California Attorney General Bill Lockyer today announced Hewlett-Packard (HP) will finance a new law enforcement fund to fight violations of privacy and intellectual property rights, and reform its own practices, under a $14.5 million settlement that resolves allegations the firm used false pretenses -- or pretexting -- to unlawfully access phone records during its probe of boardroom leaks to the media.
"The Hewlett-Packard incident has helped shine a national spotlight on a major privacy protection problem," said Lockyer. "With its governance reforms, this settlement should help guide companies across the country as they seek to protect confidential business information without violating corporate ethics or privacy rights."
"The new fund will help ensure that when businesses cross the legal line they will be held accountable," Lockyer said. "Fortunately, Hewlett-Packard is not Enron. I commend the firm for cooperating instead of stonewalling, for taking instead of shirking responsibility, and for working with my office to expeditiously craft a creative resolution."
The settlement requires HP to pay $13.5 million to create in the Attorney Generals Office a new "Privacy and Piracy Fund" for law enforcement activities related to privacy and intellectual property rights. Additionally, HP will pay $650,000 in civil penalties and $350,000 to cover the Attorney Generals investigation and other costs.
The settlements corporate governance reforms aim to strengthen in-house monitoring and oversight to ensure compliance with legal and ethical standards, and protection of privacy rights, during any investigations launched by HP or outside firms hired by HP. The "injunctive relief" provisions that impose the reforms will last five years.
The Santa Clara County Superior Court approved the settlement, which Lockyer filed today along with the complaint it resolves.
The Privacy and Piracy Fund will be used by the attorney general and local prosecutors to investigate and prosecute violations of privacy and intellectual property rights. Each year, up to $1 million will be allocated from the fund $500,000 to the Attorney General and up to $500,000 to local prosecutors.
Any money that remains unallocated in any year will be carried over to the next year. Local prosecution agencies which receive an allocation and recover money in a case must reimburse the Privacy and Piracy Fund for the allocation.
Among the major governance reforms:
• A new independent director will serve as the boards watchdog on compliance with ethical and legal requirements. The director will have specific responsibilities in carrying out that oversight function, and report violations to the Board, other responsible HP officials and the Attorney General.
• HPs chief ethics and compliance officer (CECO) will have expanded oversight and reporting duties. Formerly the chief ethics officer, the CECO will review HPs investigation practices and make recommendations to the Board on how to improve the practices by July 31, 2007. The CECO, who previously reported just to the general counsel, now also will report to the Boards Audit Committee. Additionally, the CECO will have authority to retain independent legal advisors.
• HP will expand the duties and responsibilities of its chief privacy officer to include review of the firms investigation protocols to ensure they protect privacy and comply with ethical requirements.
• HP will establish a new Compliance Council, headed by the CECO and also comprised of the chief privacy officer, deputy general counsel for compliance, head of internal audit, and ethics and compliance liaisons. The Council will develop and maintain policies and procedures governing HPs ethics and compliance program, and provide periodic reports to the CEO, Audit Committee and Board.
• HP will beef up the ethics and conflict-of-interest components of its training program. The training redesign will be directed and monitored by the CECO, Compliance Council, independent director and chief privacy officer. HP also will create a separate code of conduct, for use by outside investigators, that addresses privacy and business ethics issues.
