HP Data Privacy Services Help Meet Compliance Requirements

Meeting government data privacy regulations is often a complex task. That’s where HP’s Data Privacy Services come into play as a new suite of services that are intended to help enable enterprises meet some of the complex demands of the modern regulatory environment.

The new offering is intended to be a comprehensive portfolio for data privacy.

Data leak concerns

“What we’re seeing is demand for this type of service from customers, driven by compliance and liability concerns about leakage of data,” Lou Berger, vice president, Services Enablement and Readiness, Storage, at HP, told eWEEK.

HP built some of the initial data-privacy-related services to support United States’ Health Insurance Portability and Accountability Act (HIPAA), which has data privacy requirements. That offering has broader global applicability now as other jurisdictions around the world enact data-privacy rules, for example, the United Kingdom, which has its own set of data-privacy regulations.

Among the components that are part of the Data Privacy Services, are the HP Defective Media Retention (DMR) and the HP Comprehensive Defective Material Retention (CDMR) services. Berger explained that the DMR service is about data retention from failing spinning disk drives, while the CDMR includes system boards, memory and networking equipment that holds persistent data.

Another key component is the HP Data Sanitisation Service, which will clean an enterprise’s storage prior to that storage device being moved or hitting its end-of-life phase. Berger noted that HP has had versions of the data sanitisation service available in the past. The new offering is now a globally standardised offering that can be done on both storage arrays and servers.

“When we finish the data erasure, we provide certification to the customer so they have an audit trail for their own legal requirements,” Berger said.

Storage disposal

When the data storage device is no longer needed, HP can also break down the device after the data has been sanitised. In cases where the enterprise no longer needs or wants the storage device, after HP sanitises the device, it can be resold by HP with the value being returned to the customer.

While HP’s Data Privacy Services are intended to help organisations meet compliance requirements, they do not currently include a full compliance audit. That said, HP does have an advisory service that helps organisations figure out what their compliance requirements are and how to meet them.

“Today, we’re not acting as an auditor, we’re acting as a trusted advisor, that will make recommendations and explain requirements,” Berger said. “The actual audit will come from another agency, or it could be an internal function at the customer.”

HP’s Data Privacy Services also do not come with any specific legal guarantees. Berger explained that HP can provide a statement of work about what they will do, but that statement does not include any liability protection. Different regulatory efforts can often include a security vulnerability audit as part of compliance, as well. HP’s Data Privacy Services are specifically about physical data devices. Berger noted that HP does have other elements in its portfolio that can deliver security vulnerability audits.

Do you know all about HP, the IT firm from the garage? Take our quiz!

Originally published on eWeek.