privacy – I almost walked away from a high-value consulting gig over passport scan requirement – am I being paranoid?

I will try to provide some context first, so please bear with me for a moment – I apologize if it’s lengthy.

A few months ago, I was approached by a UK-based recruitment agency to do an IT consulting engagement for their client (based in another EU country). After several rounds of interviews with both the agency and the end client, I was offered to do the job which would have earned me ca. 20k EUR over two months. Everything was organized over the phone, email, Skype and the like, but I had no doubts that both companies were legit and the job was real. It all looked green and I was about to start the job in a few days when things got interesting…

I got a call from the agency guy and he says that since they use a “payment provider” and all payments will go through them, someone from that (yet another) UK company will contact me to set everything up. I don’t like the sound of it, since from my experience the number of “go-betweens” of any kind directly increases the chances you will not get paid (or at least not on time), but I am not protesting yet – even though some warning lights start to go off and I start inquiring about getting any paperwork related to the engagement (contract, PO, anything really that would outline the terms for me and provide me with any legal cover since so far this is all “gentleman’s agreement”).

And now we get to the crucial part: the “payment provider”, which turns out to be one of those “umbrella companies”, sends me an email with a link to a form that’s supposed to start my “onboarding” process. I open the form (do I even have to mention that the website is operated by YET ANOTHER company which seems to be wholly owned by the “payment provider”?) and give it look – it starts with standard personal information like name, address, DOB etc. before asking you to upload you passport scan as proof of identity and a scan of another document (like drivers license) as a proof of address. This is the point where I stopped and you should have seen the look on my face – I was like “WHAAAAAT?!!”. Imagine my surprise – in 20 years of doing business internationally, this is the first time I was asked to procure my passport when dealing with anything other than banks or authorities! Quick check on their Privacy Policy and – no surprise here – it’s almost nonexistent: vague and far-reaching.

I will spare you the details of the back-and-forth that followed but I outright refused to voluntarily upload my passport scan to an Internet-accessible database. I might be overly paranoid on privacy but I have been a victim of identity fraud in the past and I am not taking any chances.

Here are a few examples of why I refused (and that’s just from last year and only in UK):

After doing some research, I now understand that they are legally required to gather this information under the provisions of the UK money laundering laws:
Moreover, they are also required to keep all those records for 5 years, in some cases even longer, which means the person I was emailing with was either uninformed or lied to me when he wrote “You have right to request to remove those documents once contract is ended and we can proceed accordingly“.

Okay, so let me be clear here: if the UK government is stupid enough to create a legislation which essentially forces UK businesses to gather and store highly sensitive personal information of their customers, employees etc. while leaving those businesses to fend for themselves in terms of storing and securing that data (making leaks all but certain and priming a sizable portion of UK population for identity fraud), and the British people are either stupid or indifferent enough to put up with it, so be it – it’s your country, so run it any way you want. But as a security-conscious individual, I refuse to do business under those regulations and I was fully prepared to walk away from the job over this – as unprofessional as it would have been at last minute. Thankfully, we found a solution that was acceptable to both parties (allowing me to prove my identity without having to turn my passport into a hacker-bait on the Internet) and went ahead with it – and I don’t really care if it was in line with UK regulations or not – they are not my problem.

As for my “question”, the purpose of this post is to provoke some discussion on the topic, so: is it just me being paranoid or do others also see a big problem here? What would you do in my shoes – would you upload your passport or would you take a pass? And if you loose money over this, would you still refuse or would you bend?

Thanks for reading and looking forward to your comments!

visas – How many days it takes to recieve a passport by an express courier return?

I have applied for the UK visa in Paris and I am wondering whether I should choose the express courier return service or not. I have already been troubled a lot by Covid-19 and I want to recieve the passport as soon as possible after the decesion has been made. However, I am afraid the TLSContact courier service will take too long or perhaps it may not be something to trust very well. For those who know, how many days it usually takes for such a service to deliver a passport?

uk citizens – My BNO passport lists my other passports under “observations.” Must I bring those other passports whenever I use the BNO one?

HM Passport Office has issued me a British National (Overseas) passport. I also have a Hong Kong passport, but I do not have actual British citizenship, any UK Visa, nor right to abode in the UK.

As others have mentioned, my BNO passport lists my other passports under the “official observations” section, but I’d prefer to be able to travel without disclosing this information all the time.

Must I carry all those other passports on me if I travel on the BNO passport? After an immigration officer sees the BNO passport and its official observations, will the officer want to see all my other passports listed there?

What if I use BNO when I travel to a country other than the U.K.? For example, if I were to travel to Japan on my BNO passport, would a Japanese immigration officer expect to be able to see the passports listed in this official observations section?

air travel – Indian Passport Renewal-exiting US

I have recently renewed my Indian passport. Now i entered US with my old passport. My question is when i exit US, the airlines sent my details to US CBP so that they have the record of my entry/exit. I believe this is tracked using passport number. Since now i have a new passport with a new number, do i book ticket with my old passport or new passport. How will CBP track my departure if new passport number in used by airlines to book ticket?


hong kong citizens – BNO passport lists my other passports under OBSERVATIONS. Must bring those other passports whenever I use BNO?

HM Passport Office issued me British National Overseas passport. I have Hong Kong passport. I DON’T have actual British citizenship! NO UK Visa, NO right to abode in UK.

I want to confidential. I don’t want to say what countries passports list under OFFICIAL OBSERVATIONS.

Do I must carry all those other passports on me if I travel on BNO? After immigration officer sees BNO and OFFICIAL OBSERVATIONS, will officer want to see all my other passports under OFFICIAL OBSERVATIONS?

What if I use BNO when I travel to country NOT U.K. ?What if not UK immigration officer sees BNO and OFFICIAL OBSERVATIONS? What if I fly to Japan and show Japanese immigration officer BNO?

mount – WD “My Passport Ultra” not recognizes in kubuntu 20.04

Works fine on my wife’s Mint 19.3 machine

[29439.367051] usb 2-3: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[29439.367055] usb 2-3: Product: My Passport 259F
[29439.367057] usb 2-3: Manufacturer: Western Digital
[29439.367060] usb 2-3: SerialNumber: 575847314136364543394A45
[29439.378717] usb-storage 2-3:1.0: USB Mass Storage device detected
[29439.379044] scsi host3: usb-storage 2-3:1.0
[29440.420867] scsi 3:0:0:0: Direct-Access WD My Passport 259F 1015 PQ: 0 ANSI: 6
[29440.421162] scsi 3:0:0:1: Enclosure WD SES Device 1015 PQ: 0 ANSI: 6
[29440.423381] sd 3:0:0:0: Attached scsi generic sg1 type 0
[29440.423716] ses 3:0:0:1: Attached Enclosure device
[29440.424076] ses 3:0:0:1: Attached scsi generic sg2 type 13
[29440.433722] sd 3:0:0:0: [sdb] Spinning up disk…
[29441.466219] .
[29472.072189] usb 2-3: reset high-speed USB device number 12 using xhci_hcd
[29472.221039] ses 3:0:0:1: Failed to get diagnostic page 0x1
[29472.221045] ses 3:0:0:1: Failed to bind enclosure -19
[29472.233248] not responding…
[29652.246770] sd 3:0:0:0: tag#0 timing out command, waited 180s