HP Chairman Patricia Dunn will continue as a director, but will relinquish her role as chair in January. The media probe is now being examined by as many as six regulatory and law enforcement groups.
Hewlett-Packard's Board Chairman Patricia Dunn will remain a director but step down from her post as chair in January. At that point, HP Chief Executive Officer and President Mark Hurd will take over as chairman.
HP's board of directors announced the shuffle Tuesday morning after meeting two days in a row to discuss methods used in a media leak probe conducted at Dunn's request. The media probe is now being examined by as many as six regulatory and law enforcement groups.
Tuesday's announcement appeared to be a compromise, allowing Dunn to remain with the company while removing her from the direct glare of harsh media and regulatory attention.
Third-party investigators used a shady technique known as "pretexting" and pretended to be board members, journalists, and possibly journalists' family members to obtain records of calls made to and from the personal phones of journalists and board members.
Dunn continued to defend HP's media probe as necessary "to resolve the persistent disclosure of confidential information from within its ranks."
"These leaks had the potential to affect not only the stock price of HP but also that of other publicly traded companies," Dunn said through a prepared statement. "Unfortunately, the investigation, which was conducted with third parties, included certain inappropriate techniques. These went beyond what we understood them to be, and I apologize that they were employed."
Dunn said that she was proud of the progress she has made in her 18 months as chair.
"I look forward to completing the transition that is underway, including expanding the board, continuing to improve our corporate governance standards and bringing the current issues to resolution," she said.
Dunn, who has taken most of the heat for the probe, has claimed that she worked with lawyers and HP's security chief and a third-party firm ultimately conducted the probe. She said the probe was necessary because George Keyworth violated the company's business practice standards by leaking news to the media.
Dunn claimed she was unaware of the methods and people behind the investigation because she was a potential target. She apologized directly to reporters and said that she did not initiate nor conduct the investigations, but the SEC filing states that she and an "internal group" initiated the investigations.
Hurd, who will retain his existing positions after taking over as chair, said he would take action to ensure that inappropriate investigative techniques are not used again.
"They have no place at HP," he said. "HP holds itself to the highest standards of business conduct and we are accountable to these standards for everything that we do. The company will work to put these matters behind us so that we fully resume our focus on the business and continue to earn the trust and support of our customers, employees and stockholders."
The company still has not answered questions about whether anyone else, aside from its own board members and nine journalists, was targeted in the probe. It also has not identified investigators or explained exactly when directors became aware of the methods.
The board also must contend with several regulatory and law enforcement investigations. A congressional committee, the U.S. Department of Justice, the California Attorney General, the Securities and Exchange Commission (SEC) and the Federal Communications Commission are seeking more information.
California authorities say it is illegal in their state, where HP is based, to misrepresent oneself in order to obtain someone else's personal records. Federal laws also prohibit the practice, but it is unclear whether the federal laws apply if the perpetrator does not gain financially by pretending to be someone else. The laws have been applied to more common forms of pretexting, in which companies sell the information, often to suspicious or estranged spouses.
In the past, the second largest personal computer maker has received high praise for corporate leadership on privacy issues. The global company states on its Web site that its privacy policies adhere to the strictest local laws.
In June, Scott Taylor, chief privacy officer for HP, told a U.S. House of Representatives committee that consumers must have faith in product quality and the integrity of their experience.
"They must trust that we will do right by them, particularly when it comes to protecting the privacy and security of their personal information," he said. "It is for this reason that HP operates one of the most rigorous global privacy policies of any major U.S. company."
Taylor explained why privacy is important.
"First, because it's the right thing to do," he said. "We have an obligation to fulfill the trust that HP employees have given us in handling their information. Second, because successful customer relationships are fundamentally about trust."
How Enterprises Are Attacking the IT Security EnterpriseTo learn more about what organizations are doing to tackle attacks and threats we surveyed a group of 300 IT and infosec professionals to find out what their biggest IT security challenges are and what they're doing to defend against today's threats. Download the report to see what they're saying.
Infographic: The State of DevOps in 2017Is DevOps helping organizations reduce costs and time-to-market for software releases? What's getting in the way of DevOps adoption? Find out in this InformationWeek and Interop ITX infographic on the state of DevOps in 2017.
Digital Transformation Myths & TruthsTransformation is on every IT organization's to-do list, but effectively transforming IT means a major shift in technology as well as business models and culture. In this IT Trend Report, we examine some of the misconceptions of digital transformation and look at steps you can take to succeed technically and culturally.