Parliamentary and Health Service Ombudsman (PHSO):
This complaint letter is legally protected public disclosure as defined within the UK Public Interest Disclosure Act 1998. If any information presented herein is disparaging to named parties, they are legally and contractually able and obligated to clarify.
The following complaints were submitted to ICO prior to their recommending taking the complaints to the next level to PHSO:
The Information Commissioner’s Office (ICO) mission is to “uphold information rights in the public interest, promoting openness by public bodies and data privacy for individuals”. The GDPR seven key principles:
- Lawfulness, fairness and transparency.
- Purpose limitation.
- Data minimisation.
- Storage limitation.
- Integrity and confidentiality (security)
Steven Kalavity’s (SDK) first direct interaction with the ICO was from October – December 2014. SDK has submitted subsequent SARs to PGS Exploration (UK) Limited, 4 The Heights, Weybridge, Surrey, KT13 0NY, England in 2016, 2018, and most recently in 2020 predicated on the contents received through the 2014 SAR. PGS Exploration (UK) Limited is registered with Companies House (02904391) with legal jurisdiction of England and Wales.
SDK has been both disappointed and astonished by the Information Commissioner’s Office (ICO) ability to ensure subject data integrity and data controller compliance to General Data Protection Requirement (GDPR) seven key principles and protect SDKs data subjects rights. ICO fails to exercise even the most basic due diligence of data controller responses and confirm their responsibilities to data subjects. ICO seems to lack robust processes that actually qualify and then validate data controller compliance. Thus, subject data rights can never really be properly protected when dysfunctional processes that allow non-compliance are used by ICO.
SDK is a USA citizen who was sponsored on a Tier 2 visa and allowed to legally work in England with employer/data controller, PGS Exploration (UK) Limited from September 2010 to December 2013. SDK and PGS Exploration (UK) Limited are bound by two contracts, (a) original employment contract and (b) a termination settlement contract both governed by the laws of England. PGS Exploration (UK) Limited continues to defraud SDK, the ICO, UK Visas and Immigration, Border Force and Immigration Enforcement, as well as several global stakeholders within the upstream oil and gas industries.
If the aforementioned contracts are valid, SDK is contractually and legally prohibited from sharing information that disparages PGS Exploration (UK) Limited or any of its affiliates, customers, or contractors. (This includes the recent disclosures to ICO and of course other online publications.) However, PGS Exploration (UK) Limited has never cited a breach of these contracts by SDK. Why not? SDK has published disparaging content about PGS Exploration (UK) Limited since July 2015. However, the content has been legally protected (PIDA) or whistleblowing.
Three (3) data controller’s processed PGS Exploration (UK) Limited SDK personal data in forming the termination settlement contract signed in 2013. PGS Exploration (UK) Limited was represented by Watson Farley and Wiliams and SDK was represented by Landau Zeffertt and Weir (now Landau Law). Agents from these firms have been copied on complaints submitted to ICO (and ActionFraud. Since 2016, SDK has published his belief that he was a mark/victim of a criminal conspiracy and confidence fraud led by PGS Exploration (UK) Limited.
PGS Exploration (UK) Limited, Watson Farley and Wiliams and Landau Zeffertt and Weir (now Landau Law) all have been hostile and fraudulent respondents with regard to queries about the termination settlement contract which they formed. The termination settlement contract contains Confidentiality terms and conditions prohibiting the publication of disparaging content. It should be noted that while PGS Exploration (UK) Limited does not have a subsidiary in Thailand, global legal firm Watson Farley and Williams does have offices in Thailand. Yet, PGS Exploration (UK) Limited used Thai law firm Duensing – Kippen?
However, the real power of settlement contracts is that they make future litigation between parties extremely difficult, absent a breach in the terms and conditions. In any case, litigation is also very expensive, especially for an illegally terminated and blacklisted data subject. This is important because usual civil litigation that data subjects would have available to them to correct data is not available once a settlement contract is signed. PGS Exploration (UK) Limited, Watson Farley and Wiliams and Landau Zeffertt and Weir (now Landau Law) engaged in criminal behavior and conspired to utter forged and defamatory documents to harm the data subject whistleblower, SDK.
SDK first published his belief that Watson Farley and Williams and Landau Zeffertt and Weir were bribed to illegally terminate a whistleblower in 2016. Watson Farley and Williams and Landau Zeffertt and Weir have never commented directly on the PGS Exploration (UK) Limited sponsored litigation against SDK in Thailand. In fact, SDKs position is that PGS Exploration (UK) Limited breached the terms and conditions of the termination settlement contract that contained mutual non-disparagement clauses. The purpose of the termination settlement contract was to obstruct the avenues of legal redress to pursue civil and criminal claims under English law against PGS Exploration (UK) Limited / PGS ASA agents.
PGS Exploration (UK) Limited, Watson Farley and Williams, Landau Zeffertt and Weir, and Duensing – Kippen principals/agents have been copied on emails and could answer many questions. However, they remain hostile and refuse to clarify the most basic queries. SDK believes that PGS Exploration (UK) Limited, Watson Farley and Williams, Landau Zeffertt and Weir, and Duensing – Kippen are intentionally working to avoid resolution by the English justice system. Failure to disclose id a form of fraud:
Fraud Act 2006 Section 3: Fraud by failing to disclose information
18.Section 3 makes it an offence to commit fraud by failing to disclose information to another person where there is a legal duty to disclose the information. A legal duty to disclose information may include duties under oral contracts as well as written contracts. The concept of “legal duty” is explained in the Law Commission’s Report on Fraud, which said at paragraphs 7.28 and 7.29:
The fact that PGS Exploration (UK) Limited does not use the legal system of England as prescribed by contract(s), but instead takes “legal” action against SDK in Thailand citing Thailand criminal code should raise a big flag pointing to some irregularity or impropriety. (It is remarkable that ICO does not see this as highly unusual rather than likely.) SDK has reported to both ICO and ActionFraud that he believes he and his Thai family members are victims of fraud, and extortion/blackmail multiple times. However, such claims of data controller impropriety are not regarded as worthy of serious investigation by either ICO or ActionFraud (police)? It is much too easy for data controller’s, such as PGS Exploration (UK) Limited, to provide material misrepresentations to both the data subject and ICO regarding subject data processing compliance.
ICOs response to data subject, SDKs 2020 SAR:
An organisation has to comply with a condition set out in chapter 5 of the General Data Protection Regulations (GDPR) if it is to transfer personal data overseas.
Article 49 (1) (e) of GDPR provides a condition permitting a data controller to transfer personal data overseas if it is “necessary for the establishment, exercise or defence of legal claims”.
The organisation has confirmed that they relied on this condition to transfer your data.
In your case, the organisation has transferred your data to a legal firm in Thailand to pursue a legal claim against you. As such we consider it likely that the organisation has complied with its data protection obligations in this case
Although we appreciate this will not be the decision you were hoping for, we hope the above information is of assistance to you in clarifying the application of the GDPR in this case.
ICO facilitates pathological deception and data controller criminal cover-up and misrepresentation. The UK Data Protection Act 1998 (DPA) and UK Public Interest Disclosure Act 1998 (PIDA) form the terms and conditions of both contracts between PGS Exploration (UK) Limited and SDK. The only data that PGS Exploration (UK) Limited should legitimately be processing for SDK at any time are records pertaining directly to SDKs legal employment. This especially applies to records created whilst being employed in England from September 2010 to December 2013. These legal records should include personnel records that support the Tier 2 visa work permit legal requirements and also dependent family member application data provided to UK Border..
ICO does not seem to have an understanding of what legal subject data processing is and therefore has no processes in place to detect or validate such processing. ICO must recognize that there are different types of personal data. A data controller must only process personal data that is pertinent to the legal relationship of the data controller and data subject. Data controllers’ legal processing of subject data must be qualified. For example, inaccurate reporting of personal data used to support a Tier 2 visa could warrant criminal penalties for non-compliance and false reporting to other (international) government agencies.
ICO renders decisions based on impressions. Such practices are unreliable and do not protect data subject rights. ICO decisions must be fact-based and supported with evidence/data. ICO cannot and should not understand the details of subject data. However, ICO should understand the base relationship between the data controller and data subject to the extent of making cogent decisions on fair data use. Data controller’s garner no penalty for actively abusing their position and misusing or withholding subject data.
Data controllers have obligations, whereas data subjects have rights. ICO must also understand the dimensions of personal data with regard to its fair use. Data controller records and subject legal records cannot be conflated and allowed to be processed in the same way. What data is processed and why are central aspects of the GDPR principles. While data subject SDK does not believe that ICO (caseworkers), chooses to use poor or dysfunctional processes, doing so actually aids and abets GDPR violators that severely harm data subjects.
Case IC-44927-G3W4 pertains to the PGS Exploration (UK) Limited response to SDKs 2020 SAR which was submitted 15 April 2020:
From: Steven Kalavity <@gmail.com>
Date: Wed, Apr 15, 2020 at 7:20 AM
Subject: GDPR 2020 Subject Access Request
To: GDPR <email@example.com>, John Francas <@pgs.com>
RE; Steven D. Kalavity
I would like to submit a subject access for data that PGS ASA is processing for me, Steven D. Kalavity.
I am especially interested in the legal claims that have been prepared by PGS Exploration (UK) Limited intended for my receipt in Thailand. I have never received these.
I would also like to have the copies of any warrants filed where I am the intended recipient by PGS ASA or its subsidiaries.
I would like PGS to present full copies of any data referenced to prepare these claims.
SDK follow-up 19 April 2020 email for unanswered 15 April 2020 email:
From: Steven Kalavity <@gmail.com>
Date: Mon, Apr 20, 2020 at 3:58 PM
Subject: Fwd: GDPR 2020 Subject Access Request
To: GDPR <firstname.lastname@example.org>, John Francas <@pgs.com>, Lars Mysen <@pgs.com>
PGS GDPR DPO,
I submitted a subject access request 15 April 2020 that has not been acknowledged.
Could PGS ASA please acknowledge?
The 11 November 2018 documents that I signed in Thailand, (1) Plaintiff PGS Exploration (UK) Limited and (2) Plaintiff Carl Richards are not signed by the plaintiffs. Can you please provide a letter with notarized signature confirming the plaintiffs are attached to the document?
Also, could you provide in English the Tippaya Monmanee’s legal qualification in matters of the laws of England? Is she qualified to draft agreements for a company governed by the laws of England? Also, is Tippaya Moonmanee qualified to draft contracts for adjudication in the US Federal Courts of Harris County Texas?
This response from ICO shows a complete lack of understanding of SDKs data protection issues and concerns with .PGS Exploration (UK) Limited. ICO disregards substantive emails sent to them concerning the 2014 SAR, 2016 SAR, 2018 SAR and 2020 SAR processing by PGS Exploration (UK) Limited. ICO states, “As such we consider it likely that the organisation has complied with its data protection obligations in this case.” ICO has absolutely no basis in fact to issue such a ridiculous statement that damages the data subject and protects corrupt data controllers. ICO disregards the GDPR Seven Key Principle. Beyond this, ICO does not consider the data itself that was transferred. UK GDPR states:
The UK GDPR restricts the transfer of personal data to countries outside the UK or to international organisations. These restrictions apply to all transfers, no matter the size of transfer or how often you carry them out.
PGS Exploration (UK) Limited has not been required to provide substantive responses that demonstrate their adherence to any of The Seven GDPR Principles. ICO seems completely clueless in understanding different types of personal data and also does not inquire why a company, PGS Exploration (UK) Limited, governed by the laws of England is using the Thai criminal justice system? ICO Stating “we consider it likely that the organisation has complied with its data protection obligations” demonstrates an abject disregard for the rights of the data subject who claims the ventures into Thailand are a way to avoid the English legal system and blackmail to destroy and de-publish evidence of crimes!
The criminal charges put forth by PGS Exploration (UK) Limited against SDK are for criminal defamation under the laws of Thailand. Firstly, the UK has no criminal defamation law. PGS Exploration (UK) Limited and SDK were bound by contracts governed by the laws of ENGLAND that both contained Confidentiality terms and conditions prohibiting publication of content disparaging PGS Exploration (UK) Limited. (Unless it is protected disclosure as defined within PIDA.) How can one not be in breach of contract for publishing unprotected disparaging content under the laws of England, but be charged with criminal defamation under the laws of Thailand? ICO supporting PGS Exploration (UK) Limited claim that they have “likely” met their obligations for transferring subject data outside the EEA is both ridiculous and unfounded.
There needs to be an ICO process in place similar to the legal workplace grievance process that allows data subjects the ability to appeal the adequacy of data controller responses to SARs. Data controller compliance to the GDPR Principles should always be the primary objective. Even if the concerns of the data subject are deemed ridiculous, data controller’s have the obligation to abide by GDPR principles and therefore must be able to easily demonstrate such compliance. ICO must also understand what legally protected disclosure as defined by PIDA. Data subjects citing data controller non-compliant data processing or their covering-up such activity is whistleblowing. ICO needs to anticipate such reporting.
As previously mentioned, SDK had submitted an SAR to PGS Exploration (UK) Limited (PGS ASA) in 2018. PGS Exploration (UK) Limited is allowed to respond with ambiguity, threats and ultimatums rather than clarify legitimate data subject compliance concerns. The response to SDKs 2020 SAR is absurd and actually more relevant to PGS Exploration (UK) Limited actions proceeding SDKs 2018 SAR. SDK is requesting original English language (prior to translating into Thai language) copies of the “legal notices” that were delivered in Thailand to the residence of relatives while SDK was in the USA, as well as any personal data used in forming the legal notices.
For what possible reason has PGS Exploration (UK) Limited refused this request? PGS Exploration (UK) Limited has not even provided a current status of their Thai claims. SDK has never published content written in the Thai language. PGS Exploration (UK) Limited is translating content (which SDK believes to be legally protected per PIDA) in the English language to the Thai language. Just as legal matters governed by the laws of England are written in English, documentation for use in the Thai legal system is written in the Thai language. SDK is simply requesting copies of the documents intended for his receipt in Thailand to be delivered for his perusal in the USA.
PGS Exploration (UK) Limited also provided multiple misrepresentations to SDK within their response to SDKs 2018 SAR in July 2018 which preceded the initial delivery of two (2) claims in Thailand through legal firm Duensing – Kippen to SDKs residence in Thailand in September 2018. In November 2018, SDK signed two separate agreements under threat of criminal prosecution in Thailand and possible prison terms. SDK had also written multiple emails to ICO from June – December 2018. (ICO Case Reference Number ENQ0754715).
SDK never regarded the Thailand legal proceedings and subsequent agreements as legal and communicated this to PGS Exploration (UK) Limited multiple times. PGS Exploration (UK) Limited has never explained how terms and conditions of both the original employment contract and termination settlement contract governed by the laws of England are not still valid and enforceable? How can agreements sponsored by English company, PGS Exploration (UK) Limited,under the Thai legal system take legal precedence over contracts governed by the laws of England?
A PGS Exploration (UK) Limited company secretary, Carl Richards, had threatened litigation against data subject SDK in April 2018 regarding legally protected (PIDA) publications essentially revealing a criminal conspiracy controlled by PGS Exploration (UK) Limited. Richards, fiduciary agent of PGS Exploration (UK) Limited was threatening litigation against SDK as an individual divorced from PGS Exploration (UK) Limited. SDK published his belief that the threat of litigation was illegal extortion.
Richards never confirmed his identity nor answered questions of his legal agency and fiduciary responsibilities of an acting PGS Exploration (UK) Limited secretary that would allow him to pursue litigation in Thailand as an individual whilst SDK and PGS Exploration (UK) Limited were bound by two contracts prohibiting the publication of anything derogatory to PGS ASA, et al. SDK also received threats from Thai legal firm, Duensing – Kippen, who similarly did not provide requested identification information.
Duensing – Kippen emphasized that they only represented individual Richards and not PGS ASA or its affiliates. Richards resigned as PGS Exploration (UK) Limited 25 May 2018. This inspired SDK to submit another SAR to PGS Exploration (UK) Limited as GDPR was replacing the Data Protection Act 1998 (DPA) and PGS ASA had appointed a Data Protection Officer. PGS Exploration (UK) Limited cited the termination settlement contract and attorney client privilege for not providing any information regarding SDK data processing.
In September 2018, Duensing – Kippen delivered two (2) claims against SDK. One claim was on behalf of PGS Exploration (UK) Limited and the other Carl Richards. Duensing – Kippen misrepresented that they also represented PGS Exploration (UK) Limited. When SDK reviewed the claim, it was noted that the claim had been assembled following the delivery of the 2018 SAR. Therefore, the response which PGS Exploration (UK) Limited was applicable to the 2018 SAR. But, PGS Exploration (UK) Limited had provided misrepresentations to SDK in their response in 2018.
SDK had provided PGS Exploration (UK) Limited and Norwegian parent company, PGS ASA, with copies of his USA passport and USA Texas state driver’s license, as well as SDKs postal mail address in Thailand where he was staying on visa for the explicit purpose of identification for processing an SAR in July 2018. PGS Exploration (UK) Limited used this data for fraudulent purposes without the permission of the data subject. The identification and home address data was then provided this data to a Thailand based legal firm to harass and stalk SDK. PGS Exploration (UK) Limited had no legal reason for processing this data beyond identification verification. These documents (passport and driver’s license) were not relevant, and in fact were different from those provided to PGS Exploration (UK) Limited during the Tier 2 visa application process in both 2010 and 2013.
It is a violation of USA Federal law to copy a USA passport without permission. It is a violation of USA Texas state law to copy a Texas state driver’s license without permission. These copies were provided for subject identification only. PGS Exploration (UK) Limited fraudulently used without the data subject permission USA and USA Texas state legal documents for nefarious purposes beyond the scope of the employer – employee relationship. This illegally obtained personal data was then provided to Thailand legal firm Duensing – Kippen who used passport data and address information to stalk, harass, and extort (blackmail) SDK. These are violations of GDPR principles that should mandate the fair and legal processing of personal data.
PGS ASA / PGS Exploration (UK) Limited also did not acknowledge a 2016 SAR which was sent to PGS ASA compliance which once again claimed and provided evidence of PGS ASA / PGS Exploration (UK) Limited executive fraud, forgery, embezzlement, and bribery. PGS ASA states that they investigated, but the claim is not believed by SDK. PGS Exploration (UK) Limited noted SDKs 2014 SAR. Since July 2015, SDK has published legally protected content online. SDK published his concerns on the LinkedIn PGS comment space. PGS ASA / PGS Exploration (UK) Limited deleted comments and did not invoke a breach in contractual Confidentiality clauses prohibiting publishing derogatory content nor processed the comments as protected disclosure, or whistleblowing
At no point in time has data controller PGS ASA / PGS Exploration (UK) Limited played by the rules, Thus, it is infuriating and intolerable that ICO responds that PGS Exploration (UK) Limited has likely complied with their obligation to data subject SDK. ICO does not even reference the numerous ICO cases and emails sent to them by data subject SDK since 2014! Is it normal for data subjects to send so many complaints about data controllers every two years? When providing responses, ICO must also consider the totality of information which they have been provided with focus on the mission.
The tragic truth of the matter is that the 2016 SAR, 2018 SAR and 2020 SAR were required only because ICO gave PGS Exploration (UK) Limited a free pass on their processing SDK personal data that did not comply with (then) DPA principles. ICO did not protect the rights of the data subject, but provided a shield to criminal abusers who falsified personal data in order to destroy the livelihood and reputation of the data subject, SDK. The only reason that so many legally protected publications were possible is because ICO dropped the ball in 2014 by not demanding that PGS Exploration (UK) Limited abide by DPA Principles.
The UK Data Protection Act 1998 Principles – Subject data must be,
- Fairly and lawfully processed;
- processed only for limited purposes;
- Adequate, relevant and not excessive for the above purposes;
- Accurate and up to date;
- Not kept for longer than is necessary for the above purposes;
- Processed in line with the rights of the data subject;
- Data is kept secure;
- Not transferred to other countries outside the European Enterprise Area (EEA) without adequate protection.
The response received from ICO 9 January 2015 is abject gobbledygook because PGS Exploration (UK) Limited is non-compliant to the DPA first principle: subject data must be fairly and lawfully processed. Nevertheless, ICO ignores the first principle and responds:
Response from the ICO [Ref. RFA0563589]
email@example.com <firstname.lastname@example.org> Fri, Jan 9, 2015 at 3:38 AM
9th January 2015
Case Reference Number RFA0563589
Dear Mr Kalavity
Thank you for your further emails of 19 December 2014, 20 December 2014, 22 December 2014, 23 December 2014, 29 December 2014 and 30 December 2014 about PGS Exploration (UK) Limited.
The Data Protection Act 1998 applies to personal information relating to living individuals. It requires organisations collecting and using personal data to comply with eight rules of information handling. These are called the data protection principles.
Accuracy of data
Finally regarding the accuracy of personal information held about you, as previously advised, we only consider issues of factual inaccuracies and not issues about opinions that may be recorded. In their letter to you dated 22 December 2014 PGS Exploration (UK) Limited advised you that your email to them dated 5 December 2014 had been placed on your personnel file. This means that this has now become part of the information they hold about you expressing your views about what happened.
If you have evidence that they hold information about you is factually inaccurate you may wish to raise this with them. This would not include such matters as your views about opinions expressed about you, or the way in which your grievance was conducted.
First of all, the 22 December 2014 letter written by an accused criminal and non-compliant HR Manager, David Nicholson on behalf PGS Exploration (UK) Limited consists of unqualified misrepresentations and does not answer many of the issues the data subject, SDK, has raised. These allegations were written and submitted within the 20 September 2013 formal grievance which is only referenced within the termination settlement contract. While the letter does reference and state that a 5 December 2014 complaint email will after the fact be processed to make the subject data compliant, ICO cites no problem nor assesses any penalty to PGS Exploration (UK) Limited for processingesg inaccurate and defamatory (forged) documents.
These inaccurate and defamatory (forged) documents supported the termination settlement contract. This means that SDK was terminated from employment illegally using non-compliant personal data. It also means this data was used to terminate his Tier 2 visa illegally. Why does ICO allow this solution and not hold PGS Exploration (UK) Limited for violating DPA principles? A 22 December 2014 email was actually a response to an SDK email sent 20 December 2014. The email contained the (electronic) attachment of the 22 December 2014 letter citing several issues with a 25 October 2013 Memo which is being processed as SDKs personal data.
PGS Exploration (UK) Limited, Watson Farley and Wiliams and Landau Zeffertt and Weir (now Landau Law) also conspired to place the physical health and well-being of SDK and his family at risk through abrogating their legal duty to protect employees from stress at work. PGS Exploration (UK) Limited, Watson Farley and Wiliams and Landau Zeffertt and Weir (now Landau Law) fraudulently withheld an occupational health nurse assessment report from consideration in forming the termination settlement contract. This report is also not being processed as part of SDK personal data. (It was obtained through a separate SAR to the contracted occupational health nurse. PGS Exploration (UK) Limited acknowledges this through the inclusion of the 5 December 2014 email which brings up the matter.
David Nicholson <David.Nicholson@pgs.com> Mon, Dec 22, 2014 at 1:21 AM
To: Steven Kalavity <email@example.com>
Please find attached our response to your constant requests for information which either you are not entitled to or we don’t possess.
Please also note that we are now taking legal advice on this matter as we are of the opinion that we have reacted to all your requests in a fair and reasonable manner and that you are now in breach of your Settlement Agreement which you signed last December.
This letter has also been sent to you through the post.
David Nicholson HR Manager
From: Steven Kalavity [mailto:firstname.lastname@example.org]
Sent: 20 December 2014 04:03
To: Laura Haswell
Cc: David Nicholson
Subject: KALAVITY – SAR – PAR/TB Memo Reference Documents not provided
PGS UK Data Processor/Controller:
In my personnel file there is a Memo written/signed by Terje Bjolseth and Per Arild Reksnes.
First of all, I never received this Memo (to my attention?) until recently when it was sent to me by my SAR / UK DPA 1998.
Note the three referenced documents:
1) Meeting 11 September 2013
2) Your letter of 29 September 2013
3) Meeting 14 October 2013
I have not received these referenced items.
I think this is a reference to the Norway – UK teleconference meeting.
No minutes of this grievance hearing are provided. My witness/co-worker John Barnard attended (to verify what was said/discussed). He is not copied on these minutes. Simon Cather and David Nicholson did not attend this meeting.
Your letter? I do not know what letter is being referenced. Perhaps a letter from DN/SC? I have not been provided with this document.
I do not know anything about this meeting. It was not with me. I have not been provided with minutes of this meeting.
The point is, information has been referenced and processed but has not been provided to me through my SAR request.
Within the 9 January 2015, ICO again does not protect subject data rights, but instead shields data controller PGS Exploration (UK) Limited from addressing concerns responsibly. ICO essentially allows PGS Exploration (UK) Limited to “correct” subject data with no penalty whatsoever! ICO does not require that PGS Exploration (UK) Limited state why amending SDKs personal data is either necessary or compliant? ICO did not even make the most basic inquiries to protect the data subject.. Why is it acceptable or necessary to alter SDK personal data by the inclusion of one of the complaint emails dated 5 December 2014? The 5 December 2014 email is requesting that PGS Exploration (UK) Limited remove inaccurate and defamatory (forged) documents from SDKs official personnel records!
PGS Exploration (UK) Limited has acknowledged that they have been in violation of DPA/GDPR principles through their permitting this alteration of SDK personal data. ICO apparently does not even recognize this and obviously is not penalizing the data controller in any way. Why would PGS Exploration (UK) Limited amend personal data months following the termination settlement agreement? It is because PGS Exploration (UK) Limited processed the termination settlement contract using fake – forged and defamatory – personal data. This is fraud. PGS Exploration (UK) Limited would not agree to or should be allowed to amend SDKs personal data with inaccurate and non-compliant content.
ICO should not need to know this, but PGS Exploration (UK) Limited, Watson Farley and Williams, and Landau Zeffertt and Weir (Landau Law) had promised that SDK personal data was accurate the day before the termination settlement contract was signed. PGS Exploration (UK) Limited, Watson Farley and Williams, and Landau Zeffertt and Weir (Landau Law) denied multiple requests by data subject, SDK, to inspect his personal data whilst negotiations were going on. (SDK now knows why.) However, ICO should know that documents that have no subject signature would not be considered legal or useful a court of law. Within the 5 December 2014 complaint email to PGS Exploration (UK) Limited, SDK requested the removal of non-compliant (to DPA principles) and illegal personal data.
The 5 December 2014 complaint email to PGS Exploration (UK) Limited:
Data Protection Act 1998 – SAR – comments / requested changes
Steven Kalavity <@gmail.com> Fri, Dec 5, 2014 at 7:16 AM
To: Laura Haswell <Laura.Haswell@pgs.com>
Cc: David Nicholson <@pgs.com>
PGS UK Data Controller,
Please confirm receipt of this email.
The forty day period for compliance of my Subject Access Request (SAR) has now passed. I do not believe that there has been complete compliance, but I will defer to ICO guidance on how to proceed.
I have not received information regarding who directly has processed my personal data, who has had access to the different personal data stored, who has been provided with my personal data, or for what reasons.
I applied for different roles while within PGS, especially during the time I was with Marine Contract – Africa. Please provide me with discussions/outcomes from these applications.
I printed four copies of my grievance to present personally during the scheduled meeting. I distributed the hard copies them to the meeting attendees: John Barnard (my witness), David Nicholson, and Eddy Von Abendorff. I also e-mailed copies to Simon Cather, Per Arild Reksnes, and John Greenway.
The grievance was principally in regard to the unfair and inaccurate processing of my personal data. I believe that the Data Protection Act 1998 was violated when PGS did not allow correction of this data and continued to publish and disseminate the incorrect information.
During settlement discussions I requested disputed information removed and PGS UK refused this request.
PGS UK has provided only a select number of communications from limited data processors and not undeleted or recovered from back-up other electronic mails and records.
Hardcopy records (i.e., date books, other) have not been provided or mentioned.
Further, the Settle Agreement, Clause 9.7 establishes that PGS will endeavor not to publish any disparaging or harmful information about me.
I have communicated with ICO for guidance on how to proceed.
Even though the disputed information was brought to PGS UK attention over a year ago through my grievance, ICO allows data controllers to address and correct (remove) inaccurate information.
Since I do not believe that I have received all my personal data that PGS UK holds, I will address the information in my personnel file.
For clarity, can PGS UK please confirm the order of the documents provided to me in two (2) packages as to how the information is presented and who has access to which portions?
With regard to the HRIS copy, can you please provide time-tagged copies (2 month interval) of the file to confirm how and when changes were made?
I am following the order provided to which the data was provided to me. Please address these changes within 28 days.
Please address why this data was retained and created.
File Section 1:
Need to add eligible for rehire (as written in your recent e-mail).
Memo dated 25-October-2013 – Conclusions from Grievance Hearing should be removed from the file.
- This document was never presented to me, yet it is referenced to my attention.
- No signature or acknowledgement/agreement from me regarding content.
- PGS offered me the settlement to STOP the grievance process (prior to this meeting, in fact).
- Also, my solicitor, which I was prompted to engage after you made the offer, indicated PGS would prefer the settlement to proceed with the grievance so they WOULD NOT have to respond.
- The grievance process was not CONCLUDED – it was just not continued due to PGS UK’s offer of a settlement agreement.
- The minutes and record from this meeting are not sufficient given the gravity of the issue to the data subject. Many important and substantive points are missing.
- More likely, I would have not accepted a PIP and would have appealed this conclusion and gone to tribunal, per ACAS provisions.
- There is no presentation of evidence to indicate a thorough analysis.
- There is no presentation of data that counter any of my issues brought-up within my grievance.
- It accepts and amplifies the malicious and defamatory statements that are backed by no substantive evidence.
- This is not accurate nor fair and violates DPA provisions.
- This also is not in accordance with the terms of the settlement agreement prohibiting publication of disparaging remarks.
Omitted: My grievance document that challenges allegations with supporting evidence. (Omitted okay as long as with the other documents that inspired it.) The document provided does not include the pages of evidence that support my disagreement. Why is not the complete document provided?
- Also, I remember a yellow-highlighted copy of my grievance being reference when the settlement was offered. Is this the document copied?
- I provided hard copies to you, Eddy and John. Where are they?
Letter to me 24 July 2013 – Investigation for Possible Implementation of Performance Improvement Plan – Should be removed
- This letter was provided to me after HR refusal to present me with minutes of an “informal meeting” where these allegations were first made.
- This letter without my response (grievance) included suggests some sort of agreement or concession of these claims. My file contains no meetings or emails that corroborate any of these statements. In fact, these statements are both malicious and defamatory.
- This is not accurate nor fair and violates DPA provisions.
- This is also not in accordance to the terms of the settlement agreement prohibiting the publication of disparaging remarks.
Meeting 13-June-2013 summary – Should be removed
- This was an informal meeting.
- I was called to the meeting with no warning or time to prepare.
- This meeting did not follow PGS policy or procedures.
- I asked for clarification about how this meeting conformed with PGS policy and was refused.
- I was also refused minutes of the meeting to contest. Instead, I was provided a letter which prompted my response. Yes, I did believe the minutes needed to be written so that I could have the opportunity to contest the (unsupported) allegations.
- I do not agree with these minutes and believe they conflate meetings and correspondence which occurred between the meeting and my grievance.
- Allegations are not supported by any documentation. In a fair and accurate process, these allegations should have been substantiated:
- Workload distribution is not an opinion and can be quantified. I included this in my grievance. It was never provided in the meeting.
- Responsible and fair HR Management should have verified and clarified claims made as fact.
- Commercial acumen was never defined and purely a (malicious) unqualified opinion.
- Meeting and instruction were cited, but not supported by written records. In fact, they never happened.
- The GAP analysis meeting(s) mentioned with Manager are not corroborated by notes or details, and in fact never happened. Responsible and fair HR Management should have confirmed this.
- PIP was never discussed during meeting, move to another work assignment was mentioned.
- Quality of work – no record of meetings or specific instances. In fact, there seems to be no reduction in work given to me as mentioned in grievance.
- Workload distribution is not an opinion and can be corroborated with evidence. It never was. Responsible and fair HR Management should have confirmed and clarified this. Workload distribution evidence was included within my grievance/reply.
- I was not provided an impartial witness during the meeting to corroborate the minutes.
- I do not agree with many of the contents of this letter.
- My Grievance documents go into detail about the many disagreements.
- This is not accurate nor fair and violates DPA provisions.
- This is also not in accordance to the terms of the settlement agreement prohibiting the publication of disparaging remarks/information.
- Why was there no validation by HR (UK/Norway) of the contested statements made as fact and to my personal detriment?
- I believe that this is a violation of the DPA.
- The documents inclusion into my personal personnel record is prejudicial and disparaging and violates the terms of the settlement agreement, as well.
GAP Analysis – Should be removed. Note, I asked for its removal during settlement talks and was refused.
- No supporting documentation to give meaning and context.
- The Gap Analysis is not supported by any tangible data.
- It mostly indicates disagreement, but no basis of disagreement (what was measured?)
- No supporting documentation that indicates any effort to resolve the Gap.
- The denial to provide how the Gap is defined or can be filled makes this document irrelevant.
- EvA references meeting, but no evidence is provided to substantiate.
- This is not accurate nor fair and violates DPA provisions.
- This is also not in accordance to the terms of the settlement agreement prohibiting the publication of disparaging remarks.
- Omissions – Supporting documentation
There is no record of meetings, advice, or elaboration about my deficiencies referenced in the meeting. Did the meeting ever happen? Did you confirm, if so why isn’t there supporting documentation?
Documents about my temporary living, and trip to England, etc. can be removed because the information is dated not really useful or relevant to my professional file
Tax reference info if needed. Most all else can be removed as no longer valid. (i.e., passport copies)
Omission – Email from Maggie Bream regarding my health check following my 5-day absence.
Replace with current CV. I have provided several updated versions for internal vacancies.
Steven D. Kalavity
Steven Kalavity’s first direct interaction with the ICO was from October – December 2014. SDK has submitted subsequent SARs to PGS Exploration (UK) Limited, 4 The Heights, Weybridge, Surrey, KT13 0NY, England in 2016, 2018, and most recently in 2020 predicated on the contents received through the 2014 SAR, Since 2014, ICO had been unsuccessful in their mission to protect the data rights of subject SDK. ICO failure has allowed PGS Exploration (UK) Limited (Watson Farley and Williams, Landau Zeffertt and Weir / Landau Law, Duensing – Kippen) to process defamatory forged documents that violate every DPA / GDPR principles.
SDK does not believe that there is an individual ICO caseworker or ICO in general has a personal vendetta against the data subject. However, there is something systemic within the processes and procedures that data controllers PGS Exploration (UK) Limited, Watson Farley and Williams, and Landau Zeffrtt and Weir (Landau Law) to utter forged and illegal documents as SDK personal data over the course of several years without reprisal. There may be other victims of data controller tyranny. SDK is not the only person who is damaged by dysfunctional systems that violate personal human rights. PGS Exploration (UK) Limited processed fake data to preserve a dangerous mythology intended to deceive investors, customers and competitors.
The upstream oil and gas industry pays a premium for companies that operate safely. However, the Deep Water Horizon disaster demonstrated how catastrophes manifest within climates of fear where whistleblowers remain silent due to the threat of reprisal. Further, being the target of workplace gang-bullying and mobbing, a brutal tactic often used by corrupt organizations to oust whistleblowers, is no picnic. SDK would not wish it upon anyone. What PGS Exploration (UK) Limited has done to whistleblower SDK is take away his ability to fight back.
PGS Exploration (UK) Limited denied SDK his ability to defend himself. PGS Exploration (UK) Limited breached SDKs contract and obstructed his ability to raise a grievance. PGS Exploration (UK) Limited engaged in mobster tactics and worked to destroy his reputation through producing defamatory performance reports. However, this meant PGS Exploration (UK) Limited had to defraud UK Visas and Immigration, Border Force and Immigration Enforcement. PGS Exploration (UK) Limited could not legally employ a poor performing foreign worker and displace an able UK-EEA resident worker. When SDK did finally submit his grievance, PGS Exploration (UK) Limited once again breached his employment contract by proffering a termination settlement contract and not follow-through the legally mandated grievance procedures.
In desperation, SDK sought “legal” advice from solicitor Philip Landau. When SDK received the contents of his personnel file through the 2014 SAR and discovered forged and defamatory documents being processed he knew he was the victim of something terrible. Landau Zeffert and Weir (Landau) law betrayed SDK. Landau received truthful information from his client, but processed PGS Exploration (UK) Limited lies. Watson Farley and Williams processed one set of data for UK Visas and Immigration, Border Force and Immigration Enforcement and another set of SDK personal data to support the illegal termination settlement contract.
Every penny spent on this confidence fraud game is money stolen from PGS ASA shareholders. This robbery should have been halted years ago. It only required that ICO employed robust processes that legally validate data controller compliance to DPA/GDPR principles rather than assuming that corrupt narcissistic data controllers are “likely” telling the truth. SDK is 100% certain that the personal data PGS Exploration (UK) Limited is not legal and violates DPA / GDPR principles. PGS Exploration (UK) Limited even acknowledges this through their amending SDK personal data by the inclusion of the 5 December 2014 complaint email!
PGS Exploration (UK) Limited has no legal business nor reason for transferring SDK personal data to a law firm in Thailand. PGS Exploration (UK) Limited litigation in Thailand is predicated on the fact that SDK was coerced to sign two compromise agreements in Thailand. One agreement was on behalf of Carl RIchards and the other on behalf of the PGS Exploration (UK) Limited directors: Rune Olav Pedersen, Gottfred Langseth, Christin Steen-Nilsen The agreements were signed under threat of criminal prosecution under Thai law with prison terms of 2-5 years each.
PGS Exploration (UK) Limited, Watson Farley and Wiliams and Landau Zeffertt and Weir (now Landau Law) refuse to clarify the legal status of the two contracts governed by the laws of England which contain Confidentiality terms and conditions prohibiting publication of content that disparages PGS ASA, except for legally protected (PIDA) content. The agreements signed in Thailand are for the sole purpose of silencing legally protected disclosure. Such agreements are illegal under Norwegian law and unenforceable under the laws of England (PIDA).
Content referenced within the original two claims was published on nopgs.com, which was stolen with all evidence destroyed whilst legal discussion was ongoing with SDK in Thailand. Additional charges were made against SDK in Thailand when he once again exercised his legal right under the laws of England to legally disclose. Retaliation against whistleblowers is illegal (PIDA), but continues because of the inaction of ICO and ActionFraud. ICO and ActionFraud are implored to thoroughly investigate. But, data subject rights are not protected from guesses by ignorant ICO caseworkers.