Royal Dutch Shell plc .com Rotating Header Image

Which Shell official lied about employee Data breach implications?

SELF-EXPLANATORY EMAIL SENT TO MR RICHARD WISEMAN, CHIEF ETHICS & COMPLIANCE OFFICER, ROYAL DUTCH SHELL PLC

From: John Donovan <[email protected]>
Date: 12 February 2010 00:58:57 GMT
To: [email protected]
Cc: [email protected], [email protected]
Subject: Shell Global Address Book

Dear Mr Wiseman

I agreed to your request not to make the Shell Global Address Book accessible online because you stated in an email that the personal safety of some Shell employees could be compromised by its publication. This was not an off-the-cuff comment, but one made after you had the opportunity to consider and consult with colleagues more familiar with the nature and contents of the leaked directory.

This is the entire message…

Dear Mr Donovan

I have now had a chance to consider this and consult with colleagues more familiar with the nature and contents of the “leaked” directory than I am.  I am afraid I must ask you not to publish the data.  The reasons for this request are as follows:

1  Although the data are predominantly business related, some of the information is personal – some telephone numbers for example.
Some of the information is sensitive from the security point of view and in some cases personal safety could be compromised by its publication.
3  Although this is a “Shell” directory, it contains information about considerable numbers of people who are not employed by Shell but who are employed by third parties.

In the circumstances therefore, I’d be grateful for your assurance that you will not be publishing the directory.

Regards

All perfectly clear, but totally incompatible with the information subsequently given to the news media when Shell thought it had the situation contained.

Your press office has stated in response to questions from a daily newspaper:

“the leak is no more dangerous than handing out business cards”.

So who has been speaking with a forked tongue – you or Shell’s press office?

Have I been conned by the Chief Ethics & Compliance Officer of Shell? You were well aware that your statement about the risk to the personal safety of employees was a major factor in my decisions.

I have already confirmed destruction of the database that was in my possession. I advised you that other parties have copies of the database. I will, if necessary, bring this matter to their attention. I will not be responsible for any action they may take.

The source of the copy we received also still has a copy. Unless you confirm that your statement about the safety of Shell employees was true and the version given by Shell’s press office to the media was false, I will advise the source to make the database accessible online.  The source would have no problem whatsoever regarding UK law with the database being physically located in another Country. Ultimately the decision and responsibility would be down to the party still holding a copy of the database, but I can tell you that they have an even lower regard for Shell than we do, if that is possible.

I have warned for over a decade that Shell is a thoroughly dishonest company. I was proven right by the reserves fraud. Now we have another classic example of a company completely without scruples or integrity.

If your media office was telling the truth about there being no security risk, then the prospect of the information being available on the Internet will be of no concern. In fact, according to the line being conveyed by your media office, it will promote business.

If however, you were telling the truth (as I am sure is the case), then your media office is guilty of outrageous deceit. In which event I will be content with the action I have already taken to safeguard the security of the 177,000 employees of Shell and other companies listed within the database. Something Shell has not done.

Regards
John Donovan

1 Comment on “Which Shell official lied about employee Data breach implications?”

  1. #1 janice33rpm
    on Feb 12th, 2010 at 17:53

    I think David Scott is right: Most individuals and organizations enjoy Security largely as a matter of luck. Anyone else here reading I.T. WARS? I had to read parts of this book as part of my employee orientation at a new job. The book talks about a whole new culture as being necessary

%d bloggers like this: