As reported by Ameet Sachdev, of the Chicago Tribune, a jury found an employer responsible for the actions of its investigators who obtained a former employee’s phone records through “pretexting.” Of the $1.8 million awarded to the former employee for breaches of her privacy, the jury awarded $1.75 million in punitive damages. Regardless of whether this verdict survives on appeal, the lesson for employers is to be mindful of their internal investigatory techniques, but also those of their hired investigators.
Pretexting “is the act of creating and using an invented scenario (the pretext) to persuade a targeted victim to release information or perform an action.” As in many cases, the pretexting in Lawlor v. N. Amer. Corp. of Ill., Ill. Cir. Ct., No. 08 L 5931 (jury verdict rendered 9/19/09) involved use of the telephone to obtain telephone records. This case involved a key company saleswoman who, during a dispute over her compensation, was about to land a significant new account for the company. Concerned that Lawlor would take this new account to a competitor magnified the dispute and a company investigation ensued. The jury found one of the investigators hired by the employer called Lawlor’s telephone carriers and pretended to be her.
Both the federal and state governments have taken action to prevent pretexting. In 2006, the Telephone Records and Privacy Protection Act of 2006 (HR 4709) was enacted. This federal law criminalizes a number of actions related to pretexting. For example, it is a crime for a person to knowingly and intentionally obtain, or attempt to obtain, certain phone records under false pretenses. Violations of this law can result fines and/or imprisonment for up to 10 years. A number of states also have laws prohibiting pretexting. In 2006, the Consumer Communication Records Privacy Act became law in New York which provides similar protections against pretexting.
Employers frequently conduct investigations involving issues such as theft of company assets or trade secrets, disability fraud, harassment, and other sensitive matters where phone records and other information can be critical to obtain. Given how much sensitive information can now be obtained electronically, it is critical to understand the methodologies and techniques of third-party vendors and to ensure there are appropriate representations and indemnity provisions in service agreements.