Privacy issues set a challenging pace
- 17 September, 2003 08:00
While the world's biggest IT merger, the HP and Compaq, attracted plenty of media attention there were no headlines about the mundane, behind-the-scenes work of the mammoth task of transferring customer data.
Hewlett-Packard's chief privacy officer Barbara Lawler was given the job of housing customer data under one jurisdiction in a $6.5 million project that had a tight six-month timeframe.
Known as the Data Transfer Notification project, Lawler said the data had to be transferred "lawfully" and to ensure information met privacy and security requirements.
She said the challenge was identifying customer databases and maintaining data quality during a major transition process.
More than five million Compaq customers were contacted worldwide in less than six months.
Miraculously, Lawler said, the project was completed in less than six months and well under budget with only $450,000 spent.
She said IT managers should be actively involved in the implementation of the organisation's privacy policies and would be "concerned" to find a company where the IT manager was not playing a leading role.
Speaking at the 25th International Conference of Data Protection and Privacy Commissioners in Sydney last week, Lawler said embedding a culture of privacy within an organisation is an attitude that can enhance the value of a company's brand, but admitted that a privacy challenge for all organisations "is keeping pace with overlapping and conflicting global, regional or local data protection requirements". Lawler said organisations should take into account the business drivers for promoting privacy, which includes minimising the risk of compliance breach or regulatory investigations and costs.
"Completing HP-Compaq merger activities plus responding to new corporate governance and data protection regulations creates an increasingly complex environment in which to manage privacy," Lawler said.
Despite maintaining an estimated 65 million customer records, HP receives "virtually no" requests for personal data information but each month the company receives about 250 requests to opt-out of e-mail marketing services which are handled within 48 hours.