Second Open Letter to the Parliamentary and Health Service Ombudsman

Unlike in unfair dismissal, there is no ceiling on the amount of compensation a tribunal can award for race discrimination. Compensation normally includes an award for injury to feelings and an award to take into account any loss suffered, for example loss of wages or pension. The awards for injury to feelings can vary, however many thousands of pounds is not uncommon.

Race discrimination – Landau Law

Employers and their legal advisers should not be complicit in using NDAs to cover up allegations of unlawful acts.

UK told to end abuse of ‘gag orders’ in harassment and discrimination cases

This is a second follow-up letter to the 23 February 2021 complaint regarding the Information Commissioner’s Office (ICO) Inability to Protect Data Subject Rights

How can ICO protect data subject rights without robust processes that validate with evidence data controller compliance to GDPR principles?  

ICO Case Reference: IC-44927-G3W4

from:Steven Kalavity <stevenkalavity@gmail.com>
to:abbiesandford@bdbf.co.uk,
ArpitaDutt@bdbf.co.uk,
barry.doherty@emlaw.co.uk,
berit.osnes@pgs.com,
ClareTaylor@bdbf.co.uk,
gareth.jones@pgs.com,
gottfred.langseth@pgs.com,
helen.monson@emlaw.co.uk,
imogen.finnegan@emlaw.co.uk,
ir@pgs.com,
joanna.mckenzie@emlaw.co.uk,
kristin.omreng@pgs.com,
lars.mysen@pgs.com,
nathan.oliver@pgs.com,
NAulak@wfw.com,
nickwilcox@bdbf.co.uk,
olaf@duensingkippen.com,
paulachan@bdbf.co.uk,
per.arild.reksnes@pgs.com,
PollyRodway@bdbf.co.uk,
rob.adams@pgs.com,
rune.olav.pedersen@pgs.com,
sarah.murphy@pgs.com,
sharon.playford@emlaw.co.uk,
terje.blojseth@pgs.com,
ActionFraud <contact@actionfraud.police.uk>,
Alan Zeffertt <alan.zeffertt@anthonygold.co.uk>,
Andrew Weir <andrew.weir@anthonygold.co.uk>,
Carl Richards <carlrichards1@googlemail.com>,
GDPR <gdpr@pgs.com>,
Holly Rushton <HollyHobson@bdbf.co.uk>,
ICO Case-Work <icocasework@ico.org.uk>,
Investor Relations – 01 Telenor <oystein.myrvold@telenor.com>,
Investor Relations – 02 Telenor <kristine.devold@telenor.com>,
Investor Relations Equinor <irpost@equinor.com>,
John Francas <john.francas@pgs.com>,
Landau Law <pl@landaulaw.co.uk>,
Law Society UK Complaints <complaints@lawsoc-ni.org>,
Minister of Transport Norway <postmottak@sd.dep.no>,
Norway – Police <kripos@politiet.no>,
PHSO-01 ICO <MP@ombudsman.org.uk>,
PHSO-02 ICO <publicaffairs@ombudsman.org.uk>,
Rhodri Thomas <info@emlaw.co.uk>,
Tippaya Moonmanee <tippaya@duensingkippen.com>,
USA Consulate – Norway <OsloACS@state.gov>
date:Mar 14, 2021, 9:13 PM
subject:PHSO – Complaint ICO IC-44927-G3W4 Follow-Up

Data Controller:  PGS Exploration (UK) Limited, 4 The Heights, Weybridge, Surrey, KT13 0NY

An American, the UK Data Protection Act, Petroleum Geo-Services (PGS) and the Tyranny of “Accurate Data” (3-Jul-2015)

Data Subject:  Steven D. Kalavity (SDK)

The Information Commissioner’s Office (ICO) is the UK’s data protection watchdog charged with enforcing a host of laws that regulate communications, networking and data protection, although the organisation is most renowned for its role in enforcing the EU’s General Data Protection Regulation (GDPR).

ICOs mission is to “uphold information rights in the public interest, promoting openness by public bodies and data privacy for individuals”.  The GDPR seven key principles:

  • Lawfulness, fairness and transparency.
  • Purpose limitation.
  • Data minimisation.
  • Accuracy.
  • Storage limitation.
  • Integrity and confidentiality (security)
  • Accountability

Compliance to GDPR Principles is the sole responsibility of the data controller.  When the data controller – data subject relationship is that of employer – employee, data subject complaints of non-compliance to ICO should be considered as protected public disclosure, or whistleblowing.  Under the UK Public Interest Disclosure Act 1998 (PIDA), workers (data subjects in an employer – employee relationship) are to be protected when the public disclosure consists of information where the worker reasonably believes that there has been a criminal offence, breach of a legal obligation, a miscarriage of justice, a danger to the health and safety of any individual, damage to the environment, or the deliberate attempt to conceal any such acts.  

Within the Royal United Services Institute paper, The Silent Threat:  The Impact of Fraud on UK National Security, the concept of a “whole of system” approach in combating the UKs fraud epidemic is discussed:

The wider social and economic impacts of fraud make a clear case for reframing the UK’s fraud problem as a national security priority, for adopting a more centrally led, ‘whole of system’ response and for considerably augmenting the resources within the policing and intelligence community specifically assigned to tackling fraud. Furthermore, to ensure a better understanding of both the fraud threat and the way in which fraud acts as an enabler and vector of other threats, the rebuilding and reframing of the fraud response should not be carried out in isolation, but should build in organisational and informational links to the SOC [Serious and Organised Crime] – and terrorism-specific responses.

Data is multi-dimensional and “lawful and fair use” must be determined on the basis of what domain the data is being used.  Subject data is often shared and processed by multiple organizations.  Data is evidence of compliance or non-compliance to GDPR Principles, fraud or other criminal activity.  Thus, “a whole system” response to curing the global (and UK in particular) fraud epidemic naturally assumes multiple organizations having the ability to identify and then communicate data anomalies, misuse or criminality with other pertinent government and/or private data controllers/organizations.  

ICO needs to be a pivotal player and at the center in this effort.  However, ICOs ineffective one-dimensional approach to data protection does not even protect individual data subject rights, much less detect data misuse or criminal activity amongst government and /or private data controllers with a wide breadth of consequences.  This dysfunction of not being equipped to “connect the dots” exacerbates the fraud crisis because criminals do know how to operate multi-dimensionally.  At the very least, corrupt actors are aware of the fraud epidemic to the extent that any fraud that they perpetrate has little chance of being detected and / or punished.  

In October 2014, data subject SDK submitted a subject access request (SAR) to data controller PGS Exploration (UK) Limited, 4 The Heights, Weybridge, England, KT13 0NY, Companies House Number 02904391.  SDK is a USA citizen who was sponsored for employment in England by PGS Exploration (UK) Limited.  SDK discovered that PGS Exploration (UK) Limited was processing inaccurate non-compliant data (employment records).  ICO did not help data subject SDK rectify the data issues.  In August 2015, SDK submitted his first complaint report to UK ActionFraud (police).  ActionFraud also took no action.  There can be no confirmation of compliance nor justice without ICO or the police demanding that data controllers answer data subject / victim claims thoroughly (with evidence).    

Data subject SDKs experience is that ICO is not fulfilling this mission adequately.  ICO does not compel data controllers to provide evidence to support claims of compliance within data subject access request (SAR) responses.  Even when the data subject provides substantive evidence that the data controllers are in violation of Data Protection Act 1998 (DPA) and/or GDPR principles, ICO takes no action to remedy subject rights abuses.  Data controller PGS Exploration (UK) Limited has been anything but transparent.  PGS Exploration (UK) Limited has never been required to demonstrate their compliance to Data Protection Act 1998 (DPA) or GDPR Principles in a legally verifiable manner.   

Data subject passport information is processed by data controllers as a legal requirement for employing a foreign worker and its lawful use requires the consent of the passport holder.  If the data subject SDK claims is  true that his personal data being processed by PGS Exploration (UK) Limited is fake, this means that PGS Exploration (UK) Limited sponsored visa(s) were cancelled under false pretenses or fraudulently.  Data controller multi-dimensional fair use of subject data must also comport to how foreign subject data is transferred and processed once the data controller – data subject relationship ends within the UK (ICO domain).  PGS Exploration (UK) Limited is misrepresenting multiple national immigration agencies.

PGS Exploration (UK) Limited has been allowed to deliver ridiculous and fraudulent responses to the subject access request (SAR) queries submitted by data subject SDK.  It’s a disgrace.  Further, PGS Exploration (UK) Limited simply does not have the legal right or authority to misuse personal subject data which they do not own nor control.  Specifically, the misuse of foreign worker and dependents passport data is unlawful in many countries, not just in the UK.  PGS Exploration (UK) Limited has used forged / fraudulent subject data to justify the cancellation of visas and remove the victim of crimes as an avenue to legal due process through illegally expelling their victim from the UK and its legal court system..

The GDPR First Principle requires that the data controller process all personal data lawfully, fairly and in a transparent manner. If no lawful basis applies to a data controller processing, subject data processing will be unlawful and in breach of the first principle. Data subjects also have the right to erase personal data which has been processed unlawfully.  Legal data is information related to the law such as court data and attorney data, etc. Organisations from a range of industries benefit from using legal data, such as  business development, legal analytics, case research, and due diligence procedures.

No explanation or clarification is demanded of data controllers by ICO who have very little real knowledge of the subject data accuracy or fairness.  ICO should rely on a data driven standard and fact-based methods to ensure compliance to DPA / GDPR Principles.   Only within the ICO caseworker “legal universe” are documents with no data subject countersignature regarded as “accurate” and “lawful.”  No explanation is required by the data controller, PGS Exploration (UK) Limited.  Such personal data does not meet any legal standard for a court of law.  Thus, by definition it violates GDPR Principles!  

Data subject time-stamped email evidence to relevant parties that prove data controller PGS Exploration (UK) Limited is processing unlawful and inaccurate data is ignored by ICO?  How does this protect data subject rights?  It is also ignored by ActionFraud.  PGS Exploration (UK) Limited refused to remove illegal and inaccurate subject data.  PGS Exploration (UK) Limited was once again allowed by ICO to “rectify” subject data through the inclusion of a complaint email pointing out multiple violations of DPA/GDPR Principles!  The process of rectification should involve the courts and not the unilateral decisions of caseworkers who are not legally qualified or fully informed.  

ICO website: What is the right to rectification?

Under Article 16 of the UK GDPR individuals have the right to have inaccurate personal data rectified. An individual may also be able to have incomplete personal data completed – although this will depend on the purposes for the processing. This may involve providing a supplementary statement to the incomplete data.

This right has close links to the accuracy principle of the UK GDPR (Article 5(1)(d)). However, although you may have already taken steps to ensure that the personal data was accurate when you obtained it, this right imposes a specific obligation to reconsider the accuracy upon request.

What do we need to do?

If you receive a request for rectification you should take reasonable steps to satisfy yourself that the data is accurate and to rectify the data if necessary. You should take into account the arguments and evidence provided by the data subject.

What steps are reasonable will depend, in particular, on the nature of the personal data and what it will be used for. The more important it is that the personal data is accurate, the greater the effort you should put into checking its accuracy and, if necessary, taking steps to rectify it. For example, you should make a greater effort to rectify inaccurate personal data if it is used to make significant decisions that will affect an individual or others, rather than trivial ones.

You may also take into account any steps you have already taken to verify the accuracy of the data prior to the challenge by the data subject.

When is data inaccurate?

The UK GDPR does not give a definition of the term accuracy. However, the Data Protection Act 2018 (DPA 2018) states that personal data is inaccurate if it is incorrect or misleading as to any matter of fact.

What should we do about data that records a mistake?

Determining whether personal data is inaccurate can be more complex if the data refers to a mistake that has subsequently been resolved. It may be possible to argue that the record of the mistake is, in itself, accurate and should be kept. In such circumstances the fact that a mistake was made and the correct information should also be included in the individuals data.

PGS Exploration (UK) Limited escaped third-party legal scrutiny through the ICO decision. ICO did not even ask why inaccurate and unlawful subject data was being processed in the first place?  Data subject SDK believes that ICO allowance of one-sided rectification by PGS Exploration (UK) Limited went outside ICOs legal authority.  ICO permitted PGS Exploration (UK) Limited to avoid the legal system which would have revealed data controller(s) fraud and other crimes.  ICO co-opted a fair path of resolution through allowing  PGS Exploration (UK) Limited ridiculous “rectification” solution which marginalizes the data subject.

ICO should not allow themselves to be intimidated by data controller threats in their defense of subject rights.  ICO should employ thorough interrogatories to be completed by data controller’s that fully address data subject rights.  Data controller’s should not be allowed to threaten data subjects who are lawfully entitled to demand DPA / GDPR compliance and otherwise receive respectful, detailed and legally grounded answers to data subject questions.

ICO has paid little deference to the fact that the data subject was a foreigner and what that meant within the scope of lawful processing of subject data.  There are many requirements that foreigners must meet in order to be legally employed and/or reside within the UK.  Passports belong to the nation that issues them to the data subject.  It is illegal for companies to  employ foreigners who do not meet stringent requirements.  Data controllers must be held accountable for processing subject data such that it meets all of these legal requirements.  

PGS Exploration (UK) Limited provided a nonsensical list of only Human Resources (HR) agents who had processed SDK personal data.  None of the listed HR personnel noted legal issues with processing inaccurate records with no data subject signature?  Apparently, no first line supervisor, lawyer, or anyone involved in forming the termination settlement contract that ended SDKs employment had ever reviewed SDK personnel file contents either.  One of the individuals listed was Gareth Jones.  Gareth Jones is currently the Human Resources Manager for PGS UK.  

In 2014, when SDK submitted his first subject access request (SAR) to PGS Exploration (UK) Limited, Jones resided in Houston, Texas and according to his LinkedIn profile, worked for PGS’ USA subsidiary..  SDK had never worked with nor saw Jones while employed by PGS Exploration (UK) Limited from 2010-2013.  PGS Exploration (UK) Limited stated that HR supervisor Jones processed SDK personal data.  According to the UK Data Protection Act 1998 Eighth Principle (applied in 2014) Subject data must be,

Not transferred to other countries outside the European Enterprise Area (EEA) without adequate protection.

SDK believed that PGS Exploration (UK) Limited violated DPA.  However, PGS Exploration (UK) Limited stated that Jones was an agent/employee of PGS Exploration (UK) Limited and therefore DPA was not violated(!).

ICO demanded no evidence from PGS Exploration (UK) Limited proving that there was no DPA violation and accepted PGS Exploration (UK) Limited explanation.  This practice by ICO demonstrates a one dimensional and myopic view of data that does not protect data subject rights.  This misguided decision had profound consequences.  For one thing, it begs the question was Jones then legally in the USA?  Jones would not be permitted to work in the USA legally without US business sponsorship and employment in the USA, in the same way SDK was allowed to legally work in England.

Data subject rights are not protected when ICO will not confirm data controller compliance.  Afterall, ICO is supposed to be the data protection watchdog.  When ICO does not confirm compliance to DPA / GDPR Principles, data controllers can too easily provide multiple self-serving misrepresentations to escape any accountability.  Without a simple confirmation of the data processor agency, ICO allows violations of DPA / GDPR Principles. However, the practice also facilitates the defrauding of national immigration agencies who actually own and control the subject data being allowed to be processed in a specific limited way by employers.  Foreign passports and visas are subject data under the control of governments and it is often a crime to misuse or misrepresent such subject data.   

Corrupt data controllers who lie pathologically to intentionally destroy the livelihood and reputation of a foreign worker whistleblower should never be tolerated.  However, ICO (and ActionFraud) practices are so dysfunctional that data subject rights are not protected.  Such practices are very destructive to the data subject, of course.  However, In a broader sense, these practices are harmful to many other global stakeholders.  PGS Exploration (UK) Limited has also violated the human rights of a data subject and his dependents to whom they owed a duty of care.  In the process, PGS Exploration (UK) Limited has lied to multiple governments, investors and competitors.  This has disgraced and made the upstream oil and gas industry less safe and reputable.

As stated within the previous complaint, PGS Exploration (UK) Limited is a UK subsidiary of Norwegian based multinational corporation PGS ASA.  In 2013, three (3) data controllers processed PGS Exploration (UK) Limited SDK personal data to form the termination settlement contract which ended SDKs employment.  Data received by SDK through the 2014 SAR showed that in-house lawyers Carl Richards (Head of PGS UK Legal) and associate Ben Kelly reviewed the termination settlement contract before it was signed.  In-house lawyer Candida Pinto was secretary when most personnel file documents were dated.

SDK hired London based employment law firm Landau Zeffertt and Weir and interacted with principal solicitor Philip Landau and associate Holly Rushton (now Holly Hobson).  Global legal firm Watson Farley and Williams represents PGS Exploration (UK) Limited on a number of matters.  Watson Farley and Williams solicitor Rhodri Thomas was engaged to form and negotiate the final terms and conditions of the termination settlement contract.  All of these named lawyers and experienced HR personnel processed illegal personnel file documents, none of which were accurate or countersigned by data subject SDK.

Since 3 July 2015, SDK has published protected content on the internet exposing not only the inaccurate and illegal personnel file documents.  Since 2016, SDK has published that he was the target of a confidence fraud perpetrated by PGS Exploration (UK) Limited, Watson Farley and Williams and Landau Zeffertt and Weir.  Even though PGS Exploration (UK) Limited threatened legal action with their 22 December 2014 response to the 2014 SAR just because SDK noted the non-compliant / illegal documents that were processed, no action has ever been taken through the English legal system which governed the employment and termination settlement contracts.

PGS Exploration (UK) Limited, Watson Farley and Williams and Landau Zeffertt and Weir (now Landau Law) have never commented directly or specifically about SDK online publications that name and publicly accuse individuals of crimes.  None have invoked a breach in the contract Confidentiality clauses which prohibit publication of disparaging content.  None have processed publications as whistleblowing either.  PGS Exploration (UK) Limited, Watson Farley and Williams and Landau Law compliance have been allowed to provide ridiculous responses to salient concerns about the termination settlement contract process supported by uttered forged defamatory records.  ICO has also never demanded an explanation as to how documents not signed by the data standard are compliant to DPA / GDPR Principles?  This is not protecting subject data rights!

What PGS Exploration (UK) Limited has confirmed is that Jones processed the non-compliant / fraudulent and defamatory SDK personnel file documents while he was in the USA.  SDK believes that the main reason for Jones being provided these non-compliant and defamatory documents was to be allowed to share this data with SDK potential employers who would not want to be liable for negligent hiring.  For instance, if the false records indicate that the employee had falsely accused his employer of illegal harassment and discrimination based on nationality, this would discourage potential employers from offering the candidate a job.  

Blacklisting is illegal in the US state of Texas where Jones resided and was also SDKs US residence whilst employed with PGS Exploration (UK) Limited.  Processing fake employee data is a back door means of blacklisting a whistleblower whose claims were verifiable.  SDK contends that Watson Farley and Williams and Landau Zeffertt and Weir / Landau Law were bribed by PGS Exploration (UK) Limited to process defamatory forged documents as SDKs personal data!  Any experienced employment lawyer or HR professional, such as Jones, knows that personnel file documents not signed by the data subject are not worth a cup of cold urine in a court of law.   

Jones has been an active co-conspirator in UK domestic and US international wire and mail fraud through his processing of knowingly non-compliant and unlawful personnel file records whether as an agent of the US PGS ASA subsidiary or the UK PGS ASA subsidiary.  As current PGS ASA UK subsidiary manager, Jones continues to process this fake SDK data.  However, if Jones’ employer was actually the US PGS ASA subsidiary in 2013-2014, then PGS Exploration (UK) Limited at the very least violated the DPA Eighth Principle and of course lied to both ICO and SDK.  But, ICO has never thought this an important matter to confirm in their defense of SDK subject data rights!

Of course, SDKs counsel Landau and Hobson should have confirmed such facts long ago.  Instead, Landau and Hobson have remained fraudulently silent and refused to provide any answers or clarification to questions asked by former client SDK within multiple online publications.  Landau and Hobson have never addressed the issue of the civil and criminal litigation sponsored by PGS Exploration (UK) Limited.  Landau and Hobson formed the final terms and conditions of the termination settlement contract that ended SDKs employment with PGS Exploration (UK) Limited and was supported by knowingly inaccurate and non-compliant personnel file records which contradict the numerous email communications throughout the negotiation period.

SDK submitted an SAR to Watson Farley and Williams in 2016.  This global law firm did not acknowledge processing SDK personnel file contents.  This is an acknowledgement that Watson Farley and Williams also recognizes that the PGS Exploration (UK) Limited SDK personnel file documents are not legally viable in a court of law and points to the illegitimacy of the termination settlement contract.  Watson Farley and Williams Director of Compliance, Neeta Aulak, does process the termination settlement contract as SDKs personal data.  Aulak also stated that data provided to Watson Farley and Williams for processing the Tier 2 visa application, the legal basis for SDKs employment, was not considered for the termination settlement contract.  Aulak has never commented nor disputed SDKs published claim that she is a lying criminal whore.  

PGS Exploration (UK) Limited, Watson Farley and Williams and Landau Zeffertt and Weir / Landau Law all do not acknowledge processing the grievance document which prompted PGS Exploration (UK) Limited to proffer a settlement contract and not proceed through the legal and contractually guaranteed grievance process.  The termination settlement contract references SDKs submitted grievance, yet none of the inaccurate and unsigned (by the data subject) personnel file documents do.  Even though it is a contractual breach to not proceed through the fair grievance process, PGS Exploration (UK) Limited, Watson Farley and Williams and Landau Zeffertt and Weir / Landau Law bypassed the legal grievance process for a termination settlement contract.  SDKs submitted grievance was whistleblowing.  PGS Exploration (UK) Limited retaliated by bribing lawyers to process forged documents and illegally terminate a whistleblower.

PGS Exploration (UK) Limited, Watson Farley and Williams and Landau Zeffertt and Weir / Landau Law continue to pervert the course of justice through their fraudulent silence.  PGS Exploration (UK) Limited and (former PGS Exploration (UK) Limited secretary) Carl Richards claims against SDK forwarded in Thailand by law firm Duensing – Kippen have prompted no response from Watson Farley and Williams and Landau Zeffertt and Weir / Landau Law.  PGS Exploration (UK) Limited, Watson Farley and Williams and Landau Zeffertt and Weir / Landau Law are trying to escape any relation or accountability for the fraudulent termination settlement contract supported by defamatory forged documents which was proffered to illegally terminate a foreign worker whistleblower.

Corruption is dishonest or fraudulent conduct by those in power that typically involves bribery,  All of the evil and hardship endured by SDK and his family should have been averted had ICO actually confirmed PGS Exploration (UK) Limited compliance to DPA Principles in 2014!  PGS Exploration (UK) Limited, an English company governed by the laws of England, accused SDK of criminal defamation in Thailand under Thai law.  PGS Exploration (UK) Limited has misrepresented legal public disclosure – whistleblowing – as defamation under the laws of Thailand.  

ICO and ActionFraud refuse to ask even the most simple questions to establish GDPR compliance that  protects subject data rights.  And this is why the UKs inept handling of fraudsters fuels corruption and makes the UK less safe and secure.  SDK is simply pleading that ICO pursue their mission to protect data subjects rights.  Ignoring these pleas ensures continued publications exposing PGS Exploration (UK) Limited, Watson Farley and Williams and Landau Zeffertt and Weir / Landau Law crimes.  These publications will also disparage ICO and ActionFraud agents and caseworkers.  The abuse of power includes not using possessed power and resources to fulfil the mission to protect data subject rights.  ICO please demand answers from PGS Exploration (UK) Limited and meet your mission objectives.

Regards,

SDK

Publications Since 2015

###