Ponemon Institute chairman Larry Ponemon has come out in defence of Hewlett-Packard's (HP) use of "pretexting" to track confidential information leaks from the board stating Sarbanes-Oxley requirements are the root cause of the problem.
Ponemon defended HP's use of pretexting, claiming the burdens of Sarbanes-Oxley on the board mean they have to be "extremely diligent" about locating and finding leaks.
He said such investigative techniques are widespread.
Ponemon admits the company "really stuffed up" by failing to understand the tactics used by private investigators straddling the "unethical practice" of pretexting.
"Everyone believes pretexting has to be an identity fraud or identity crime and is therefore against the law, but in the US there are loopholes and it is not illegal for a private investigator to use pretexting as a tactic," Ponemon said.
"I have been talking to a few private investigators and information security experts, and pretexting is just one of the tools used regularly to find sources of confidential information breaches and Hewlett-Packard was just caught and they have the brand.
"I believe this is very common practice, or at least it used to be, and is a wake-up call for board members that they have to be concerned about privacy. I think the problem is worse than reported and a lot of companies would be caught with their pants down, but HP was the first."
Ponemon added if the same surveillance technique were used in Australia it would violate the Privacy Act and said Australian privacy laws are more developed than those in the US.
The use of surveillance methods such as pretexting (a form of social engineering to gain access to another's personal telephone records) is common practice according to John Bracey, president of the Australian Institute of Private Detectives.
Bracey said private detectives have to support individual privacy concerns, and added gaining access to what is deemed private, personal information can give a fair trial in court to both parties.
"Asking a private detective not to use such surveillance methods (like pretexting) is like asking a carpenter to put cupboards up without using a hammer, nails, screws or a saw," Bracey said.
"I have not come across cases (like HP's use of pretexting) in Australia, but there are all sorts of things that go on."