25 signatures reached
To: Dame Caroline Dinenage MP (Chair); Kevin Brennan MP; Steve Brine MP; Clive Efford MP; Julie Elliott MP; Damian Green MP; Rupa Huq MP; Simon Jupp MP; John Nicolson MP; Jane Stevenson MP; Giles Watling MP
ICO Scandal: Strip Nicola Wood and Paul Arnold of their MBEs
Ms Nicola Wood (MBE) and Mr Paul Arnold (MBE) are senior stakeholders at The ICO (Information Commissioner’s Office) - whose mission is to "uphold information rights in the public interest, promoting openness by public bodies and data privacy for individuals".
I want them to lead the ICO in enforcing the relevant data protection laws and impose these on the Bank of America for catastrophic control failures over an extended period of time - allowing for insider crime and fraud to flourish and grow inside the bank.
They have both been negligent in providing the leadership and behaviours required due to catastrophic failures to enforce data protection – which allowed Rajesh Ghedia, a Bank of America employee, to run an illegal, unregulated financial services business for close to 2 years, stealing money off innocent members of the public The Bank of America (BofA) allowed Ghedia free reign to go undetected and unhindered.
There have been several media clips on this, including a documentary:
EdTech startup crippled by Bank of America insider fraud scam from inside their London office Channel 7 Australia News
During his crime spree, he was able to convince victims into investing in Bank of America “backed and supported” investment funds – business meetings inside BofA HQ in London, hundreds of emails in and out of BofA systems using BofA email addresses, the list goes on.
The ICO enforces the (General Data Protection Regulation) GDPR and (Data Protection Act) DPA 2018 laws that regulate data protection. The ICO is tasked with making sure that businesses within the UK are compliant with strict data protection principles.
Under the enforcement it can make very stiff penalties (up to 4% of global revenue) and order corporations to follow the strict data protection rules. However, it has become obvious to myself, and others, that the ICO falls far short of its remit for data protection.
Mr Ghedia was jailed for 6 years and 9 months in June 2022, following his arrest in August 2020, and his dismissal from BofA in June 2020, which followed after one of the victims, Mr Wayne Johncock, alerting them to Ghedia’s crimes in early May 2020.
BofA seemed to have no idea what he was doing, strange seeing BofA have one of the most secure, sophisticated and well invested technology systems in the world, and have repeatedly win awards for excellence in this field, in time periods that overlap with the crime spree of their employee.
Given that it is the ICO’s role to ensure compliance with the data protection regulations -it is unlikely an opportunity will be delivered on a silver plate to them again where it is a simple application of the relevant articles in GDPR to prosecute a large organisation for their control failures – Article 83 states that a fine of up to 4% of the global revenue of $100 billion does is applicable.
The reason stated by the ICO for not taking action is that because criminal activity is involved it is a police matter (despite the criminal activity being a result of control failures in data protection). The City if London Police (CofLP) state as it involves data breaches it is for the ICO to deal with. They don’t bother to pick up the phone and talk to each other to discuss a way forward, they put it in the too hard basket for another day, week, month, year or another person.
When the CofLP were asked if during the investigation did they query why BofA had let the criminal go on for 2 years without being stopped, they said No they didn’t think to ask – strange. When many senior executives at BofA are asked the same question they either ignore it or hang up the phone.
Wonderful leadership and honesty and integrity!!
I want them to lead the ICO in enforcing the relevant data protection laws and impose these on the Bank of America for catastrophic control failures over an extended period of time - allowing for insider crime and fraud to flourish and grow inside the bank.
They have both been negligent in providing the leadership and behaviours required due to catastrophic failures to enforce data protection – which allowed Rajesh Ghedia, a Bank of America employee, to run an illegal, unregulated financial services business for close to 2 years, stealing money off innocent members of the public The Bank of America (BofA) allowed Ghedia free reign to go undetected and unhindered.
There have been several media clips on this, including a documentary:
EdTech startup crippled by Bank of America insider fraud scam from inside their London office Channel 7 Australia News
During his crime spree, he was able to convince victims into investing in Bank of America “backed and supported” investment funds – business meetings inside BofA HQ in London, hundreds of emails in and out of BofA systems using BofA email addresses, the list goes on.
The ICO enforces the (General Data Protection Regulation) GDPR and (Data Protection Act) DPA 2018 laws that regulate data protection. The ICO is tasked with making sure that businesses within the UK are compliant with strict data protection principles.
Under the enforcement it can make very stiff penalties (up to 4% of global revenue) and order corporations to follow the strict data protection rules. However, it has become obvious to myself, and others, that the ICO falls far short of its remit for data protection.
Mr Ghedia was jailed for 6 years and 9 months in June 2022, following his arrest in August 2020, and his dismissal from BofA in June 2020, which followed after one of the victims, Mr Wayne Johncock, alerting them to Ghedia’s crimes in early May 2020.
BofA seemed to have no idea what he was doing, strange seeing BofA have one of the most secure, sophisticated and well invested technology systems in the world, and have repeatedly win awards for excellence in this field, in time periods that overlap with the crime spree of their employee.
Given that it is the ICO’s role to ensure compliance with the data protection regulations -it is unlikely an opportunity will be delivered on a silver plate to them again where it is a simple application of the relevant articles in GDPR to prosecute a large organisation for their control failures – Article 83 states that a fine of up to 4% of the global revenue of $100 billion does is applicable.
The reason stated by the ICO for not taking action is that because criminal activity is involved it is a police matter (despite the criminal activity being a result of control failures in data protection). The City if London Police (CofLP) state as it involves data breaches it is for the ICO to deal with. They don’t bother to pick up the phone and talk to each other to discuss a way forward, they put it in the too hard basket for another day, week, month, year or another person.
When the CofLP were asked if during the investigation did they query why BofA had let the criminal go on for 2 years without being stopped, they said No they didn’t think to ask – strange. When many senior executives at BofA are asked the same question they either ignore it or hang up the phone.
Wonderful leadership and honesty and integrity!!
Why is this important?
This is a foundation of human rights, the protection of personal data and the use of it. There are cases where personal data breaches have given rise to criminal activity including fraud, severely impacting the individuals' life, career, wellbeing, financial health, in some cases incurring bankruptcy, loss of family home and in the very worst cases, suicide. The ICO can take action against those who allow the crimes to take place, who support the perpetrators, including large organisations.
