Pantagraph.com Weather forecast, local radar and more
NewsFriday, February 22, 2008 4:25 PM CST
Comments Comments (27) | E-mail this page E-mail this page | Print this page Print this page | Enlarge type Enlarge type | Reduce type Reduce type | Search archives Search archives | RSS RSS feeds | Add to My Yahoo! Add to My Yahoo!
Employees' snooping on customer data is common
By Ryan J. Foley
Associated Press
Advertisement

MADISON, Wis. -- A landlord snooped on tenants to find out information about their finances. A woman repeatedly accessed her ex-boyfriend's account after a difficult breakup. Another obtained her child's father's address so she could serve him court papers.

All worked for Wisconsin's largest utility, where employees routinely accessed confidential information about acquaintances, local celebrities and others from its massive customer database.

Documents obtained by The Associated Press in an employment case involving Milwaukee-based WE Energies shine a light on a common practice in the utilities, telecommunications and accounting industries, privacy experts say.

Vast computer databases give curious employees the ability to look up sensitive information on people with the click of a mouse. The WE Energies database includes credit and banking information, payment histories, Social Security numbers, addresses, phone numbers, and energy usage. In some cases, it even includes income and medical information.

Experts say some companies do little to stop such abuses even though they could lead to identity theft, stalking and other privacy invasions. And companies that uncover violations can keep them quiet because in many cases it is not illegal to snoop, only to use the data for crimes.

``The vast majority of companies are doing very little to stop this widespread practice of snooping,'' said Larry Ponemon, a privacy expert who founded The Ponemon Institute, a Traverse City, Mich.-based think tank.

Jim Owen, spokesman for the Edison Electric Institute, a lobbying association that represents utilities, disputed suggestions the problem was common in the industry.

``I am not aware of any other situation that has arisen in the utility sector,'' he said.

Companies generally avoid talking about snooping or any measures they've taken to prevent it.

Scott Reigstad, a spokesman for Madison, Wis.-based Alliant Energy, which has one million electric and 420,000 natural gas customers in Iowa, Wisconsin and Minnesota, said his company has safeguards in place to stop misuse but does not discuss them publicly.

``We haven't had any issues that we're aware of,'' he said.

Jay Foley, executive director of the Identity Theft Resources Center, said state regulators and lawmakers must step in if companies are not guarding their customer information responsibly.

``Something needs to be done at the state level to make sure this is illegal,'' he said.

He said more companies have to start using software that can track each customer account that employees access.

WE Energies says it has taken numerous steps to stop the problem but even so detecting misuse can be difficult. That's because it is hard to discern the legitimate access of customer information from employees looking for curiosity.

``People were looking at an incredible number of accounts,'' Joan Shafer, WE Energies' vice president of customer service, said during a sworn deposition last year. ``Politicians, community leaders, board members, officers, family, friends. All over the place.''

Her testimony came in a legal case involving an employee who was fired in 2006 for repeatedly accessing information about her ex-boyfriend and another friend. An arbitrator in November upheld the woman's firing. The AP reviewed testimony and documents made public as part of the case.

The misuse came to light in 2004 when an employee helped leak information to the media during a heated race for Milwaukee mayor that a candidate, acting Mayor Marvin Pratt, was often behind in paying his heating bills. Pratt lost to the current mayor, Tom Barrett.

Pratt said he's convinced the disclosure cost him votes and unfairly damaged his reputation. Pratt said he recently met with top company executives and was satisfied it has stopped the problem as much as possible. He said he has dropped earlier plans to explore a lawsuit.

``They caught this and they are making corrections to it, which they should. But it never should have happened in the first place. Not just to me, but to anyone. They gave their employees too much latitude to access files.''

After the incident involving Pratt, the company fired the employee who leaked the information and vowed to crack down after finding others engaged in similar practices. But problems continued.

In all, the utility fired or disciplined at least 17 employees for breaking the policy between 2005 and 2007, according to testimony and company records. Another employee gained access to Pratt's account for no business purpose and was suspended in 2005 but kept her job.

Others looked up information on their bosses at WE Energies and local conservative radio host Mark Belling, who said he had never been told of the breach.

Ponemon said employees with access to vast amounts of customer information often see nothing wrong with looking up an individual out of curiosity, or in some cases, more sinister motives.

Governmental agencies have also struggled with the problem.

The IRS took 219 disciplinary actions, including firings and suspensions, against employees who browsed through confidential taxpayer information last year, according to the U.S. Treasury Inspector General for Tax Information. That was more than double the number the previous year.

Last month, the Minnesota Department of Public Safety said it disciplined two employees who accessed information on 400 residents from its driver's license database. The agency did not say what the discipline was because it continues to investigate. It said the employees were looking for their own entertainment, not any criminal motives.

WE Energies serves 1.1 million electric customers in Wisconsin and Michigan's Upper Peninsula and 1 million natural gas customers in Wisconsin.

Shafer said in an interview that the utility took steps to eliminate the practice and only one employee has been disciplined for violations in the last year.

After the 2004 incident, the company started checking who accessed high-profile customer accounts and requiring annual training on its policies.

Still, Shafer acknowledged in her deposition last year that it would be ``difficult, if not impossible'' to discover many instances of misuse.

Utility regulators in Michigan and Wisconsin said they had not been notified of the company's problems. They say they do not have any rules covering such misuse.

The head of the Wisconsin Citizens' Utility Board, which lobbies on behalf of utility customers, said he was ``shocked and dismayed'' to learn about the practice.

``The testimony is incredibly candid. I'm very surprised that utility employees were misusing this information,'' said executive director Charlie Higley. ``We hope WE Energies has taken steps to ensure that information is treated privately.''

Take a look
Marvin Pratt is seen in his home in Milwaukee, Thursday, Jan. 10, 2008. The misuse of customer's information came to light in 2004 when an employee helped leak information to the media during a heated race for Milwaukee mayor that a candidate, acting Mayor Pratt, was often behind in paying his heating bills. (AP Photo/Darren Hauck)
Video
Most commented stories
Browse online archives
Recent issues:
Reader comments on this story - 27 total

Note: All views and opinions expressed in reader comments are solely those of the individual submitting the comment, and not those of the Pantagraph or its staff.

What now? wrote on Mar 4, 2008 3:32 PM:

" Re: QT Hush

I only hope one day I date a girl like you. You're a treasure and a keeper!!! "

To QT hush wrote on Feb 26, 2008 7:20 AM:

" Yeah, you sound like a real winner. "

Re: QT Hush wrote on Feb 22, 2008 2:27 PM:

" Soulds like someone needs to go to jail! "

To: Mr. Zero wrote on Feb 22, 2008 1:37 PM:

" Thats Admiral Rusty Shackleford to you. "

businessoperator wrote on Feb 22, 2008 11:41 AM:

" Most banks have privacy software that indicates when an account is accessed and which employee accessed the account, so it is easy to tell who is snooping. Employess have been fired because of this information. It would be quite easy for utility companies and other businesses to apply the same software to their operations. "

QT Hush wrote on Feb 22, 2008 11:13 AM:

" I used to snoop all the time (I still do). When I worked at a bank I found out the financial status of the people I was buying a house from. I found out they were seriously in debt and lowered my offer by 25%. My real estate agent balked at presenting the offer and I said watch, they will take it. Yep they did (they were desperate). I used to check out my boyfriends and anyone I wanted leverage. Information is easily accesible if you know where and how to look. I don't need a SSN to start. Just a name and one other piece of info. After you start the info just flows. "

midle of the road dude wrote on Feb 22, 2008 9:51 AM:

" i hope things like this make you people that think that the price of privacy and freedom, is a fair trade for the implyed safety from terrorists.
tell you what, all those that would rather give up these priceless things so many people died to provide for us. how about you just move somewhere that doesn't have them now? "

dwarf to Those Caught wrote on Feb 22, 2008 8:36 AM:

" Yes! And mug people! And burglarize! And drive drunk! And murder! And teach evolution in a public school!

If you break the law in one way, it's obvious that you're on an unavoidable slippery slope to multiple homicide, and the company would be best just to lock them up NOW! "

Those caught wrote on Feb 22, 2008 8:01 AM:

" snooping should be terminated immediately! If they will snoop, they will lie and steal from the company as well. "

Mr. Zero wrote on Feb 22, 2008 7:52 AM:

" This is why I always use my neighbor's SSN# and have most of my official documents issued to Rusty Shackleford. "

To: Waffle wrote on Feb 22, 2008 7:26 AM:

" I think we all assumed that Betty's friend was one of those with a need to know. This whole problem is an extremely difficult balancing act. We all cheer when a dangerous criminal is tracked down by their cell phone usage, but also realize that this capability can easily be abused for other purposes as well. It's easy to say that only trusted employees should be granted access to sensitive data that they need to know in order to do their job. But who exactly can you trust and how do you know you can? Most inapproapriate snooping is an inside job, and determining that the access was not work-related is not something a computer system is generally capable of doing. "

The State too wrote on Feb 22, 2008 7:01 AM:

" I work in a profession that's licensed by the state, and I know they are selling my name and address to various organizations associated with my profession. I get enough professional junk mail every week that if I saved it, it would fill my house in one year. Thank you Illinois for allowing me to maintain the ability to use a paper shredder for the rest of my life. "

To:Wafflehouse wrote on Feb 22, 2008 6:52 AM:

" Umm the accounting department has all of the pay information too. "

Waffle of Justice wrote on Feb 22, 2008 12:24 AM:

" Betty, I have to call you out as bull, unless your co-worker worked in the HR department. Snooping for legitimate pay rates is a futile effort, any knowledgeable IT department has that locked down to a need to know basis and access will be denied.... It is called a "honey pot". Users think they found sensitive information regarding salaries and loose their job shortly after that for attempting access to it. "

why ? wrote on Feb 21, 2008 11:34 PM:

" Why does a utility need a social security number from its customers ? Why dont our elected representatives protect us from this sort of abuse ? "

jj wrote on Feb 21, 2008 10:55 PM:

" Monkey see, monkey do. Our government spies on us, so why shouldn't its citizens think they can get away with it too?
Where has America gone?
Down the tubes. And the bad thing, some of us are ACTUALLY CHEERING OUR REPRESENTATIVES ON. "

Just wait wrote on Feb 21, 2008 10:39 PM:

" Until we're all forced to have "the chip" put in us; there will be no privacy, anywhere, anymore. And, there will still be the schmucks who insist "if you don't do anything wrong why would you care?". The problem is, the laws keep getting more intrusive and ridiculous, limiting every freedom once provided by this country as a right. When will it stop? I'm not sure but 1942 comes to mind... "

FYI wrote on Feb 21, 2008 9:35 PM:

" As an employee of large utility provider, I know that once a ss# is entered into the data base; it is starred out. Only the last 4 digits remain available to bee seen by the common employee. There is good reason to have this info. The authorities need to have a way to verify licenses and permits. Plus it is unbelievable how many people don't pay their bills, get disconnected and put in one of their kids or animals names. Many times there comes a day that these people want to improve their credit for major purchase or what ever. Having their ss# allows their debt to be reported to their credit, which often times helps recover unpaid debts. "

to: mr. crap wrote on Feb 21, 2008 9:30 PM:

" You can get your hunting license on-line at the DNR website. It even allows you to print out an immediate copy to carry with you. Don’t be giving out your SSN to some minimum wage stock jockey at Wal-Mart. "

matt wrote on Feb 21, 2008 9:17 PM:

" to crap: you have to give ssn# to get fishing/hunting permits because it helps track deadbeat dads and such,i guess you have to take the good with the bad. "

!@#$% wrote on Feb 21, 2008 9:09 PM:

" Rent a house or apartment that the uitilies are included. Do not get a loan for a car. Do not carry charge cards use cash not checks. The less things you have account number on the less they can track things down. I hold not credit cards, my land lord pays my bills, I only have one checking account, I paid cash for my car. I own a company and tried running a back ground check on myself and could come up with nothing. It is easy the less you have the less they can find. "

to:crap wrote on Feb 21, 2008 9:04 PM:

" The state will not allow them to issue the deer permit with out all the information on the application for the permit to be filed out. the SS# is one of those things. if you want to play you must pay. it has been that way for a long time. "

To: Crap wrote on Feb 21, 2008 8:32 PM:

" They need that information to issue the hunting license. They do not require that, the state does. They do not determine what information is required to get the license. "

crap wrote on Feb 21, 2008 7:38 PM:

" This is why I think it's crap that everyone needs so much info for doing something minor. My husband went to get his deer permits at Walmart and they wanted his ssn#. Why on earth do they need that? They told him if he didn't give it to them they couldn't issue his permits. Anyone who works at Walmart has access to that now. Everyone, everywhere wants your information and the common joe can get a job and get your information. With identity theft being the fastest growing crime, there needs to be a better way to do things without giving out your info. "

TO: BETTY wrote on Feb 21, 2008 6:23 PM:

" Boy oh Boy Betty thats really something to be proud of. Maybe you should of put your last name, so your family could be just as proud of you as we all are. "

Betty wrote on Feb 21, 2008 5:26 PM:

" This happens at some of our "larger employers" in town. I found out how much to ask for a raise based on my friend's "snooping" through coworkers pay info. He knew how much that department's highest paid employee was getting. It worked. "

Don't forget the drug stores wrote on Feb 21, 2008 5:23 PM:

" Pharmacy Employees can find out really good stuff also. "
Add your own comments

Please read the rules before posting comments.

You must be logged in to leave comments.
If you don't have a member ID, please register.

*Member ID:
*Password:
Remember login?
(requires cookies)
  Forgot Your Password?
 
Lee Enterprises Customer Service | 301 W. Washington St., PO Box 2907, Bloomington, IL 61701-2907 | Ph. 309-829-9000 | 800-747-7323
Copyright © 2008, Pantagraph Publishing Co. and Lee Enterprises. All rights reserved. | Terms of Use | Privacy Policy