Transforming IT
Showing results for 
Search instead for 
Did you mean: 

Privacy please: the growing challenge of protecting private information


Mark Colaluca is the Vice President of the Global Support Delivery (GSD) Americas Organization, which includes the Brazil, Canada, Mexico, and MCA (Multi-Country Area), and the United States, within HP’s Technology Services (TS) business unit. The GSD Americas team delivers support services to HP customers, supporting warranty, break/fix, Proactive and Datacenter Care services, while maintaining high quality and Total Customer Experience (TCE) standards. Since joining HP in 1984, Mark has held numerous management and executive positions within customer support services and supply chain operations. Prior to HP, Mark served in the United States Air Force. Mark currently lives in Dallas, Texas.

Protecting the privacy of sensitive information used to be hard enough. Even though your organization installed the best IT security applications and conducted extensive training to create a high-security environment that protected it from external threats, all it took was for one employee to send one fax to a machine in a public or even semi-public area.  Suddenly, you were out of compliance with HIPAA/HITECH or one of the many other regulations that now deal with data privacy. If the violation was willful, your organization also faced civil and/or criminal penalties. The same could happen if someone carelessly disposed of any technology asset (printer, PC, laptop, etc.) with built-in memory that stored private information.  

Now, new approaches like the Cloud and Bring Your Own Device (BYOD) have made the dissemination of information even more difficult to control and compliance with privacy regulations even harder to achieve. So how do you respond?

There’s no app for that
Most security threats can be defused with the use of commercially-available security programs and occasional training, e.g., don’t open attachments in emails from unknown senders. Privacy requires a more holistic approach that addresses technology, processes and people. This is where HP Technology Services (TS) can help.  

TS knows how to help you best utilize the privacy-sustaining characteristics of HP products and has a portfolio of Data Privacy services designed to keep sensitive information private throughout the lifecycle of each technology asset. The portfolio includes defective media retention, data sanitization, and asset recovery services to assist businesses and government entities maintain an auditable chain of custody in the maintenance, reuse, and retirement of IT equipment. Recently, HP TS launched two services that can expand an organization’s ability to keep private information private.  

  • HP Onsite Media Sanitization service provides regularly-scheduled visits to sanitize loose media, enabling organizations like yours to return or dispose of drives with the assurance that sensitive data has been removed and cannot be retrieved
  • HP Data Sanitization for Servers extends these sanitization capabilities by offering onsite sanitization of drives attached to servers  

Keeping Cloud and BYOD under control
HP Technology Services also offers expert consulting to help optimize privacy in cloud implementations. These services can leverage the privacy knowledge that HP has in cloud services from our extensive involvement in the Cloud Security Alliance and our own experience in using cloud services internally and as HP commercial offerings. HP TS has also established basic ground rules to promote privacy with the use of BYOD. These involve restricting data on certain platforms, creating a company-specific BYOD policy and providing data storage in the cloud, rather than within individual devices. We can help organizations define and implement these ground rules in a way that allows them to make optimum use of BYOD, while also protecting the privacy of sensitive information.

A special focus on HIPAA
HIPAA/HITECH impacts HP customers who are Covered Entities under HIPAA. They, in turn, require HP to sign Business Associate Agreements (BAA). HP employees dealing with these Covered Entities must undergo mandatory training through the HP HIPAA Compliance Program. HP TS is fully aware of HIPAA requirements and can help you achieve compliance with a combination of proven products and approaches.  

Risky business
The complexity associated with maintaining compliance with HIPAA/HITECH and other privacy regulations has never been greater. Neither have the risks and potential costs associated with non-compliance. However, the expertise and tools available from organizations like HP Technology Services to achieve compliance have evolved to allow any organization to create an effective and tailored response to even the toughest privacy challenges.

- Mark Colaluca

0 Kudos
About the Author


28-30 November
Madrid, Spain
Discover 2017 Madrid
Join us for Hewlett Packard Enterprise Discover 2017 Madrid, taking place 28-30 November at the Feria de Madrid Convention Center
Read more
HPE at Worldwide IT Conferences and Events -  2017
Learn about IT conferences and events  where Hewlett Packard Enterprise has a presence
Read more
View all