Monday, November 30, 2009

No cell phone needed for “pretexting,” only someone’s persona

If I were to ask most people what “pretexting” is, many would probably answer, “What someone does before actually sending out a text.” In today’s text-happy world, that sounds about right, but it is not correct. In fact, pretexting is a much more sinister issue, and it is against the law. According to, pretexting is a data-mining scam where:

… someone assumes the guise of another person in order to establish trust and extract privatized information from an unsuspecting target, typically over the phone or through online interaction. Barring sanctioned police investigations, pretexting is illegal. Pretexting is a kind of "social engineering" that is a subset of fraud.

So why should an employee or employer have that much interest in pretexting? Well, if you are an ex-employee like Kathy Lawlor, the law regarding pretexting meant the difference between a legal investigation after she left her employer, and one that ended in a judgment against her former employer, North American Corp., for invasion of her privacy.

According to a recent story in the Chicago Tribune, Ms. Lawlor was a highly regarded sales person with North American Corp. After refusing to sign a document that would cut her commissions, she quit. Soon after, she received a letter from her former employer requiring her to pay more than $20,000 in overpayment commissions. Having a belief that it was the company that owed her money, and not the other way around, she then filed suit seeking thousands in commissions and to have her noncompete agreement lifted.

Seems practical enough, right? I mean, these types of employer/employee problems arise all the time, and so if the story stopped there, certainly there would be little to write about. However, it was the actions of the employer, after she had left its employment, that created the major issue in this case, and it was these actions that put the term “pretexting” at the forefront of her complaint.

After she left her employment, Ms. Lawlor noticed a car sitting outside her home, and only later did she discover that this was an investigator hired by her former employer. North American claimed it hired the investigator because it believed Ms. Lawlor was competing with them. Ms. Lawlor then added an invasion of privacy claim to her complaint. Through the discovery process, it was unearthed that her former employer had provided the investigator with her personal information, and the investigator, by claiming to be Ms. Lawlor, used this personal information to obtain her phone records.

This kind of cloak-and-dagger routine used by the investigator sounds less like reality and more like something out of a spy novel. Yet, to an Illinois jury, this use of “pretexting” by the employer to obtain her telephone records without her authorization was an impermissible invasion of her privacy, and it ordered her former employer to pay $1.8 million in damages.

Even with the facts of this case in mind, the question really is: Should this type of action even be against the law? Employees and former employees would resoundingly answer with a “yes,” but what about employers? Certainly no one would argue that an employer trying to obtain phone records simply for harassment purposes would be wrong, but in this instance, the employer claimed it thought the former employee was violating her noncompete agreement, and that she was disclosing business secrets to competitors.

North American argued that while it never knew what techniques were being used by the investigator to obtain the phone records, this information was pertinent to its investigation. Doesn’t an employer have the right to seek out such information in order to stop former employees from violating noncompete agreements and disclosing business secrets? If so, wouldn’t a thorough review of phone records either provide proof that such duplicitous acts were occurring, or dispel that they had occurred?

But it was not the reasons why North American wanted the records that seemed so invasive, rather, it was the methods used that tend to lend credence to the jury’s award. The fact is, because the investigators pretended to be Ms. Lawlor in order to obtain her phone records, it can certainly be argued that they crossed the line separating appropriate investigative tactics and fraudulent methods. And in doing so, every bit of information obtained could be deemed tainted, and so her former employer, who had every right to investigate Ms. Lawlor, probably had the responsibility to know how these phone records were obtained.

The simple fact is, employers have every right to protect their property, be it physical or intellectual, but employees and former employees have a right to more than simply a modicum of privacy. The use of pretexting in the aforementioned case is an example of investigative procedures that could be deemed to have “run amuck,” no matter what the cost might be to an employer. The jury’s $1.8 million verdict seems, to me, to be a cautionary tale that tells employers that they can investigate former and current employees, but fraudulent activity, like pretexting, cannot be explained away by simply making a claim that it was done without their knowledge. However, with North American appealing the jury verdict, there may be more on this case in the future.

1 comment:

  1. Post-trial remarks from the jury foreman in this trail: