Subject: Information Commissioner’s Office (ICO) – New Case Reference Number ENQ*****15
Dear ICO Caseworker,
I have recently submitted a personal data request to my former employer, PGS Exploration (UK) Limited, 4 The Heights, Brooklands, KT13 0NY [PGSUK], citing the new GDPR guidelines. PGSUK is an affiliate of Norway based company, Petroleum Geo-Services ASA (PGS). I have received responses from PGSUK Francas and PGS Bjerke that my data request processing has begun. However, they stated a need to extend the 30-day completion time to 90-days. I have not had a positive experience in dealing with this matter in the past, as ICO is aware from referencing the case number. Therefore, I am writing to ICO and copying those overseeing my data request in the spirit of transparency. In October 2014, I submitted a subject access request (SAR) to PGSUK citing the Data Protection Act 1998 (DPA). I also submitted data request to PGS, citing Norwegian data protection provisions. I was told, at the time, that all of my personal data was being processed through PGSUK.
I have never been satisfied with the outcome of my SAR to PGSUK. For one thing, the circumstances around my termination from employment with PGSUK make it very unlikely that my personal data was not officially processed by Norwegian based PGS executives compliant in their duties. The directors of PGSUK are also key PGS executives. Nevertheless, in late 2014, I purportedly received copies of all my personal data that PGSUK was processing. What I did notice immediately was that several of the firm documents being processed within my PGSUK professional personnel file were not accurate legal documents. I requested that these documents be removed from my personnel file. I had also requested that ICO investigate. 24-Aug-2015, I submitted a report to UK ActionFraud (police) also relating my concerns. Another updated PGS Exploration UK Limited ActionFraud Report (20-Nov-2016) has been submitted. More recently, in 2017, I also raised these concerns with the UK Serious Fraud Office when it became clear to me that PGS/PGSUK were not forthcoming in the data that they delivered to me in 2014, and that many other people must have been involved with my personal data processing.
I was employed by PGSUK from 26-Sep-2010 through 31-Dec-2013. I am a USA citizen and PGSUK sponsored my Tier 2 visa, along with my dependents. My Tier 2 visa, shortage occupation list (SOL), was renewed by PGSUK 15-Jul-2013. My employment with PGSUK was terminated through a settlement contract agreement (SCA). Separation by an SCA requires that employees engage a legal adviser. SCAs are often used to terminate employees for redundancy or professional performance. The SCA proffered to me was in response to a formal workplace grievance which I had submitted. However, there are legally guaranteed steps that employers need to follow when an employee submits a formal workplace grievance. PGSUK bypassed these steps, and my legal adviser allowed PGSUK to do it. The SCA should have never been proffered to me by PGSUK before completing these steps. Of course, this would have been a much different SCA with more favorable terms for the data subject. Initially, I had thought that the defamatory personal data being processed in my PGSUK personnel folder was retaliation for submitting a grievance. However, I now believe that I was, more likely, the target of a confidence fraud. Defamatory personal data was processed by three different data controllers for the SCA. Further, it seems that the defamatory personal data was actually created to show that the legal steps for grievance were followed. The defamatory personal data also support an SCA used to terminate my employment on the basis of professional performance. The objective of all of this was to make an illegal termination appear legal, and thus protect PGSUK officers and executives from liability. It was also a backdoor way of professionally blacklisting me through stating the basis for the SCA was performance. Of course, I did not know this was happening in 2014, because it was presumed the SCA was to stop the grievance process. This is what I have concluded over the months and years of trying to replace this defamatory personal data with legal, true, and accurate data, as the laws require.
Firstly, I cannot conceive that my Tier 2 visa would have been approved if the UK Border Agency had been provided with the data which PGSUK processed for my SCA termination. The amount of personal data required in the application process is substantial. I was personally involved in completing the applications and had never seen the personal data within my personnel file during the application process. In fact, I had never seen it before receiving the contents from my PGSUK SAR. Beyond this, the entire Tier 2 application process was guided by the same legal firm that was employed to process and finalize the SCA on behalf of PGSUK. The formal grievance which I submitted on 20-Sep-2013 implicated my boss (first line supervisor), his boss, and the PGSUK Human Resources (HR) manager. My claim was that I was being gang-bullied and harassed (nationality). Some of the bullying involved the creation and dissemination of defamatory personal data. This personal data was being created and promulgated to harm me professionally. The grievance challenged this unsubstantiated and defamatory narrative. The grievance claimed breaches in PGSUK policy and also employment and contract law, including the Equality Act 2006, Duty of Care, and Duty of Mutual Trust and Confidence, misuse of the PGSUK performance management system, and the abuse of position. My personal data was withheld from me, so as not to allow any correction or changes. It seems that PGSUK data processors were also in violation of DPA when I was not permitted to view and comment on my personal data. I now see my grievance as whistleblowing. Beyond this, there were health-harming effects caused by the toxic workplace conditions.
Without any investigation from either ICO or ActionFraud, I decided to go public with my concerns regarding PGSUK data protection processing practices. I also communicated with solicitors, but the binding SCA was a barrier to further any action with respect to DPA violations. On 3-Jul-2015, I published An American, the UK Data Protection Act, Petroleum Geo-Services (PGS) and the Tyranny of “Accurate Data” (3-Jul-2015) on LinkedIn™ Pulse. This was my first blog post article where I named PGSUK agents and publically rebuked the defamatory false narrative that PGSUK was processing within my professional personnel file. I now have published over thirty (30) online blog articles. On 20-Sep-2015, I published Petroleum Geo-Services (PGS) CEO Jon Erik Reinhardsen Should Resign 2 (20-Sep-2015), where I showed e-mail evidence proving that the data PGSUK was processing was inaccurate. No executive from PGS/PGSUK contacted me over these publications. The final SCA had a mutual non-disparagement clause and my writing these blog post articles would have been in breach of the SCA terms. Of course, this would only be the case if the SCA were actually legal and valid. It now seems that this is unlikely the case. In May 2016, I submitted a report to the PGS Compliance Hotline, from where I eventually received a terse and implausible (ridiculous) response. PGS Compliance stated that they had “investigated”, but provided no substantive evidence of such an investigation. I knew there had been no credible investigation. In late May 2016, The Petroleum Geo-Services (PGS) Ambush Meeting and the Definition of Fraud (24-May-2016), was published. Again, e-mail evidence is provided showing that the personal data that PGSUK is processing in my name is fake and inaccurate.
I had requested that PGS Compliance authenticate the personal data they were processing under my name. I also wrote interrogatories within the public comment sections of PGS LinkedIn™ posts, which led to complaints and my eventual restriction from LinkedIn™. PGS/PGSUK has never responded in a thoughtful and responsible way to my complaints. PGS/PGSUK compliance refuse to validate that the personal data being processed in my name is legal and accurate. Isn’t this an admission that the personal data being processed in my name is not legal and accurate? I engaged the firm Landau, Zeffertt, and Weir Solicitors (LZW) to advise me on the SCA. LZW has no explanation as to how this happened? More recently, I published The Crimes of @PhilipLandau #London #EmploymentLaw #Solicitor and Petroleum Geo-Services #PGS #CEO #Pedersen (30-Dec-2017), where I show e-mail communications between myself and my legal advisor. The personal data which I provided to my legal adviser does not correlate with the contents being processed within my PGSUK professional personnel file. (I had always known this fact before publishing it.) I had actually informed my legal adviser that I had submitted an SAR to PGSUK back in 2014. However, by 2016 it seemed clear that there had to have been collaboration between my legal advisor, PGSUK, and the law firm who processed the final SCA on behalf of PGSUK. I published My Philip Landau and Watson, Farley & Williams (WFW) London Solicitors Testimonial (8-Nov-2016), after submitting an SAR to PGSUK’s SCA legal adviser, Watson, Farley, and Williams (WFW). WFW only provided me with a copy of the SCA and my original employment contract. In other words, WFW is stating that they never referenced the data allowing me to be employed within the UK legally when they advised on the SCA to terminate my employment.
The main problem is that the PGS executives who approved the processing the SCA are also the Compliance Officers. These were the same executives who received the SAR in 2014. The data processor mostly involved in processing the SAR contents in 2014 was accused in the grievance as essentially being a bully, a liar, and a cheater! However, there were many more involved in the scam. I even posted, Open Letter to Petroleum Geo-Services ASA Board of Directors (18-Jun-2017). There is never a response, and so this is why there has been no resolution. I received a threatening letter on 22-Dec-2014 from the fore mentioned bully, liar, and cheater, demanding that I cease my questioning the bogus contents of my PGSUK personnel file. Within this letter, he also “clarified” who had been involved in processing the bogus data. I believe this is a short list, because it makes no sense given my conditions of employment and way in which that employment was terminated. The HR personal data processors, if competent, should have easily recognized the problems with the contents of my PGSUK professional personnel file. But, the question which I ask to all of them now is, how did this data processing comply with PGSUK official guidelines? Personal data cannot be legal and compliant if the processes which create it are neither. Therefore, many HR personal data processors were actively involved in processing non-compliant / illegal personal data, and they knew it. One of the HR data processors was stationed in Houston, Texas. The fore mentioned bully, liar, and cheater states that although this HR person was stationed long-term in Houston, Texas USA, he in fact was a PGSUK HR data processor. DPA restricts what personal data can be transferred to the USA. Regardless, the data processed is bogus. Why won’t PGSUK confirm the agency of the USA based employee?
In 2016, I submitted another SAR to PGSUK, but again, PGSUK did not respond. PGS/PGSUK remained resolute in not correcting the knowingly defamatory personal data being processed. By this time, I had made public my disagreement with PGS/PGSUK personal data processing. There were no internal discussions about my personal data processing? Nobody has been representing the interests of the data subject, a foreign worker, because the data subject was the mark in a confidence fraud scam perpetrated by three different data controllers whose personal data processors conspired to process fake data intended to harm me personally and professionally. Perhaps, it was beyond their collective imaginations that I would submit an SAR. They certainly could not have predicted my online blog campaign focused on correcting my personal data. Nobody, except the personal data subject, is interested in solving the problem. But, the true and accurate data tells a completely different story than the fake data that is being processed now in my name. It matters most to the defamed and defrauded data subject. I have made several different requests to PGS/PGSUK, WFW, and LZW data processors to confirm the personal data used in forming the SCA and then to authenticate – prove the legality – of this personal data. None of them have responded to my simple request. The reason for the collective refusal of data controllers to correct my personal data is they have all been in violation of DPA/GDPR provisions since the fake data was created, and they have continued to process this fake data. The collective refusal of data controllers to authenticate my personal data is an admission that the data being processed in my name is not legal data. What more does ICO need in order to act on behalf of a damaged data subject?
Steven D. Kalavity