The Fed has given the private investigator involved in the HP pretexting case a deal: “roll over on those naughty HP boardmembers who authorized the theft of phone records and you get a substantial reduction on the $250K/5 year maximum sentence for Identity Theft” — the law the Feds have dredged up to prosecute the case.
Seems the big payout by HP to settle up civil litigation didn’t get them out of hot water. More pain for shareholders is in store as the company spends investor money to fend off more lawsuits.
Meanwhile, the anti-pretexting law that was proffered to the White House by the lame duck congress at the end of the last session was signed by the big guy himself yesterday. To sum up the simple view:
The legislation outlaws the practice of getting confidential phone records by “making false or fraudulent statements” to a phone company employee, by “obtaining false or fraudulent documents to access accounts” or by “accessing customer accounts through the Internet” without authorization — a practice commonly known as pretexting.
Violators face fines and imprisonment of up to 10 years. Fines are doubled and five years may be added to the prison term if the violations involve more than $100,000 or more than 50 customers.
Is it enough? Opinions vary, as they always do.
Martin Bosworth, at ConsumerAffairs.com, takes a look at other legislation that is proposed in the latest congress here. He cites critics who claim that the new laws are big on concept and short on plot.
Feinstein-Sununu’s Social Security Number Misuse Prevention Act, for example, sets restrictions on the collection, sale, and display of Social Security numbers by third parties without the accountholder’s consent and also sets “some limitations” on businesses that request an SSN. But the proposed law also contains a lot of exemptions and loopholes for government and business, critics argue.
Same holds true for Feinstein’s Notification of Risk to Personal Data Act, which sets rules for businesses and agencies that collect personal data to notify individuals of a breach “without unreasonable delay.” In the event of a breach, the company must notify the media in all circumstances, and Secret Service notification if the breach exceeded 10,000 individual records or one million database entries.
Sounds a bit like GLB to me — and it still doesn’t require companies to explain how the breach happened or what will be done in the future to prevent a recurrence. Critics go on to note that the bill contains several significant exemptions. Law enforcement agencies that are hit with data breaches could delay notification if they deemed it to be a security risk. And businesses can escape the notification law by performing “risk assessments” privately and sharing the results with the Secret Service.
There is very little agreement on how an information risk assessment should be done, even by the top dog risk assessors/auditors that routinely engage in an email reflector on the topic organized by Dan Swanson. (I’ll get a link in here later in case you want to subscribe.)
Moreover, this act preempts state laws (including California’s, Ms. Feinstein) that are, in many cases, tougher than her act in language and remedy.
The last part of the piece by Bosworth covers the question of how much priority is being placed on privacy. I love this paragraph:
Critics question whether Feinstein’s bills will do much to cure cavalier attitude government and business displays towards the security of individuals’ data…Every data breach from the Veterans’ Administration to Boeing follows a familiar pattern: A massive data breach takes place, the company or agency claims it is an isolated incident, claims to somehow discern that the thieves were after the hardware not the data, offers token credit monitoring services to the victims, and goes back to whatever it was doing.
I suppose some will encourage me to be patient. It takes time for a reasonable legal regime, properly institutionalized and enforced, to take shape.
What I am seeing, by contrast, is a situation in which privacy is being treated like a malleable issue, rather than a “personal right” and “lynchpin of liberty.” Suddenly, businesses and politicians — arguably to two biggest violators of privacy – get a vote over how my private information is to be protected. And they are leaving huge gaping holes in the laws to ensure that no one’s ox gets gored.
Rather reminds me of this Statue of Justice that raised hackles in England awhile back, when it was placed outside a courthouse where the artist felt he had not received justice. (Click on it to see the full pic.)
Don’t know if I would go quite so far as to depict justice as a prostitute (wouldn’t be fair to prostitutes, I suspect), but against the backdrop of current information privacy legislation, I can sympathize with the artist’s sentiment: when it comes to matters of information privacy, trust no one.
Final word: Here is a good article on pretexting and what you should know about it. Note that Federal laws around pretexting only pertain to your financial records and not to other personal information.
{ 5 comments… read them below or add one }
“Seems the big payout by HP to settle up civil litigation didn’t get them out of hot water. More pain for shareholders is in store as the company spends investor money to fend off more lawsuits”
How do you figure Jon? The stock’s significantly up from the time the scandal broke out and is going even higher given that they appear to be doing significant damage to Dell.
Interesting you should ask that, Pq. Yes, HP’s stock has done better over the past year, and yes they have taken some market away from Dell for now. That is not what I am saying here.
Since when were you happy investing money in a company where the bosses were using it to defend themselves against lawsuits? Hurd is under scrutiny right now for making a sale of his stock just prior to the release about pretexting.
I seem to recall everyone jumping on CA when Sanjay Kumar’s pecadillos were revealed. Stockholders were very pissed off when he 1) misrepresented a sale (channel stuffing) then 2) used company monies to pay the ransom that his partner in the scam (a reseller) was charging to keep mum.
How can you sit there and say all is good with HP because it continues to grow market share? A company that is doing illegal stuff at the top has at least a vein of rot running throughout. It will catch up with them. In the meantime, some of your investment in the company is being misdirected to finance legal warchests for senior management misdoings. If you are okay with that, invest away.
Another interesting article can be found online at CNN Money — part of the print column that appears in Business 2.0.
To your point, Pq, the columnist minimizes the importance of shareholder value, stating that most shareholders don’t even hold on to their stock for longer than a year and do little actively to determine how money gets spent. However, he also explains fairly well how the rot at the senior level does little to encourage loyalty in the rank and file. When employees start to quit, it is too late to resolve the problems that made them go.
Now, think about this scenario. You work at a company where management is doing bad things that become public. Management already reads your emails and violates your privacy in other ways while you are on the job — wrapping themselves in the flag of corporate stewardship (you are using their phones, their email systems, their internet connection). In effect, management is violating the rules they themselves set up. Now, they are laying off people whose jobs could have been saved if they weren’t shelling out big bucks for legal defenses. Moreover, some managers are timing their stock sales to avoid taking a hit if share prices fall as litigation details spill out.
Would you feel very secure at that company? Probably not. Would you leave for a better opportunity if one presented itself. I think so. When loyalty has been shattered by a litany of wrong-doing at the top, the company slowly disintegrates.
I doubt that shares will hold their price as this HP scandal continues to unfold.
Jon,
A comparisson between CA and HP is unfair…to HP. The pretexting scandal at HP is completely different with what happened with CA. Kumar’s scheme (aka 35 days a month) caused execs to rip-off the company by getting bonuses for meeting financial targets that in reality were never met.
The large institutions that own the stock care about 1 thing: Stock Price. If i’m a hedge fund manager who has poured millions of dollars into the stock and one day I realize that the CEO not only was he stealing but in reality the stock’s worth much less than I paid for then I’ll take him and his posse down.
When the company delivers, the shareholders typically tend to look the other way at the some infractions depending on wheather or not these have a material effect on earnings and untimately the stock price. Right or wrong, that’s the way it is.
HP under Hurd appears to have been turned around and gaining market share. As long as he delivers the goods the big institutional holders care about the most, Hurd will be at the helm of HP and untouched.
I’m not say all is good at HP, i’m simply stating how things work.
Pq, do I look new to you?
I agree that the market rewards certain variables with institutional buys. Then again, I never gave most market guys much credit for smarts beyond ticker readings.
As we learned from “Wall Street,” no one in the market seems to care much about intrinsic value — what the employees think, whether they perceive a company as a place where they can set down roots, etc. This IMHO is the ultimate determinant of business success. Employees determine success. Not inflated PE ratios.
Instead, the financial market is “symbolic” — measuring everything in momentum and sales and revenues. EMC looks like a company that executes because $1000 invested there ten years ago would be a million today. This says nothing about the legality of their business practices, the honesty or integrity of their management, or the real value of their technology. It only says they can sell iceboxes to eskimos.
As for the comparison between CA and HP, I think you misunderstand my point. In both cases, and perhaps also in the case of many other companies that are engulfed in options scandals now that will play out over the next few months, we have malfeasance pure and simple by senior management. You can argue with me about the comparative slights involved, but the bottom line is that you have greedy, ambitious, assholes at the top who are more concerned about making their own millions than anything else, and who are happy to use any methods — legal or not — to advance their objectives and cover their asses when things go wrong.
That kind of bothers me, regardless of what plays institutional investors make based on their tickers.
I believe that senior execs lead. They establish the standards and values for the rest of the company. They must behave in a Yankee Doodle way at all times. The integrity they exhibit (or lack thereof) translates into a corporate culture.
At least at CA, they are trying to do something to get themselves back on track. I have a lot of respect for some of the guys over there. I still see a lot of shucking and jiving at HP. And a lot of layoffs too.
You must log in to post a comment.