A landlord snooped on tenants to find out information about their finances. A woman repeatedly accessed her ex-boyfriend's account after a difficult breakup. Another obtained her child's father's address so she could serve him court papers.
All worked for Wisconsin's largest utility, where employees routinely accessed confidential information about acquaintances, local celebrities and others from its massive customer database.
Documents obtained by The Associated Press in an employment case involving Milwaukee-based WE Energies shine a light on a common practice in the utilities, telecommunications and accounting industries, privacy experts say.
Vast computer databases give curious employees the ability to look up sensitive information on people with the click of a mouse. The WE Energies database includes credit and banking information, payment histories, Social Security numbers, addresses, phone numbers, and energy usage. In some cases, it even includes income and medical information.
Experts say some companies do little to stop such abuses even though they could lead to identity theft, stalking and other privacy invasions. And companies that uncover violations can keep them quiet because in many cases it is not illegal to snoop, only to use the data for crimes.
"The vast majority of companies are doing very little to stop this widespread practice of snooping," said Larry Ponemon, a privacy expert who founded The Ponemon Institute, a Traverse City, Mich.-based think tank.
Jim Owen, spokesman for the Edison Electric Institute, a lobbying association that represents utilities, disputed suggestions the problem was common in the industry.
"I am not aware of any other situation that has arisen in the utility sector," he said.
Companies generally avoid talking about snooping or any measures they've taken to prevent it.
Scott Reigstad, a spokesman for Madison, Wis.-based Alliant Energy, which has one million electric and 420,000 natural gas customers in Iowa, Wisconsin and Minnesota, said his company has safeguards in place to stop misuse but does not discuss them publicly.
"We haven't had any issues that we're aware of," he said.
Jay Foley, executive director of the Identity Theft Resources Center, said state regulators and lawmakers must step in if companies are not guarding their customer information responsibly.
"Something needs to be done at the state level to make sure this is illegal," he said.
He said more companies have to start using software that can track each customer account that employees access.
WE Energies says it has taken numerous steps to stop the problem but even so detecting misuse can be difficult. That's because it is hard to discern the legitimate access of customer information from employees looking for curiosity.
"People were looking at an incredible number of accounts," Joan Shafer, WE Energies' vice president of customer service, said during a sworn deposition last year. "Politicians, community leaders, board members, officers, family, friends. All over the place."
Her testimony came in a legal case involving an employee who was fired in 2006 for repeatedly accessing information about her ex-boyfriend and another friend. An arbitrator in November upheld the woman's firing. The AP reviewed testimony and documents made public as part of the case.