A legal recruiter has emailed hundreds of people asking them if they want a job at a US firm, without hiding any of the potential candidates' names from one another, and using their work email addresses. It has reported itself to the Information Commissioner's Office.

"Good afternoon", wrote the young consultant at Ryder Reid Legal to hundreds of business development and marketing staff at dozens of firms. "I hope you don't mind me getting in touch". (They did.)

"Our client, a prestigious US law firm", she continued, was seeking a business development specialist for its "impressive" London office. The firm wasn't named, but it was described as being "ranked number 2 worldwide in terms of revenue" (which would make it Latham & Watkins) with a New York HQ (which means it's not). 

471 individuals received the invite to "hear more" about the opportunity of an "attractive, negotiable salary, coupled with an enviable benefits package". Unfortunately, 470 other recipients could see they had received the invite, making their interest in moving job rather more public than intended. 

Because the invitation was sent to people's business email addresses, identification of the competition was even easier, as was the likelihood that colleagues with access to work accounts would learn more than they should about the recipients' itchy feet.


Ryder Reid's new keyboards.

A BD manager at Baker McKenzie was unimpressed, responding, "I don't think this was an appropriate email and I am pretty sure this is a breach of GDPR". She told the company, "Please refrain from emailing Baker McKenzie email addresses directly in future".

Ryder Reid "have just landed themselves in the shit", said a source. "The best bit", they added, was that the Baker McKenzie manager hit 'reply all' on her response. "Whether that's also a mistake or she just wanted to share the dressing down with the other 500 recipients, who knows?"

In a statement the company said, "Unfortunately a member of our staff made a human error whilst not following company processes". 

"As soon as the error was detected", it continued, "we contacted the ICO to discuss the matter to ensure it was handled correctly. We apologise for any inconvenience this error has caused the recipients." 

Ryder Reid said that as a result of the mistake, it had conducted an internal investigation and review and was "delivering improved training to prevent such errors in the future".

All publicity is good publicity though, so read on and feel free to apply:


Just don't reply all.


Tip Off ROF


Common sense 25 October 19 11:18

No, because they were simply replying to an email chain that they were a participant of.

Anonymous 25 October 19 12:10

They clearly have no regard for my firm as a client as now I have been able to see them openly headhunting out from us. Disgusting and clearly desperate simply mailshoting that many candidates, utter embarrassment how far they have fallen. 

Chris Kamara 25 October 19 12:50

Unbelievable Jeff, they've had an utter nightmare there Jeff, an utter nightmare; They'll not come back from that one Jeff!

Intrigued 25 October 19 13:29

The question is, is the BD manager still going to apply for the role? 

Keep us updated. 

PA at US Law Firm 25 October 19 13:43

Starting to feel a little offended that they didn't send an email to my work address. I suspect my firm will block the companies email address's now seems to be the word.

Anon 25 October 19 14:17

That is hilarious. Another awful legal recruitment agency showing themselves up once again! The fact they are messaging a large amount of people's work email addresses just shows how desperate they are. It is completely unprofessional and certainly isn't personal at all using blanket emails. 

Looks to me like the agency should be looking at their approach more than the individual itself. 

Anonymous 25 October 19 14:45

"They clearly have no regard for my firm as a client as now I have been able to see them openly headhunting out from us."

Mate, so are the rest of the recruiters you're using.  (Well maybe not quite as openly as this, but...)

Savage Ogre 25 October 19 15:49

As awful as this agency actually is, they have some incredible hotties as staff... [redacted] *drools*

Anonymous 25 October 19 18:30

Independent to the disastrous breach of GDPR which in itself could lead to the downfall of any agency, I think the significance of an agency willingly disrespecting their own clients by headhunting out of them and sending emails to work addresses highlights this agency's lack of morals and company care.  The breach was clearly an error, and the agency will receive the relevant financial penalty but the intent of client and candidate disrespect was premeditated and deliberate. Being employers and HR professionals we have to ask the question who would use this agency again, either as a client or candidate if we can not trust we will receive discretion or honesty, the answer is clearly WE CAN'T!

Hey I know these guys 25 October 19 23:23

Almost exclusively, as I recall, Ryder Reid business was from US law firms based in London (10+ yrs ago). You could see the recruiter's eyes glaze over when I informed them that I did not have previous paralegal experience working for US law firms. Never got a call back. On the plus side, they provided me with a confirmation letter stating I was registered with them straight after the interview - helped me pass the necessary ID checks to enable me to rent a property. Not all bad ... :-)

So many questions. From what you can see there are personal e-mails which I'm guessing prospective candidates disclosed? So maybe the firm e-mail addresses were also disclosed by the job-seeking employees - do they deserve the blame rather than RR? Or was this a LinkedIn cull-and-paste job? I thought one of the exceptions to a cold approach under GDPR was "legitimate business interest"? On the flip side, agree that disclosing PII is always going to be a bad thing.

The major questions: Are these failures significant enough for firms to think twice about instructing them? Or will this blow over like the massive data breaches we have seen in other sectors over the past few months? 

Anon 26 October 19 12:14

Gosh...the poor girl who wrote the email...has anyone given any thought to how she is feeling, awful I bet. It could have happened to anyone.

As for condemning the agency, I get that it is a mistake and ultimately their responsibility but unless they sit with everyone and watch what they are doing, human mistakes can happen.

I don't know their processes so don't know if it could have been avoided but having worked with them in the past as a client and candidate, I've always found them to be professional and friendly. From the article it seems they have also handled it well by speaking to the ICO for advice.

a perfectly normal human being 27 October 19 00:28

"They clearly have no regard for my firm as a client as now I have been able to see them openly headhunting out from us"

Do you imagine them to be under a duty to refrain from headhunting from firms that hire them?

How would their business work if they followed that principle?

Human 27 October 19 23:11

Assuming she copied all, I think the Baker McKenzie response was considerably more cringe worthy than the original. To everyone out there determined to cc in witnesses and bystanders as you sternly dispense what may seem to you to be Solomonaic judgement by email - chances are you are being a pompous ass.

To RR crisis manager 28 October 19 12:45

Dear "Anon 26 October 19 12:14" / RR Crisis management attempt

1 No one said it was a girl

2 Policy, process + training = De rigeur for any job (and pls don't claim its because she was a new hire - in which case supervisor has to carry the can)

3 "Speaking to the ICO" - Is that all? Really poor and too late. Insert other lame excuse "The person involved is undergoing training"

I feel for SMEs chafing under the burden of the 1998 Act, magnified by the GDPR principles added in 2018. However, recruiters deal with PII day in, day out and have to tick all the boxes when signing up to work for the big boys. Not good enough, sorry.

Related News