On January 23, 2006, CNET News.com quoted an anonymous source describing strategic plans made at a meeting of HP’s board of directors. Because the meeting was held behind closed doors and with a history of similar media leaks occurring for about a year, HP’s chairperson, Patricia Dunn, had enough. Frustrated, she wanted to get to the bottom of this and root out the mole before serious damage could be done. Although one can hardly blame Dunn for wanting to protect the interests of her company, her tactics may be considered questionable, at best.
Dunn was so angry that she authorized a private investigation firm to uncover the source of the leaks. But the firm she hired to conduct the probe, the data-brokering company Action Research Group, went a bit too far. Using a practice known as pretexting, the investigators obtained the telephone records of more than a dozen people—reporters, HP board members, and employees—by pretending to be them (i.e., contacting the telephone company under false pretexts). Believing that the practice already had been going on and that it seemed an appropriate means to expose the individuals who leaked vital information about the company, it went on with Dunn’s full consent and knowledge for about a year.
There was only one problem with the plan: It was illegal. Almost a year to the day that the CNET story broke, a California Superior Court found that HP willingly and knowingly accessed telephone account information without the account holder’s permission and that it violated an identity theft statute by obtaining personally identifying information and then using it for unlawful purposes. A settlement was agreed upon in which HP admitted no liability and no civil actions would be pursued against company officers. In exchange, HP’s attorneys agreed to take steps that would help ensure the company’s ethical behavior in the future. Specifically, for five years, HP was required:
(1) to appoint a chief ethics and compliance officer, (2) to retain an expert in the field of investigations to assist this individual in conducting proper investigations, (3) to expand the role of the company’s chief privacy officer to review HP’s investigation practices, and (4) to expand the codes of conduct followed by the company’s employees and vendors so that they covered appropriate investigation procedures.
To insure that these practices were followed, HP was required to set aside $13.5 million (in addition to paying $1 million in statutory damages and reimbursement of costs borne by the California Attorney General’s office). Unlike Enron, whose officials took steps to hide their guilt, Dunn cooperated fully with authorities although, of course, she stepped down as chairperson. Dunn explained that she was never aware that the tactics used in the probe were illegal, and regretted the use of “inappropriate techniques.” Eager to put this distasteful chapter behind it, Dunn’s replacement, HP chairman Mark Hurd, explained that he is “committed to ensuring that HP regains its standing as a global leader in corporate ethics and responsibility.”

Questions for Discussion

1. What legal and ethical actions might Dunn have taken to prevent further leaks of sensitive information?
2. Of the four things that HP was required to do, which one do you believe will be most effective in avoiding future unethical behavior in the company? Why?
3. What aspects of the business environment might have put subtle pressures on Dunn to respond as she did?