With memories of ousted Hewlett-Packard CEO Carly Fiorina still fresh in the minds of many, news comes that the company’s chairman, Patricia Dunn, has agreed to step down.
Dunn plans to give up her post on Jan. 18, 2007, but she will remain an HP board member. HP President and CEO Mark Hurd will fill her post in addition to retaining his other positions with the firm.
Dunn, who climbed the corporate ladder from secretary to CEO at Barclays Global Investors after abandoning a career in journalism, appears to be another casualty of fallout resulting from a pretexting scandal that stirred up the company’s board of directors.
“Dunn’s resignation is both too little and too late,” attorney Richard Cellini, vice president at Integrity Interactive, told the E-Commerce Times. “The only major action a company can take to protect itself is to have a compliance risk management program in place long before a problem like this happens.”
Source of Leaks
Dunn authorized HP’s reported surveillance of board members that led to the company’s decision not to renominate George A. Keyworth II to his seat on the board. HP said it discovered that he leaked confidential information that had appeared in the media.
No details were given on the substance of the leaks, but the company said the problems began even before the ouster of longtime CEO Fiorina, suggesting they may stretch back as far as HP’s controversial merger with Compaq.
The HP scandal underscores the fact that there is a revolution in corporate governance taking place, with boards struggling to understand how compliance impacts their role, according to Cellini. Boards, CEOs and corporate counsels are responsible for the compliance and ethics of all their employees.
“These storms no longer blowing up out of nowhere,” Cellini noted. “You can’t anticipate the precise form it will take, but you can anticipate from the types of risks out there, therefore, you should be implementing compliance risk management programs to mitigate those 10 risk areas.”
Risk areas include consumer protection, government investigations and controls, privacy, record keeping and reporting, health and safety and financial integrity, among others, according to Cellini.
Scandal in Progress
A privacy issue — HP’s use of a technique called pretexting to obtain the phone records of board members — led to the trouble. Pretexting involves a third party posing as a telephone customer to obtain phone call records. While not illegal, the practice has come under fire from privacy experts. Earlier this year, the state of California sued Web-based firms that resold phone records obtained through pretexting.
After an internal inquiry revealed that Keyworth was the source of the leaked information, a second director, famed Silicon Valley venture capitalist Thomas J. Perkins, turned in his resignation. Perkins was displeased with the way HP investigated the leaks. He then took his complaints to the state attorney general of California.
HP said it had what it termed an “informal inquiry” from California Attorney General Bill Lockyer’s office and was cooperating with the agency. It also said its own board was working on new guidelines for internal investigations to ensure they “comply with applicable laws and HP’s code of ethics.”
The SEC is also looking into whether HP fully disclosed what it knew about Perkins’ departure, with staff at the regulator questioning why HP did not notify the SEC that Perkins left the board because of an internal dispute.
The problem with Patricia Dunn’s handing of the HP leaks is two fold. The authorization of data gathering by pretexting shows a flagrant lack for privacy for not just the reporters, but also for fellow HP board members — and now she’s backtracking saying that she didn’t fully understand the techniques used.
The obtaining of phone records also led to gathering email addresses which were inevitably scoured for leak information as well.
All this innuendo has caused HP CEO Mark Hurd to put a firm line in the ground about the company’s ethics which Dunn disregarded http://www.iwantmyess.com/?p=100
I do not believe that Dunn’s actions were necessary. What she did was nothing short of what a scammer would do in an attempt to obtain personal data. Sure she didn’t use it to commit Identity fraud but she abused her power in unethical ways.
Compliance definitely needs to become part of the vernacular of all employees, both at the top and bottom; especially when it comes to security compliance. This just goes to show that internal security threats exist just as much as external and the need for security protection is higher than ever. I just hope that other people don’t choose to do what Dunn did and instead take action to solve the first priority, plugging up the security holes…