP's investigation of boardroom leaks got access to the phone records of company board members and reporters by posing as the people involved, using a technique known as "pretexting.")
This is far from the first privacy breach involving a major technology company--just ask AOL--but it may be the weirdest. The data involved wasn't stuff that HP already had, and the people whose privacy was violated were not customers but HP's own board members and reporters at CNET NEWS.com, the Wall Street Journal, BusinessWeek, and (Today, CBS News is reporting that the phone records of the father of Stephen Shankland, one of the CNET reporters, were also involved. Essentially, private gumshoes working on behalf of HP were engaged in a form of identity theft against a handful of people.
So should anyone who's not a member of the HP board, a reporter on the HP board, or the relative of such a reporter pay attention to this story? I think so, and here's why: In this digital age, doing business with a company means, almost by definition, that you're entrusting it with sensitive personal information. Evidence that a company takes privacy seriously is a strong argument for becoming its customer; signs that it doesn't are reason to proceed with caution.
This is anything but a brilliant insight on my part--actually, the sizable privacy section in HP's own "Global Citizenship Report" makes the point itself. And to be fair to HP, there's every indication that the pretexting scandal is an unfortunate, inexplicable aberration at a company that's committed to being a leader when it comes to privacy issues. (Hewlett-Packard has won a number of privacy-related awards, including one in 2005 from our sister publication, Computerworld.)
In the wake of this privacy fiasco, the most reassuring thing for HP customers--or at least this HP customer--would be if the company admitted it screwed up badly--no excuses--and that what happened was a basic violation of the trust that a very large number of HP employees have worked very hard to earn over a very long time.
So far, the actions and comments of HP Chairman Patricia Dunn, who sits at the center of the scandal, haven't exactly suggested that she gets this. First of all, when HP board member Tom Perkins resigned in disgust over the investigation in May, the reason for his actions remained secret; it's unclear when Dunn learned that the pretexting happened as part of the investigation, but the most charitable explanation for HP not disclosing the pretexting as soon as Dunn knew about it would be to assume she didn't realize it was a big, big deal.
Dunn has said she didn't know what was going on. (How did she think the investigators had gotten ahold of other people's phone records?) She's called the pretexting "absolutely appalling" and "embarrassing". (I'll say.) She's said "there were things not done particularly well..." and that there "it looks like there was sloppy work along the way". (Yep.) And she's said she's going to apologize to the reporters whose identities were stolen by HP's investigators. (You think?)
What she hasn't seem to have done is to take responsibility for the privacy violations committed as part of her leak investigation--in fact, she told the New York Times that the current controversy is a "brouhaha" for which board member Perkins is to blame. And an HP filing with the SEC said that the company was under the belief that pretexting "was not generally unlawful," as if that meant that it was acceptable to pose as someone else to gain access to their personal data. (California's Attorney General seems to have a slight disagreement with the notion that no laws were broken.)
Whether Patricia Dunn survives all this is yet to be seen--HP's board is apparently holding an emergency phone conference this weekend to review the situation. I'm not here to angrily demand her ouster; like I said, I'm a product guy.
But whether she stays or goes, an humble apology from the company to the millions of people who entrust it to be a scrupulous steward of their data is in order...and would help reaffirm that HP's longstanding policies rather than Dunn's recent maneuvers reflect its real attitude on privacy.