Thursday, 18 December 2014

The helpful - but chilling - effect of Google’s “right to be forgotten” listings warning

Does anyone fancy being advised by a “career management” specialist? Or might this be a scam?

At the beginning of the week I received an email from an organisation I had never heard of. Somehow, my CV had ended up in their hands. I had recently sent it to a couple of recruitment agencies, and one of them had evidently passed it to a “partner company.” It read:

Dear Martin

Having reviewed your CV, our Senior Consultant has asked me to contact you as he would like to meet up to talk through your current situation and career objective. We specialise in helping mid to senior level individuals across all sectors secure their next role.

He would be keen to meet in our London office this week if possible.

Please phone me on 0113 205 2860 or e-mail me to arrange a mutually convenient time to meet.

I look forward to hearing from you.

Best Regards
Alex Smith

Sounds good?

I thought so – and accordingly I spent an hour yesterday with a gentleman in London’s Cavendish Square who gave me a business card containing the details of Geoff Russell, Director, Apollo, Tel: 0113 252 2282.

We spent a pleasant hour together. I chatted about my career history, while Geoff explained that it would be useful for us to meet for a 2-hour session in the New Year to more carefully review my career options. Both sessions would be free of charge. But next time, he would explain how what Apollo’s deliverables would be, and how much it would cost if I were to join their programme.

During the conversation, Geoff explained that his company was in the “career management” business - a concept pioneered in the US by Bernard Haldane.

In a nutshell, the proposition is that Apollo would help by providing advice and enabling me to meet relevant corporate decision makers (rather than the usual HR folk) in order that I can secure the job that is right for me – for a fee.

(I don’t think that Geoff read the bit of my CV which stated that I am already a Non-Executive Director of a recruitment firm, and am therefore pretty well placed to meet relevant corporate decision makers. However, we’ll let that minor detail pass, for the moment.)

Geoff presents himself as an extremely credible executive, who has worked for a variety of organisations over the years. He reassured me that there are jobs that might well suit my interests, whatever they are. That came as a relief – particularly as I hadn’t told him what my interests were, yet.

Returning home, alarm bells began to ring. Just how did Apollo get hold of my CV? Why was there no Apollo nameplate on the front door at the Cavendish Square office? Ok, it was a shared office building. That might be the reason. But why was there no Apollo sign in the 4th floor reception area, where Geoff apparently worked three days each week? In fact, why was there no “Apollo” branding anywhere?

So, I started to do a little more research into Apollo and Geoff.

Apollo has an impressive website. Virtually every week, yet another note of appreciation from a satisfied client is posted. This is a very successful track record. But why didn’t Geoff appear to have a presence on LinkedIn? And why was he not willing to explain, during this initial meeting, precisely what Apollo’s fees might be?

Why didn’t Apollo appear to have registered its activities with the ICO? I couldn’t find the relevant entry on the ICO’s register of data controllers. Perhaps I didn't look hard enough.

Also, why were there so many worrying comments on the “whocallsme” chat forum in relation to Apollo’s phone number(s)? The comments in relation to 0113 252 3070, a number registered to a sister (or perhaps the same) company, also refer to Geoff Russell as a senior consultant, and indicate that complaints have been made to the ICO regarding potential breaches of the PECR regulations (sending unsolicited emails).

Finally, why did my searches for “Bernard Haldane” result in this unsettling article? Geoff’s sales pitch (together with the invitation to undertake a psychological test before our next meeting) was remarkably similar to Bernard’s career management approach.

The clincher was the chilling effect of the notice that Google had placed under all its search listings: “Some results may have been removed under data protection law in Europe.”

So, what else might I not know about Apollo?

I couldn’t find anything on Google’s .com site that was not already on the .uk site. But I was sufficiently spooked to check, just to be on the safe side.

The trouble is that, after all this research, I simply don’t have a sufficient level of assurance about Apollo’s business practices.  Despite the concerns I’ve unearthed, they might indeed be a perfectly sound organisation.

Fortunately, every cloud has a silver lining. The afternoon was not wasted. Apollo’s offices in central London are right next door to the John Lewis department store. So even though I don’t plan to meet Geoff again, at least I was able to do some Xmas shopping.



Wednesday, 17 December 2014

Announcing the 2014 CECIDP privacy award winners

The 2014 CECIDP privacy awards dinner, held last night, culminated in a ceremony where the winners of this year's trophies were formally announced. 

Despite a local power cut that plunged the diners into darkness just before the arrival of our host, the sensational Samantha, from Radio 4’s legendary quiz programme “I’m Sorry, I haven’t a Clue”, great roars of approval greeted the names of the winners:

DP Team of the Year
  • The entire DAPIX Data Protection Regulation / Directive negotiating team, for attending so many insufferably boring negotiating meetings as they inch their way to the finishing line. 

DP Disaster of the Year
  •  The scramble by Governments in a number of countries to assure citizens that national security considerations have not trumped fundamental data protection rights.

DP Hero of the Year
  • The ICO’s David Smith, for going on (and on, and on) ensuring that the organisation maintains a wealth of pragmatic data protection experience at the very top of the UK’s data protection tree.

The Chairman’s Award

DP Lifetime Achievement Award (announced without notice to the plucky winner)

  • Dr Chris Pounder, of Amberhawk fame, for steadfastly reminding anyone who will listen what the law actually says, as well as commenting on how the regulators tend to interpret it. 



Friday, 12 December 2014

CECIDP’s 2014 privacy awards

The nominations for this year’s privacy awards are in, and there is intense speculation as to who will walk off with the coveted trophies at next week’s celebratory bash. Unfortunately, no more tickets for this most sought-after event, organised the Crouch End Chapter of the Institute for Data Protection, are available, but I do hope to report on the outcome of the festivities in due course.

Hosting the ceremony will be the sensational Samantha, from Radio 4’s legendary quiz programme “I’m Sorry, I haven’t a Clue.”

In no particular order, the nominees are as follows:

DP Team of the Year
  • The entire DAPIX Data Protection Regulation / Directive negotiating team, for attending so many insufferably boring negotiating meetings as they inch their way to the finishing line. (During the past 3 years, delegates from every EU Member State - and the European Commission, together with several hangers-on - have met over 120 times, with many sessions lasting 2, or even 3, days.)
  • The IAPP’s event organising team, for devising conferences that have gathered more data protection specialists at a single event in Europe than anyone else has yet managed. 
  • The ICO’s enforcement team, for trying ever harder to find ways of chastising the deliberately devious and the wretched rogues that lurk in the dank cesspit of privacy noncompliance.

DP Disaster of the Year
  •  The scramble by Governments in a number of countries to assure citizens that national security considerations have not trumped fundamental data protection rights.
  • The theft from an unlocked car of (the then) European Commisioner Viviane Reding's luggage, jewellery and cottage pie while she was attending a prestigious data protection event in central London. (Thank goodness the thieves ignored the bag that contained her confidential briefing papers.)  
  • The sad sad sorry saga of the process that finally led to the appointment of the new European Data Protection Supervisor. (If you don’t succeed the first time round, you can always try again.)

DP Hero of the Year
  • The Government of Ireland, for accepting that the Irish Data Protection Commissioner needs (and is going to get) much more resources to deal with the challenges faced by a small organisation that has to regulate some of the largest data controllers on the planet.
  • The ICO’s David Smith, for going on (and on, and on) ensuring that the organisation maintains a wealth of pragmatic data protection experience at the very top of the UK’s data protection tree.
  •  Blighty’s mighty army of data protection professionals, collectively nominated for their stoicism and fortitude in adversity, and for continuing to explain to anyone who will listen just what this data protection stuff is all about, and just why it matters that fair minded folk should follow the basic rules.

The Chairman’s Award

To round off the evening, and to great acclaim, the CECIDP’s Chairman will present a special trophy to the Data Protector for his magnificent achievement in achieving 8th place in the Digital Guardian’s 2014 list of “51 Useful Data ProtectionResources: Blogs, Videos, Guides, Infographics, Tools & More.”  (For those not in the know, Digital Guardian is a comprehensive data protection platform with millions of deployments worldwide, securing the sensitive data of the world’s most inventive, influential companies.)



Thursday, 11 December 2014

Dame Voldemort returns

“She’s back” was the whispered rumour circulating the Xmas dining table yesterday afternoon.

“Dame Voldemort’s back” was the other cry from yet another weary data protection officer, who had sought refuge in the company of like minded souls by attending a gathering in Central London, co-incidentally not that far from the real entrance to Diagon Alley. (Harry Potter aficionados will appreciate that Diagon Alley can be accessed by leaping through a portal in London’s Leadenhall Market).

No longer a Vice President of the European Commission, but still stalking the corridors of power in Brussels. Reincarnated as a humble MEP, the EuroQueen of Data Protection is back on the warpath, whipping up support for her precious Data Protection Diregulation.

She’s ensuring that progress continues to be made on the text, so that everyone can proclaim towards the end of next year “Ladies and Gentlemen, we have done it.”  This is the same phrase she used in January 2012, when presiding over the press conference that unveiled the text of the original draft Regulation.

Just as former US President Bush is unlikely to escape the “Mission Accomplished” tag, the “Ladies and Gentlemen, we have done it” catchphrase will follow her wherever she goes.

Why is she back? And again available for conferences, interviews and private data protection functions.

Why ever would she want to go away, really?

The opportunity of being forever associated with a once-in-a-generation opportunity to reset data protection rules is too great to pass.

And, to be frank, Europe needs her.

She may have vacated her seat on the European Commission, but she’s still the strongest woman in Europe. Its taking three European Commissioners to assume the mantle of pushing data protection reform through to the bitter end, and hardly anyone has heard of her successors. Not even I could reel off all their names without checking the European Commission’s website. And I certainly wouldn’t be able to recogise any of them should they be in front of me in the queue for pies at Borough Market.

These mystery Commissioners had really better get their publicity act together, and quickly, if anyone is to take any note of them. Self-promotion does not appear to be a quality any of them have.

No, we need the theatrics of the bouffant hair, the glittering jewelry, the huddle of courtiers, the fleet of cars, and the buzz of excitement as the great woman herself appears to glide to the podium, to read words so carefully crafted by hands unseen. We miss that steely glint in her eye, that flash of a smile, that regal diction. Oh, the majesty of the show. What a performance. She knows how to impress, and what a void she (momentarily) left.

She can create a buzz. A sense of urgency. A deadline that can’t be missed.

So, expect more interventions from the great woman herself. She may leave the current crop of Commissioners in her shadow, but that’s not necessarily a problem. She’s seeking a higher reward. She’s going to do her utmost to ram fundamental data protection rights down our throats, whether we like it or not. She’ll have no time for the wavering Member States, and will focus her fury on the recalcitrant countries represented on the DAPIX working group that are bent on watering down her precious Diregulation even further.

Thanks to the force of her personality, the odds are increasing that something will be done by the end of 2015. It may not work, immediately or at all, but that’s not the point. Its her job to get stuff done, to banish non-believers to non-EU oblivion, to turn Fortress Europe into the state with the strictest data protection soundbites rules in the world, and then not to sit back and relax, but to focus her oh so formidable energies on changing something else.

She’s back.

“Hallelujah” cried a few.

Yesterday, a few others just cried into their pumpkin soup.


Thursday, 4 December 2014

The mysterious case of the missing questions in the MoJ’s Triennial Review of the ICO

Last night’s meeting of the Crouch End Chapter of the Institute for Data Protection ended with members in a state of confusion. Not intoxication, just confusion.


In October, the ICO’s Management Board were told that the ICO would be raising three specific issues with the MoJ during the review. If you don’t know what review I’m referring to, please take a look at my recent blog.

For some reason, however, the MoJ decided that only one of these issues should be specifically raised during the public consultation process.

Try as we might, no-one could offer any reason why the MOJ had decided to drop the questions on the other issues. One rational explanation was that the MoJ might not have wanted to realise that the opinions of the respondents differed from those of the MoJ officials – but surely that can’t be the real reason for the omission.

The three issues that the ICO were keen to discuss were:

     ·      Whether or not the Commissioner should become an officer of Parliament;
     ·      Whether or not there should be a commission rather than a commissioner, as suggested in the Leveson Report; and
     ·      The continued combining of the roles of data protection and freedom of information regulator.

The last two issues don’t feature as prompted questions in the public consultation exercise.

Anyway, members at last night’s meeting passed a resolution warmly inviting respondents with strong views on the last two points to make their views known to the MoJ.

Whether anyone takes any notice of said views, who knows – but at least they will have been recorded for posterity.


Image credit: