HP Settles Civil Spying Lawsuit

Hewlett-Packard (HP) has agreed to a US$14.5 million settlement in the California civil lawsuit related to the company’s spying scandal.

Under terms of the settlement with the California attorney general, HP will pay $13.5 million to create a “Privacy and Piracy Fund” for law enforcement activities related to privacy and intellectual property rights operated in the state attorney general’s office.

The company will also pay $650,000 in civil penalties and $350,000 to cover expenses of the investigation, California Attorney General Bill Lockyer announced Thursday afternoon.

HP executives and private investigators retained by the company still face criminal charges in the scandal, which involves the alleged use of “pretexting,” or pretending to be someone to obtain that individual’s personal phone records.

In an announcement made at the same time as Lockyer’s, HP detailed a number of internal reforms it is making to its business and investigative practices.

The attorney general and local prosecutors throughout California will use the Privacy and Piracy Fund to investigate and prosecute violations of privacy and intellectual property rights. Each year, as much as $1 million will be allocated from the fund—$500,000 to the attorney general’s office and as much as $500,000 to local prosecutors.

“This settlement should help guide companies across the country as they seek to protect confidential business information without violating corporate ethics or privacy rights. And the new fund will help ensure that when businesses cross the legal line, they will be held accountable,” Lockyer said in a prepared statement.

The civil suit made the same allegations that the state made in its criminal filing in October against former HP Chairwoman Patricia Dunn, former HP legal counsel Kevin Hunsaker and three private detectives HP hired to trace the source of boardroom leaks. The charges include using false or fraudulent pretenses to obtain confidential information from a public utility, wrongful use of computer data, identity theft and conspiracy.

Since the scandal broke in early September, HP Chief Executive Officer Mark Hurd, who succeeded Dunn as chairman, has pledged HP will clean up its act. The company said Thursday it will appoint newly named board member G. Kennedy Thompson, an independent director, to review and report to the board on compliance with legal and ethical requirements related to company investigations.

HP already met two other conditions in the agreement when it named Jon Doak as the company’s new chief ethics and compliance officer and appointed former federal prosecutor Bart Schwartz as a “qualified authority” to review HP’s investigative practices and suggest changes where needed.

HP has also pledged to revise its employee training to better emphasize ethics and to make sure that ethics codes at the vendors that HP does business with also specify ethical behavior regarding investigations.

Settlement of this case should have no impact on the criminal case, said Bill Keane, a white-collar criminal defense attorney at Farella Braun & Martel in San Francisco. If HP is doing good by donating to this privacy fund, don’t expect the court to go easy on the defendants.

“Law enforcement has always viewed corporate liability and individual conduct as separate and distinct issues,” said Keane.By Robert Mullins, IDG News Service (San Francisco Bureau)Keep checking in at our Security Feed for updated news coverage.