Menu

Privacy

Earning trust through principled privacy operations and transparency.

purple slabs staked on top of each other on a blue background

NetApp’s privacy principles and shared values

At NetApp, privacy is more than a list of do’s and don’ts, or policies and processes. It’s integral to our culture. But culture varies significantly around the world—how do you know what NetApp’s corporate culture is really like? Our culture is best described in our underlying values of trust and integrity, as well as the principles on which we’ve built this culture. This includes NetApp’s Privacy Principles. 

What are privacy principles?

A principle is defined as “a comprehensive and fundamental law, doctrine, or assumption.” Privacy principles are therefore the underlying doctrine and rules that we follow in treating personal information. Privacy principles are not a concept unique to NetApp. In fact, the Organization for Economic Co-operation and Development (OECD) has been setting principle-based guidelines for the protection of privacy since the 1980s.

Privacy principles are also the baseline of the EU General Data Protection Regulation (GDPR). Other governmental and nongovernmental organizations have agreed on their own generally accepted privacy principles. Across member countries of the OECD, these principles are aligned to address the following areas:

  • Lawfulness
  • Purpose specification
  • Use limitation
  • Collection limitation and data minimization
  • Data quality
  • Security safeguards
  • Openness and transparency
  • Individual participation
  • Accountability 
NetApp's privacy principles

NetApp’s Privacy Principles are not new. These principles are based on our core values, set out in our Code of Conduct. For years, they’ve been stated in our internal documentation and training. NetApp has built these privacy principles on our core values and aligned them with principles set forth by the OECD and the GDPR. We also commit to these privacy principles in our Binding Corporate Rules.

Lawfulness

NetApp commits to processing personal information fairly and lawfully. NetApp only collects and uses personal information for legitimate business needs, as outlined in our Privacy Policy and our products and services contracts. Our Privacy Policy has been revamped to more clearly and openly provide information on what these legitimate business needs are, as well as how the various contexts of our business influence our practices for data collection, use, processing, storage, sharing, and transfer. It is supported by internal policies, processes, and playbooks that are designed to ensure ongoing compliance with these commitments as well as our obligations under applicable laws.

Purpose specification and use limitation

NetApp specifies the purpose for the collection and use of personal information in our contracts. Primarily, this is in the process of doing business with our customers and running our own operations. Because the purpose for which we collect and use data varies by context, we’ve updated the NetApp Privacy Policy to reflect the various contexts under which we collect and use data, and to specify the related purposes for collection and use.

Collection limitation and data minimization

NetApp implements policies, processes, and playbooks designed to ensure that the personal information collected is limited to that which is necessary to meet the specified purposes. This includes privacy-by-design reviews of data collection and use practices, records-retention and handling policies, global corporate training on the protection of personal information, and technical and organizational processes designed to restrict unauthorized processing of personal information.

Data quality

Personal information is kept accurate and up to date. NetApp maintains policies and systems designed to ensure that reasonable steps are taken to help ensure the accuracy and completeness of such personal information. We maintain self-service tools that our employees, customers, stakeholders and partners can use to correct data about themselves, as well as email and telephone support where self-service is not available.

Security safeguards

NetApp maintains technical, administrative, and organizational measures designed to prevent accidental destruction, loss, alteration, and unlawful processing of and unauthorized access to personal information. These include designing security measures that are appropriate for the nature of the personal information present in a system and the harm that could occur if the system were breached. These measures include a detailed incident response policy and procedure designed to promptly respond to and notify individuals of personal information data breaches. These processes may be included in our third-party compliance certifications.

Openness and transparency

The principle of openness is built on a desire to ensure that companies make information about their privacy policies and practices readily available. NetApp does this through our Privacy Policy and continuous research for ways to improve our communications and engagement, including building out additional resources such as the NetApp Trust Center and the information contained there.


Our commitment to openness goes beyond transparent publication of our business practices. It’s also rooted in our corporate values of trust and integrity. Candor, honesty, and respect for the individual are core to our values, as expressed in Our Code of Conduct. Openness in our treatment of personal information is one of the many ways in which we embody this value.

Individual participation

NetApp recognizes and respects individuals’ rights to participate in the decisions regarding how their data is used and processed. Our commitment to individual participation is demonstrated in our self-service centers where individuals can correct their data, and through our multiple means of contact where individuals can exercise their rights. It is also demonstrated in our privacy–by-design principles to help ensure that individual requests can be appropriately responded to in a timely manner and in the value we place on adaptability—our ability to evolve as global laws develop on the subject of individual participation rights.

Accountability

All these principles will collapse without accountability for compliance. NetApp demonstrates our commitment to be accountable for our protection of personal information through Our Code of Conduct and global team of privacy specialists. Every employee at NetApp is trained and held accountable to their management—all the way up to the CEO and Board of Directors—for their role in protecting the personal information we control or process. We provide training and resources for our employees through our network of specialists, including our Data Protection Officer in Europe and our Chief Privacy Officer, who is responsible to our General Counsel and Board of Directors.

Why are these principles important?

Global data privacy laws are in a constant state of flux. Every few months, another state or country introduces new legislation or amends legislation designed to protect the personal information of its citizens or residents. Treating these as individual checkboxes for legal compliance could become an infinite list of tasks paralyzing teams trying to innovate privacy solutions at scale. Fortunately, the vast majority (to date) of these laws have shared a foundation of common principles. By focusing first on principles, NetApp has designed a privacy program that is designed to scale to meet the evolving global legal environment.

blue geometric shapes stacked on top of each other on yellow background