Some of you will have seen the articles in the National and Strathy newspapers which led to Nick Kempe’s post (see here) about the “Toxic Culture” at Cairngorm Mountain (Scotland) Ltd (CM(S)L) and the apparent lack of action by either their senior management or board or Ms. Carrol Buxton, the Deputy CEO of Highlands and Islands Enterprise (HIE), to whom the matter was reported.

The following quote is from HIE’s website:-

Note “effective voice and respect.”

It would appear that Carroll Buxton hadn’t read that bit, but as interim CEO at the time of the initial complaint, the correct course of action would have been to refer the case to Karen Moncrieff, the current Director of Human Resources, or her predecessor, for advice or investigation!  Instead, she or someone at HIE couldn’t get off the phone quickly enough to inform Susan Smith, CEO at CM(S)L at that time, about the whistle blower’s accusations.  As the Strathy reported:

The lack of interest and concern was an absolute disgrace. HIE is owner of CM(S)L and therefore ultimately responsible for the actions of any employee. Both are publicly funded through the Scottish Government and for that reason alone an independent transparent investigation was, and still is, necessary.

The Strathy went on to report:

Mr Hurst, was, at the time of the accusations,  part-time Chief Executive of CM(S)L and still is a board member::

Mr Hurst’s failure, along with the rest of the board, to address the bullying accusations is deplorable.  After the incidents are alleged to have occurred, two new directors, Jacqueline Douglas and Inglis Lyon,were appointed to CM(S)L on 25/11/2024.  One wonders if they have done anything to address the issues or have just become part of the “Toxic Culture”?

The next quote from the Strathy shows how bad the HIE/ CM(S)L situation is although the initial question was about the funicular :-

“Highlands MSP Edward Mountain demanded an inquiry during First Minister’s Question in Holyrood saying the loss of “millions of pounds” on the project is down to an HIE “fiasco” after “nearly six years of incompetence”.

The First Ministers reply:-

Mr Swinney “refused to budge on the issue saying HIE enjoys his “utmost confidence”!!!

Unfortunately instead of learning from the past, these events seem to have reinforced the idea among senior management of CM(S)L that they are untouchable. I hope the Information Commissioner will prove that WRONG.

 

How CM(S)L and HIE are breaching data protection law

On 03/02/2025 I entered a Subject Access Request or SAR to CM(S)L asking for details of any and all information that they hold on me. This is everybody’s right under the Data Protection Act 2018 and the UK General Data Protection Regulation (UK GDPR).  According to the UK Government website on data protection (see here) :

“The organisation must give you a copy of the data they hold about you as soon as possible, and within 1 month at most”.

“In certain circumstances, for example particularly complex or multiple requests, the organisation can take a further 2 months to provide data. In this case, they must tell you:

• within 1 month of your request
• why there’s a delay

Note:  “as soon as possible”. As far as I can tell from the GOV.UK  website the 1 month is not a legal requirement but considered to be best practice,

It used to be the case under a former Human Resources manager that Freedom of Information were  answered promptly, usually next day and even on one occasion the same day. I spoke to the gentleman about this and he said “ I liked to get those requests out of the way asap but was then told by senior management to delay the responses until the last possible minute”!

Having not received any response to my SAR request, I queried the delay and received a response from the current HR co-ordinator which I have abbreviated:-

Note CM(S)L state they received my SAR ONE MONTH before I sent it!

This claim that CM(S)L needed more time to search through different systems suggests either:-

(a) holding a huge amount of information on me, or

(b) has an IT system that is completely fragmented and unfit for purpose (despite the huge amount of public money that has been invested in the business), or,

(c) senior management has again told the HR manager to hold off until the last possible minute (as they did with my FOI requests)!  or,

(d) holding information on me they shouldn’t.

The first two explanations appear unlikely and at first I thought that the real reason was perhaps that senior management had ordered the response to be delayed, as they did with my FOI requests, but someone then forgot to respond.  In responding to an FOI that was delayed the HR manager confirmed that a senior manager, whose name was supplied, is blind copied into ALL FOI responses.  Perhaps that manager ordered the response to be delayed?

The response did say, however, that the reply to my SAR should be with me by no later than three months after it had been received, i.e either by 03/04/2025 using the date they said the SAR had been received, or 03/05/2025 using the date they actually received it.

Well guess what?  On the evening of 13/05/2025 I sent this email:-

I received a reply from H.R. on 16/05/ 2025,

I sought advice from the UK Information Commissioners Office about why “external advisers” would not be involved and on 03/06/2025  wrote to the HR Manager as follows:

A week later, on 10/06/2025, I received a reply to my questions:-

2. confirmed the advisers as Brodies LLP, and

The end of the month of June, or “much sooner”, came and went and still nothing, so last Thursday 4th July I sent this email to HIE:-

After detailing all the emails between us, as above, I ended the email:

A week later, I have still had no response.  What is clear is that IF CM(S)L had problems with their IT system, as originally claimed, then they could not have sent all my personal information to their legal advisers for advice!  It appears therefore there is either some reason why senior management are not wanting to release the information or they have realised that they are in breach of the Data Protection Act and may have committed a criminal offence.

Delaying the release of the information, however, would appear only to make matters worse.  One of the points of Subject Access Requests, as I understand them,  is they allow people to correct or challenge information an organisation holds about members of the public.

I have complained to the ICO and only when the ICO makes a decision about my complaint and the actions of CM(S)L will more be revealed about the toxic management culture at Cairngorm Mountain. In my complaint to the U.K. ICO there is a question regarding potential financial penalties if CM(S)L is found guilty. I didn’t tick that particular box because I don’t believe public funds should be made to pay for mistakes the public have no control over. Its the toxic management and board culture and CMSL and HIE which needs to change.