HP Launches Data Privacy Services to Help With Security Compliance

 
 
By Sean Michael Kerner  |  Posted 2013-09-09
 
 
 
security regulation

Meeting government compliance regulations is often a complex task—one that Hewlett-Packard wants to help enterprises achieve. That's where HP's Data Privacy Services come into play as a new suite of services that are intended to help enable enterprises meet some of the complex demands of the modern regulatory environment.

The new offering is intended to be a comprehensive portfolio for data privacy.

"What we're seeing is demand for this type of service from customers, driven by compliance and liability concerns about leakage of data," Lou Berger, vice president, Services Enablement and Readiness, Storage, at HP, told eWEEK.

HP built some of the initial data-privacy-related services to support United States’ Health Insurance Portability and Accountability Act (HIPAA), which has data privacy requirements. That offering has broader global applicability now as other jurisdictions around the world enact data-privacy rules, for example, the United Kingdom, which has its own set of data-privacy regulations.

Among the components that are part of the Data Privacy Services, are the HP Defective Media Retention (DMR) and the HP Comprehensive Defective Material Retention (CDMR) services. Berger explained that the DMR service is about data retention from failing spinning disk drives, while the CDMR includes system boards, memory and networking equipment that holds persistent data.

Another key component is the HP Data Sanitization Service, which will clean an enterprise's storage prior to that storage device being moved or hitting its end-of-life phase. Berger noted that HP has had versions of the data sanitization service available in the past. The new offering is now a globally standardized offering that can be done on both storage arrays and servers.

"When we finish the data erasure, we provide certification to the customer so they have an audit trail for their own legal requirements," Berger said.

When the data storage device is no longer needed, HP can also break down the device after the data has been sanitized. In cases where the enterprise no longer needs or wants the storage device, after HP sanitizes the device, it can be resold by HP with the value being returned to the customer.

Audit

While HP's Data Privacy Services are intended to help organizations meet compliance requirements, they do not currently include a full compliance audit. That said, HP does have an advisory service that helps organizations figure out what their compliance requirements are and how to meet them.

"Today, we're not acting as an auditor, we're acting as a trusted advisor, that will make recommendations and explain requirements," Berger said. "The actual audit will come from another agency, or it could be an internal function at the customer."

HP's Data Privacy Services also do not come with any specific legal guarantees. Berger explained that HP can provide a statement of work about what they will do, but that statement does not include any liability protection. Different regulatory efforts can often include a security vulnerability audit as part of compliance, as well. HP's Data Privacy Services are specifically about physical data devices. Berger noted that HP does have other elements in its portfolio that can deliver security vulnerability audits.

Sean Michael Kerner is a senior editor at eWEEK and InternetNews.com. Follow him on Twitter @TechJournalist.

Rocket Fuel