HP Mess: Set a Thief to Catch a Thief?
By Press
Nothing is more galling to a company's executives than a breach of a fiduciary duty (real or perceived). Well, the one thing more galling may be knowing that a fiduciary duty is being breached, but not knowing who's doing the breaching.
That was the situation Hewlett-Packard found itself in 2005 when inside company news was leaking like a sieve from the company's Board of Directors. The solution: hire a private invesitigative firm to find the leaker. Here's where it gets dicey, though. According to Red Herring (based on earlier reporting from the Wall Street Journal), the investigators used some tactics that may have crossed the line.
Specifically, the investigators used "pre-texting" (known in non-legal circles as "lying about your identity") in order to obtain directors' phone records. Now, the California Attorney General and the SEC are breathing down HP's neck about the manner in which the investigation was conducted.
Red Herring reports quotes Chris Hoofnagle, a staff attorney with the Samuelson Technology Law and Public Policy Clinic at UC Berkeley's Boalt Hall law school, who opines that the legal status of the snooping would hinge on what - if any - consent HP had obtained from its directors prior to the investigation, and whether HP knew that its investigators intended to obtain phone records.
"There are civil and criminal penalties for pre-texting phone records, both state hacking laws and the federal Computer Fraud and Abuse Act," Mr. Hoofnagle said. "The directors could sue the investigator and HP for invasion of privacy, for theft, and for violation of the Computer Fraud and Abuse Act."
HP has somehow managed to multiply its problems.
The lessons for other companies out there: make sure the fix isn't worse than the breach itself and be careful to hire investigators who won't cross the line.
That was the situation Hewlett-Packard found itself in 2005 when inside company news was leaking like a sieve from the company's Board of Directors. The solution: hire a private invesitigative firm to find the leaker. Here's where it gets dicey, though. According to Red Herring (based on earlier reporting from the Wall Street Journal), the investigators used some tactics that may have crossed the line.
Specifically, the investigators used "pre-texting" (known in non-legal circles as "lying about your identity") in order to obtain directors' phone records. Now, the California Attorney General and the SEC are breathing down HP's neck about the manner in which the investigation was conducted.
Red Herring reports quotes Chris Hoofnagle, a staff attorney with the Samuelson Technology Law and Public Policy Clinic at UC Berkeley's Boalt Hall law school, who opines that the legal status of the snooping would hinge on what - if any - consent HP had obtained from its directors prior to the investigation, and whether HP knew that its investigators intended to obtain phone records.
"There are civil and criminal penalties for pre-texting phone records, both state hacking laws and the federal Computer Fraud and Abuse Act," Mr. Hoofnagle said. "The directors could sue the investigator and HP for invasion of privacy, for theft, and for violation of the Computer Fraud and Abuse Act."
HP has somehow managed to multiply its problems.
The lessons for other companies out there: make sure the fix isn't worse than the breach itself and be careful to hire investigators who won't cross the line.
<< Home