Employees Play With Your Private Data And There Is Nothing You Can Do About It

Why play solitaire when you work for the utility company and can look up the mayor’s phone number? An Associated Press investigation reveals that casual snooping is widespread among employees who have access to large customer databases. According to one utility executive, it would be “difficult, if not impossible” to ferret out employees who use sensitive data for identity theft.

“People were looking at an incredible number of accounts,” Joan Shafer, WE Energies’ vice president of customer service, said during a sworn deposition last year. “Politicians, community leaders, board members, officers, family, friends. All over the place.”

Her testimony came in a legal case involving an employee who was fired in 2006 for repeatedly accessing information about her ex-boyfriend and another friend. An arbitrator in November upheld the woman’s firing. The AP reviewed testimony and documents made public as part of the case.

The misuse came to light in 2004 when an employee helped leak information to the media during a heated race for Milwaukee mayor that a candidate, acting Mayor Marvin Pratt, was often behind in paying his heating bills. Pratt lost to the current mayor, Tom Barrett.

Pratt said he’s convinced the disclosure cost him votes and unfairly damaged his reputation. Pratt said he recently met with top company executives and was satisfied it has stopped the problem as much as possible. He said he has dropped earlier plans to explore a lawsuit.

Private sector employees aren’t the only slackers to leaf through personal files. The IRS disciplined 219 wayward employees last year for snooping through our coveted 1040s. Companies don’t like discussing their security measures, but WE Energies went on the record to assure everyone that they remind employees about privacy protection at least once every single year. We feel so much safer now.

Worker snooping on customer data common [AP]


Edit Your Comment

  1. B says:

    Well, for one you can restrict access to the data to people who actually need it. Not everybody who works at a utility company needs to be able to look up the mayor’s phone number. And then you carefully screen the employees who are given that level of access.

  2. DeltaPurser says:

    I’ll be the first to admit that we sometimes get to playing around on the computers in the lounge and look up celebrities personal information in our list of frequent fliers… You’d be amazed at everything you can get: home phone numbers (although most use a puclicist or such), upcoming trips, etc…. Makes for fun reading, but never in my mind would I think to use it for personal gain or to extort someone…

  3. DeltaPurser says:

    Come to think of it: I once called Lauren Bacall, just to see if it really was her. She didn’t answer, but the voice on the answering machine was DEFIITELY her…

  4. gskelding says:

    You know, I work for a bank, up in Canada and the system that I use allows me to access every client – from a celebrity right down to the guy who works next to me. But the minute that I access an employee file, or anyone else of stature, my manager receives an email, and asks about my reason for accessing the file. So I don’t buy it when someone says it would be difficult or impossible to restrict access.

    The bank also let’s clients choose who can and who can’t see their information. So, it’s all about how the client file systems are set up.

  5. ARP says:

    @DeltaPurser: I think you’re the more common form of snooper. I know a girl at a bank who looks up some account info (e.g. a cute customer that just came in). Still not right, but relatively harmless. The problem is that you can do that kind of snooping without any checks, log trails, audit, etc. And a bigger problem is that it only takes one less moral snooper to start stealing identities, accounts, etc.

    GSKELDING- I think that strikes a good balance (assuming you need access to that sort of variety of accounts).

  6. Rusted says:

    @B: Yep. Still, remember my days in a cable company broadband NOC. Remedy system was wide open. I stayed in my own ball of wax though, network team was often just me and an idiot. Too much on my plate to deal with at the time.

  7. dreamcatcher2 says:

    @DeltaPurser: I had a big database once, and I’ll admit I looked a few people up in it… @ARP: you’re very right. Keeping logs (and sometimes even restricting access) is surprisingly easy, but people just don’t want to bother. I currently work on software that is used to manage information, and it is marketed to *help* with HIPAA compliance, but legally we can’t call it “HIPAA Compliant” because the fact is the vast majority of customers will be too lazy to implement the features that would actually put them in compliance.

  8. MissTic says:

    Smart politicians (oxymoron I know!!) and celebrities tend to hide themselves behind layers of others and corporations. It is shocking to see how many prominent people have things listed in their name – we all still put our pants on one leg at a time. But for the most part, they hide with the assistance of business managers and attorneys to avoid things like this. It really doesn’t take much to set up a corporation or trust that keeps your own name hidden or difficult to find.

    I used to work for an airline. They would regularly send out “guess who’s flying with us!” blurbs via the company intranet along with the PNR (passenger name record) so you could look it up.

  9. Rando says:

    This is common sense. Most companies can’t afford to monitor each and every account lookup done by an associate and prove it was legit. It would cost way too much.

  10. ? graffiksguru says:

    “but WE Energies went on the record to assure everyone that they remind employees about privacy protection at least once every single year.”

    REMIND?! gee thanks..

  11. Scuba Steve says:

    Just provide access to those that absolutely need it. Only provide access to things they need. Sure, abuse is possible, but with proper talent screening, things can be kept to a financially safe level of security.

    Big corporations that deal mainly with data have laws, and their customers to make sure that security is one of the highest priorities, if not the highest.

  12. Melt says:

    One easy way to restrict access is to only allow access to a customer record once a client has given the CSR the proper account number and other identifier. So, the person would actually need to be on the phone and rather than simply looking at the screen to verify that the passcode or maiden name was correct, it would require the CSR to enter the passcode/maiden name to actually access the record itself. Therefore, no casual snooping for the front lines. So simple!

  13. loueloui says:

    I have actually been on the other side of this equation. My employer stole my identity to falsely hire someone to work in a different city. Apparently he didn’t have the right credentials, so they just used my name, and information, and called him me.

  14. Pylon83 says:

    There is no practical way to restrict this kind of data from the low-level Customer Service Reps. They have to be able to get into the account, and access address and phone number data in case a service call has to be setup, to verify that they have the right account, etc. You can’t lock all this data down and expect people to be able to do their jobs. “Well sir, I have a Bob Smith here, but since I can’t verify your address or phone number because my company locks the data out, we’ll just assume it’s the right account.” I think it would be safe to say that 99% of the people who look up “celebrity” or prominent individuals data do so simply to satisfy personal curiosity. Companies have employees sign NDA’s and Privacy Policies, that’s about all they can do without restricting the ability to do the job.

  15. chipslave says:

    when I worked at a Wells Fargo call center employees routinely snooped into the checking/savings/cc accounts of famous people.

  16. Larsistron says:

    I’m a medical student and every time I access a patient’s records, its logged with the date, time, and location (e.g. inside or outside the hospital). This is the same system they used to catch the people who inappropriately looked at George Clooney’s medical records when he was in a hospital in New Jersey. While this doesn’t actively prevent the abuse at the time of access, it does provide a solution for accountability and auditing. Why not employ a similar system for all personal data? Or, even better, consider HIPAA-like legislation to prevent abuse of personal identity information.

  17. TBT says:

    When I used to work at a ritzy hotel, we used to look up the GM’s “account” (he lived in the hotel with his wife and young child, all we had to do was put in his room number) almost on a daily basis to laugh about how much porn he was ordering. A LOT. About 6 movies a day. We could tell they were porn because they cost $19.99 instead of the usual $9.

  18. 3drage says:

    Many places, especially where personal information is taken extremely seriously, audit accounts that view other accounts. They have no tolerance for the behavior and it results in instant dismissal from the job in a situation mentioned above. More places should be this careful with personal information.

  19. Ciao_Bambina says:

    Ha! Guess what? It’s just too easy and fun to do this – the temptation is too hard to resist for most folks. Everyone I know who’s had access to private data, including myself, has, in moments of idle boredom, done some benign snooping.

    My company did install some safeguards that made it a lot harder to do, and some pretty severe penalties if you get caught. But if you really want to take the risk, you can still keep track of your ex’s latest peccadilloes.

  20. TechnoDestructo says:

    I propose poetic justice for any employee found abusing private data (either actually using the info for evil, or chronic snooping in data they shouldn’t otherwise be seeing):

    Publish the personal information of those employees. Everything the organization has.

  21. synergy says:

    My brother did this a few times under pressure from my mother while working for AT&T. She used the information to stalk and harass exes. Luckily for the exes, his department was laid-off Jan 2002.

    Yeah. I don’t talk to them anymore. Crazy people.

  22. dugn says:

    Just one more reason I snicker when I call my local phone/DSL provider and they politely ask if they have my permission to access my files. What if I say no? And when I say yes, would that really have stopped you anyway?

    I hate think of a vengeful CSR on the other end of the phone tweaking my account if I give them a hard time…

  23. mac-phisto says:

    @Pylon83: actually, the practical way to restrict the data is to use the data to lock the data. utilizing a system of 3 or more key personal identifiers for database access is relatively simple & would ensure that most reps are not snooping.

  24. rlee says:

    Well, this is just ducky. I just finished (I hope) a protracted battle with TransUnion; they had confused me with someone else apparently because his Wisconsin Electric account had my SSN on it. WE has acknowledged the error, but now I have to wonder whether it was an honest mistake, or whether further trouble lies ahead.

  25. FLConsumer says:

    And this is why I have all of my “legal” mail going to my office, my traceable assets are owned by a holdings company, and I have a separate DID line on the PBX that is my “home phone number” that I give out to companies, banks, etc. It just goes straight to voice mail. Kinda difficult to figure out what ________ LLC is.

  26. gsarnold says:

    There are only two things that can be done to eliminate problems like this:

    1) Devalue the data so having access to it is meaningless. (I.e., credit should be based on your bank relationship, not the abstracted score attached to your SSN. This is how it was done before the deregulation of the ’80s.)

    2) Don’t keep the data in the first place.

    Seriously, does anyone think it is possible to create a system that won’t be vulnerable to some kind of abuse?

  27. mac-phisto says:

    @FLConsumer: not impossible: [www.sunbiz.org]

  28. forgottenpassword says:

    Yeah, I have always wondered what keeps the reps in india (that have access to all my credit card & personal info) from selling it to someone else?

    One thing I hate about utility companies is that they demand as much info on you as possible before they start service. When I moved into my new place I had a couple of utility companies who absolutely REFUSED to start my service if I did not give them my phone number. I didnt have one at the time.

  29. quail says:

    Slightly off target, but this has been going on for ages. When I worked at a college library in the 80’s it was simple to switch the catalog computer system to the ‘sensitive’ student directory. Great way to check if the cute girl actually gave you her number or was giving you the quick brush off.

  30. Pylon83 says:

    But for a typical utility company, or small cable company, such a system presents problems in both complexity and cost. Not to mention the pain in the ass when you call in. I don’t always have my account number when I call in, so that makes it a real difficult if they have to have 3 or 4 layers of data to find me. There is a line between security and convenience, and I’m not sure I personally have a problem with the current setup.

  31. deb35802 says:

    One of my cousins works for the IRS. She told me they do this too.

  32. Greasy Thumb Guzik says:

    Every quarter, the Social Security regional HQ in San Francisco sends out its bulletin that always has at least one idiot employee that looked up the data on a celebrity.
    If you have an actual celeb come in or call, you have to tell your supervisor immediately as SSA HQ in Baltimore has flagged thousands of names of famous people in the system.
    My cousin always forwards me the bulletin from Northern Cal.

    But why risk your job for this, just look it up on Zabasearch!

  33. karmaghost says:

    I used to *gasp!* work for MBNA part-time. Aside from being the worst job I’ve ever had, I was amazed at how easy it was to look up credit card information of celebrities and sports stars. I remember looking up Kobe Bryant’s and Shaqs credit cards (they were both on the same team at the time… I forget which one it was… the Lakers?) and being really interested at their credit information.

  34. magnus150 says:

    Back when I worked for a certain company for a certain university, we’d look up numbers to hot girls, professors, etc. all the time. It was common place really. Right? No. Creepy? Yes. But was it done? Most certainly.

  35. Paulyshoreis.dead says:

    A friend that worked for a big brokerage used to “collect” celebrity portfolio’s. He had some really famous people and would comment on their holdings. That was 8 or 9 years ago and I imagine they fixed that little bug. ahem. Nobody famous had an account with where I worked, lord knows we looked. We only ever found one politician. And it was at a large Canadian firm at that so I guess we should have been looking for famous Canadian not Americans. (joke) After Alanis Morrisete and Alan Thicke, we pretty much came up dry naming famous Canadians. (joke)

  36. TangDrinker says:

    @mac-phisto: Not all secretary of state databases allow access to LLC records. Dun & Bradstreet also does not have this information for LLCs.

    You often can find information on LLCs by searching property ownership records (which are public data- look for the site for tax records of the county you’re interested in – many have this data online). Many times people transfer their property to an LLC for privacy/business reasons only to forget that the property transfer records are often online, too.

  37. sickofthis says:

    I had a friend who worked for AmEx in the early 80s. He told me he had pulled and copied the microfiche with John Lennon’s application.

  38. bluewyvern says:

    I find it pretty distressing how morally void just about everyone seems to be. Evil corporations and their shenanigans are one thing, but what about the legions of lazy, selfish, thieving, mischievous employees with a sense of entitlement and the attitude that “they don’t pay me enough to behave”? Oh, there are a few hard workers, but the bad ones aren’t just a few rotten apples, seems they’re the rank and file.

    So then the corporations have to spend loads of money not only to perform whatever their ostensible function is, but also to control their unruly labor force because it can’t be trusted.

    No amount of consumerist activism will fix this problem, either. Wayward corporations can be brought down or brought into line, but how do you make people good?

  39. redhelix says:

    If I were in charge of any one of these companies, I’d fire the database administrator immediately. Any dumb shmuck can set up a working database, but it takes a professional to set up permissions such that shit exactly like this does not happen.

  40. mac-phisto says:

    @bluewyvern: you reap what you sow.

    when a dog is trained, nurtured & treated as an equal, he is loyal & protect you to his dying breath. when he is browbeaten & berated, held at bay with a stick & never fed to satisfaction, he will fight for you, but the second you stay your stick or turn your back, he will strike you in the heel.

  41. stageright says:

    @redhelix: So how do you set the permissions so that the CSR can look up the account for anyone that calls in, yet can’t look up accounts of people that don’t call in? You *can’t*. Otherwise, things like this wouldn’t happen.

    This was a huge problem at Comcast – you could walk through the center and see people looking up their friends, ex’s, etc all the time.

  42. marzak says:

    I used to be a CSR for SBC/Yahoo working for Convergys. I had access to change most personal information. Granted I would get in trouble, but I could still do it.

  43. disavow says:

    For about seven months I worked for GE Consumer Finance (now GE Money) as a CSR for Gap/Old Navy/Banana Republic. I had access not only to their clients’ credit-card accounts, but also to those of Wal-Mart and Sam’s Club, JC Penney, American Eagle, and like 19 smaller companies. I could even have rehabbed an old account of mine that was charged off some years ago (which I didn’t, for the record).

  44. savvy999 says:

    Since one of the many hats I wear is DBA, there’s absolutely no practical way to track what I look at, every query session, etc. Protocols and safeguards can be put into applications to track 1st and 2nd level access, but for admins like me, forget it. At any given moment I could look up hundreds of thousands of credit cards, bank accounts, SSNs, you name it.

    Companies like WE Energies, just have to trust their employees, and pay/treat their employees well enough so that the motivation just isn’t there to peek around, or commit fraud.

    On a personal level, mining for other people’s info simply isn’t interesting to me, because when it comes down to it 99.999% of people are basically the same. Everybody buys groceries, has credit cards, lives somewhere, drives a car, visits the doctor once in a while, goes on vacation, etc.; nobody, even a celebrity or politician, is that particularly amazing in his or her day-to-day life that it’s worth my time to figure out.

  45. pigeonpenelope says:

    my employer restricts full access to the employee’s private information to just a few–HR, my department, and fraud simply because its really hard to screen thousands of employees and their integrity to that fine of a detail. we can see their information because i work in a department that gives them part of their benefits. they double screen us because we can also see celebrity accounts–something that is fully shielded from almost all employees.

  46. vladthepaler says:

    Attention unility executives! Here’s how you do it:

    Lock all of a customer’s information so that in order for one of your employees to see it, they must enter the customer’s account number and mother’s maiden name (or some other sort of password). This is information which is easily and readily available to customers who call needing service, but which is not as easily available to bored employees who are inclined to browse records at random.

    I suppose a mayor’s mother’s maiden name is easy enough to find, but account number rather less so…

  47. Greasy Thumb Guzik says:

    Not a very bright idea!
    Then a utility CSR has much of what they need to get into your bank accounts!
    I’m not telling any utility company my mother’s maiden name, I don’t even like giving it to a bank.

  48. ShadowArmor says:

    I figured the problem wasn’t so much with the logging itself: if you have to enter your login and password to even see data in the first place, then it can be logged.

    The problem is: who is manning those logs?

    You could set up flags for if a particular record is viewed too many times (which would also be useful for persistent callers). Perhaps you could flag certain accounts as “sensitive” upon signup and a manager could be notified any time these are viewed, but that kind of stuff would be a massive system-wide undertaking to introduce retroactively, as opposed to at the very beginning.

    Even if you put sensitive identifying information behind another check in the system, unless the system knows who is restricted and who isn’t unless its told.

  49. sventurata says:

    I don’t think the moral decline of American citizens is entirely any one company’s fault.

    That said, I love those surveillance systems that audit employee access to customer accounts. Not only do they protect your butt from unwanted scrutiny, they shield MINE from false accusations.

  50. mikey07840 says:

    When I worked for Verizon (landline phone company) in the business office, every time I pulled up a customer record, I needed to notate why I did and what action I took for the customer. Until the account was noted, you couldn’t log off the account. People who looked at accounts without a reason usually got caught. In my seven years, every person who got caught in my office was fired. (Four people.)

  51. SecretChimp says:

    I work for Verizon DSL tech support (yes, we suck. The training is worthless, I’m only good because I’m not missing-teeth idiot with a giant ICP hatchet-man sticker on the back of my Ford Probe or the other excellent caliber of folks they hire) and I looked up Jerry Seinfeld. Unless there’s another Jerry Seinfeld who lives at Central Park West in New York.
    I haven’t done anything with the info, but I still have the screenshot from my work computer I sent myself with 212 and 917 area code phone numbers.