The U.S. Congress has wrapped up its work for the year by passing a bill that would make it illegal to obtain a person’s phone records without permission.
The Senate late Friday passed the Consumer Telephone Records Protection Act of 2006 , spurred in part by revelations in September that Hewlett-Packard (HP) investigators had used deceptive means to gain access to phone records of reporters and company board members.
The bill, sponsored by Representative Lamar Smith, a Texas Republican, would make illegal the act of pretexting — tricking phone companies into giving up private records by pretending to be a customer. The bill, which passed by voice vote in the Senate, allows prison sentences of up to 10 years and fines of up to $500,000 for deceiving phone companies into handing over records such as phone logs.
As Jon Doak, the new Chief Ethics and Compliance Officer continues in his new role at HP it should be interesting to see how the criminal case proceeds. Corporate monitoring of it's employees and suppliers will get new oversight and the IT organization will soon be storing all e-mail meta data if it isn't already. Organizations like HP have a duty to protect their intellectual assets and trade secrets. Exactly how you implement those policies, tools and strategies calls for an effective risk assurance program that includes far more than just new awareness training.
The Private Investigation industry and Online Data Brokers who have collaborated in the past will be scrutinizing any upcoming enforcement actions to determine if the bill actually has any "teeth". Can you hear the US Attorney on the phone right now? "Set up a task force"...