Based on the stories I read, this seems to have two components: 1) monitoring and recording of phone calls between Wal-Mart's PR department and a New York Times reporter; and 2) intercepting message traffic from portable devices.

In my estimation, the initial monitoring of PR calls seems very targeted -- so that may have very well been part of an official internal investigation (though it may or may not have been authorized appropriately). Indiscriminate monitoring of wireless traffic for both employees and non-employees, however, seems to be clearly out-of-bounds. This is probably the result of the "systems technician" being over-zealous.

I believe that what we are seeing here is symptomatic of a larger issue facing the security and privacy community. Let's face it, the cloak-and-dagger aspect of penetration testing and investigation has a certain appeal to it. These jobs attract naturally curious and creative individuals who enjoy the thrill of the hunt and the challenges associated with solving complex problems -- the very essence of the original use of the word 'hacker.' But without proper and strict oversight, the employees engaged in these activities can easily give in to natural human curiosity and step over the line of acceptable and authorized behavior.

How could this have been prevented?

The old axiom "who will watch the watchers?" is valid and applicable here. What seems to have been missing is a system of checks and balances; in short, oversight.