It appears that this article leaves lots of wiggle-room for HP to get out of the whole pretexting debacle. Why? There is no law in California preventing the use of pretexting. Sure they have privacy laws but they may not apply here. There are eleven states that have passed laws specifically aimed at telephone record pretexting. California (the state where Hewlett Packard conducted its investigation) is, however, not one of them. California Senate Bill 202, which would make it a crime to procure, purchase or sell, without the consent of the subscriber, a telephone calling record, was sent to Governor Schwarzenegger on September 12 for his signature.

What I find surprising is California is infamous for its focus on consumer privacy and the state’s SB 1386 law which was passed in the fall of 2003 says if you have customers in California or are based in that state, and you have a computer security breach where confidential and personal customer information is accessed, and this information isn’t already readily available on the Internet, you must notify customers that their data were compromised.

So why does California have a law like this but nothing that outlaws pretexting? It seems like SB 1386 and pretexting are almost the same thing and from the consumer standpoint, stolen personal data is stolen personal data. It doesn’t matter that a fancy word like pretexting was used or not.

I get the feeling California will come up with some new privacy law that includes pretexting and the rest of the states will follow. This case may be high-profile enough to get the federal government to act. It will be interesting to see how this plays out.