Contents Sustainable Impact Footprint Integrity and human rights Supply chain responsibility Operations Products and solutions Appendix Privacy HP recognizes the fundamental importance meet the requirements of changing regulations that provide additional topic- and role-based cybersecurity, legal, and communications— of privacy, security, and data protection to our and evolving circumstances. This includes training opportunities. manages and communicates about the breach, employees, customers, and partners worldwide. implementing enhanced internal policies and including any commercial or legal obligations to This is a critical pillar of brand trust and procedures to address our obligations as a Throughout the year, several regulatory changes notify customers. increasingly a source of competitive advantage data controller and processor, and to ensure influenced adjustments to our privacy program, in an era of accelerated innovation, global data that data subject rights are respected. including requirements from the United States In 2021, we saw a notable increase of data rights proliferation, and fast-changing regulatory and China that increased emphasis on consent requests to HP. We believe this was caused by frameworks. We build privacy, security, and data • Our privacy accountability and compliance and individual data rights. In addition, as we greater user awareness and empowerment in protection into the design and development of our framework outlines our procedures and continue our digital transformation journey, exercising rights as provided by law. See data. products, services, and operations. We strive to organizational controls for assessing and personal data governance is more critical to provide protections that exceed legal minimums managing risks associated with collecting our business. To address these business and across all our operations, and to deploy and handling personal data. It’s based on regulatory changes, we have launched a plan to Global standards and consistent, rigorous policies and procedures to requirements for accountability as defined by further enhance our privacy capabilities in data international data transfers give our customers, employees, and partners global laws and regulations. environments and user experiences. We are also confidence when sharing information with us and • Our Data Protection Officer, together with HP’s shifting our third-party privacy risk assessments The secure movement of data is essential to our using our products and services. Privacy and Data Protection team, provides approach from a questionnaire-based process to business. As legislation continues to evolve, our oversight and leadership for compliance, one based on evidence, through recognized and privacy and government relations teams work See our Privacy website for additional information. working closely with appointed privacy leads in independent privacy certifications. To simplify with governments worldwide to develop robust business teams throughout the company. the demonstration of privacy capabilities across and globally interoperable privacy and data • HP’s Health Insurance Portability and global supply chains, we are embarking on this transfer frameworks. Learn more. Approach Accountability Act (HIPAA) Compliance shift together with other companies. Office oversees compliance with HIPAA laws HP relies on lawful mechanisms for data transfer Our rigorous policies and standards are designed where they are triggered by our commercial to drive accountability across the organization. to keep personal data safe and respect privacy: services engagements. Privacy complaints, HP is recognized by EU data protection authorities • Our Privacy Statement describes our privacy breaches, and requests for our Binding Corporate Rules (BCRs), reflecting practices, as well as the choices users can In 2021, all HP employees were required to our high standards of data protection policies make and the rights they can exercise related complete our privacy principles training, and HP complies with worldwide privacy and data and procedures and enabling global data transfer to personal data. 97% of employees completed the course during breach notification laws and regulations, tracks within our company. the six-week campaign. The training is intended the number of substantiated complaints from HP complies with the Asia-Pacific Economic • We maintain internal policies and standards to reinforce HP’s privacy and data protection third parties and personal data requests made that align with international data protection and principles, and to ensure that employees to HP by individuals, and maintains an internal Cooperation’s Cross-Border Privacy Rules. privacy principles worldwide. These policies understand how to respect and protect incident-reporting process. Once a potential Due to recent court rulings in Europe on the and standards cover the data life cycle and employee and customer privacy. During the breach of personal data is identified, a core Schrems II case that invalidated the EU-U.S. continually strengthen privacy protections to year, we also offered access to online courses team—including representatives from privacy, Privacy Shield data transfer mechanism, HP no 25 2021 HP Sustainable Impact Report www.hp.com/sustainableimpact