Part One was Page boasting that it recruited 300 people for a data giant while sending one Lee Thompson another Lee Thompson’s unredacted candidate material. Part Two is nastier. Page did not just leak the wrong man’s data. It did it while burying disability-discrimination-relevant material under black rectangles. Funny how the marker worked when Page needed cover, then suddenly fucked off when someone else needed privacy.
Previously, On The Wrong Lee Thompson
Last time, TCAP looked at Page Outsourcing’s trophy case for Serasa Experian. Page did not present it as a minor staffing job or a quiet bit of recruitment plumbing. It framed the thing like a victory parade: 300 technology and finance professionals, a new shared services centre in Brazil, complex technology roles, bespoke recruitment, profile alignment, onboarding support, ATS information management, satisfaction surveys and the usual wet corporate confetti about “lives changed”.
Then I asked Page for my own data.
Page sent me another man’s candidate material.
Not a harmless typo. Not a mislabelled folder with nothing in it. Another Lee Thompson’s material sitting inside my data subject access response, while Page was responding to a request connected to a live disability discrimination dispute. Different man. Same name. Apparently that was enough for the recruitment experts who sell screening, precision, candidate care and data confidence to multinational clients.
But that was only the first layer of rot. The sharper point is not simply that Page exposed the wrong man’s data. It is that Page managed to do that while sending me a huge pile of redacted shit about my own disability discrimination claim.
So Page could find the black marker when the material was about who said what, who knew what, who discussed my mental health, who handled the Cepac application, who panicked, who googled me, who called legal, and who helped build the story after I complained. Yet somehow, when another man’s private candidate material wandered into my file, the same data-handling machine turned into a fucking sieve.
That is the article.
Page Picked A Data Giant
Serasa Experian is not some random client Page once helped staff up after a sales manager got overexcited on LinkedIn. It is a credit data giant. Page’s own case study describes Serasa as the Brazilian subsidiary of Experian, a multinational credit reporting company collecting and aggregating information on more than one billion people and businesses worldwide.
That matters. This was not Page standing next to a sandwich shop. This was Page standing next to a data empire. Identity. Records. Matching. Risk. Creditworthiness. Databases. Profiles. Files. Scores. The whole unpleasant furniture of modern life, where a human being becomes a searchable record and then some machine decides whether the world should trust them.
Page knew exactly what sort of client it was polishing. Its case study talks about technology roles, development roles, database roles, architecture roles, project roles, BI roles, finance roles and end-to-end recruitment delivery. Page was not just throwing CVs over a wall and hoping someone liked the font. It was selling itself as recruitment infrastructure for a company whose whole public value proposition depends on getting people right.
Then Page got me wrong.
And then Page got the other Lee Thompson wrong.
Then Page got the redactions wrong in the most revealing way possible: black out the discrimination trail, leave the wrong man exposed.
Beautiful work, lads. Precision recruitment with the accuracy of a drunk photocopier.
The Black Marker Knew Where To Go
Page’s DSAR response is where this stops being merely funny and starts smelling like a corporate bin fire.
I asked Page for records about my Cepac application. Not gossip. Not vibes. Records. CVs, internal notes, suitability assessments, screening notes, emails, internal discussions, documents exchanged with Cepac, call logs, notes about my interview offer, records of when and how Cepac responded, discussions about my mental health condition or reasonable adjustments, and reasons for not proceeding with the interview.
That was the request. A disability discrimination request. A recruitment-dispute request. A request where Page’s handling of my data, my application and my health disclosure sat right in the middle of the factual mess.
Page’s response said third-party data had been removed under Article 15(4). It said emails related to me had been included with third-party information redacted. Fine. Nobody is saying they had to throw every unrelated person’s details into the road. But the optics are filthier than a blocked drain.
Because the material relevant to my claim arrived with heavy redactions. Names gone. Email blocks blacked out. Trails chopped. Context interrupted. The stuff that might help show who handled what, who was told what, who knew about the alleged mental-health issue, who contacted whom, and who started building the “nothing to see here” narrative was buried under Page’s compliance blackout.
Then, in the same data-handling masterpiece, Page sent the wrong man’s candidate material.
So the black marker did work.
It worked when Page needed to protect the internal machinery.
Then it worked when the trail led through a disability discrimination dispute.
It worked when the file might show how the sausage was made after I complained.
But when another private individual’s candidate material ended up in my DSAR pack, apparently the marker went out for a fag.
That is the killer asymmetry. Page did not just make one sloppy mistake. Page showed two different standards in the same disclosure: caution when the material might embarrass Page, carelessness when the privacy belonged to someone else.
The wrong Lee. The right redactions. The perfect fucking metaphor.
More Than 220 Million Files In The Wind
Now place that next to Serasa Experian.
In 2026, Mishcon de Reya said it was acting in a High Court claim on behalf of Brazilian individuals affected by a leak of over 200 million individuals. Agência Pública reported that the English courts would hear one of the biggest data leak cases in Brazil’s recent history, concerning around 220 million people and seeking to hold Serasa and other Experian group companies responsible.
Serasa denies that its systems were invaded. That denial matters and it goes in cleanly. TCAP is not saying a court has found Serasa liable for the mega leak. Or that Page caused any Serasa breach. TCAP is not pretending allegations are findings.
But Page Partners is not built on pretending Page caused every client controversy. It is built on something simpler and more corrosive: Page chooses its trophy wall, and then TCAP checks what is hanging behind the frame.
Here, Page chose a credit data giant. A company operating in the world of identity, personal records, consumer files and data confidence. A company whose group universe is now publicly tied to mega-leak litigation in England, while Serasa maintains its denial. That is already a grim enough atmosphere.
Now add Page’s own contribution: redacted discrimination-relevant DSAR material for me, unredacted wrong-man material for someone else.
The credit file comes back wrong. The CV comes back wrong. The name comes back wrong. And Page still wants to act as though the scandal is that I noticed.
R$0.98 For A Human Being
The mega-leak claim is not the only public data stink around Serasa Experian.
Brazil’s Federal District Public Prosecutor’s Office brought proceedings over Serasa Experian’s sale of personal data. Public reporting and legal summaries of the case say the action concerned services such as “Lista Online” and “Prospecção de Clientes”, with data including names, addresses, CPFs, phone numbers, location, financial profile, purchasing power and social class, allegedly sold for advertising and customer-prospecting purposes.
The number that does the damage is R$0.98 per person.
Less than one real for a human being.
That is not TCAP poetry. That is the sort of figure that makes the whole data-broker economy look exactly like what it is: people rendered into ingredients and priced for the next marketing stew. Name. Address. Tax number. Phone. Location. Purchasing power. Social class. All the little pieces of a life laid out like cuts on a butcher’s counter.
Again, Page did not create that case. Page did not write Serasa’s business model. Page did not invent Brazil’s data economy. That is not the allegation.
The allegation is about Page’s judgement.
Page looked at that world and saw a trophy. Then built the case study. Page told the market about the lives changed. Then helped staff the machine. Then Page, when faced with its own data-rights moment in a disability discrimination dispute, gave me redacted sludge for the parts that mattered and the wrong man’s private material for the parts that should never have been there at all.
That is not an unfortunate coincidence. That is the smell of a company that has spent too long confusing people with paperwork.
The Dutch File Wasn’t Pretty Either
The wider Experian atmosphere does not exactly smell of lavender.
In October 2025, the Dutch Data Protection Authority announced a €2.7 million fine against Experian Netherlands for privacy violations. The regulator said Experian had supplied credit assessments about people to customers until 1 January 2025 and had collected data such as negative payment behaviour, outstanding debts and bankruptcies. It said Experian had stopped the work in the Netherlands and would delete the database of personal data.
Keep this clean. Different entity. Even a different jurisdiction. Different facts. This is not Serasa liability.
But it is still part of the weather system around the name Page chose to polish. Brazil. England. Netherlands. Credit files. Personal data. Profiles. Claims. Regulators. The same general corporate universe where people are reduced to records and then told the system is too clever to be questioned.
And over here, Page cannot even manage “which Lee Thompson”.
There is something almost artistic about the stupidity. A recruitment company sells itself as a careful handler of people and records. A credit data client sells the world confidence in files and identity. Then my DSAR arrives like a little black-comedy exhibit from the museum of corporate arse-covering: Page hides the uncomfortable internal trail, but lets the wrong man’s data walk straight into my inbox.
If Page had tried to script a better TCAP article for me, it would have pulled a muscle.
Even Facebook Found The Door
Back in 2018, Facebook ended its partnership with Serasa Experian in Brazil as part of wider changes after Cambridge Analytica torched public confidence in third-party data targeting. Reporting at the time said the Serasa partnership had supported advertising segmentation, including income-based targeting, and Serasa said the partnership involved anonymised data and that it complied with Brazilian law.
Again, that caveat goes in. This is not a claim that the Facebook partnership was unlawful. It is a public-pressure point about atmosphere, judgement and the stink around data as product.
Because when Facebook, hardly the Virgin Mary of privacy, starts edging out of the third-party data room after Cambridge Analytica, maybe check what everyone else in the room is selling.
That is what Page never seems to grasp. Public records matter. Optics matter. Client trophies matter. Data stories matter. If you boast about a client, you invite people to inspect the underside of the trophy. If you brag about recruitment precision for a credit data giant, do not then send a disabled claimant a DSAR that looks like a blackout poem stapled to someone else’s CV.
Page put Serasa Experian on the plinth.
TCAP just read the little brass plaque.
Page Changed 300 Lives. It Sent Me The Wrong One.
Page’s Serasa case study says “lives changed: 300”.
There it is. The phrase that keeps coming back with a knife in its hand.
Lives changed. Processed. Mapped. Lives onboarded. Put through systems. Lives converted into case-study copy for a recruitment firm that apparently treats data accuracy as a branding exercise until someone asks for the actual file.
My own life was changed too. Not by Page’s heroic recruitment expertise, but by its handling of a disability discrimination dispute, its redacted disclosure, its internal panic trail, its Google-and-gossip energy, its “this candidate may be one that does this regularly” little stinkbomb, and its inability to keep the correct Lee Thompson in the correct lane.
Another man’s life got dragged into it as well. He did not ask to be in my DSAR. Not did he ask to become a punchline in Page’s data-handling circus. He did not ask for his material to become Exhibit A in a recruitment company’s tribute act to incompetence.
That is the cruellest part. The person whose privacy Page exposed is not the target. He is collateral. Page is the target. Page built the mess, wrapped it in corporate boilerplate, blacked out the bits that made itself uncomfortable, and somehow let the wrong man’s details stroll through untouched.
So no, this is not merely “wrong Lee”.
It is redacted Lee and exposed Lee.
Protected Page, protected client. Exposed candidate.
It is a disability discrimination file with black bars where the accountability should be, sitting beside a stranger’s private data that should never have reached me.
The credit file comes back wrong.
The CV comes back wrong.
The name comes back wrong.
The redactions land exactly where Page needs them.
And Page, the company that sells recruitment precision to data giants, still expects the room not to laugh.
Sources
- Page Outsourcing – 300 Tech And Finance Professionals Joined Serasa Experian To Open A Brand-New SSC In Brazil
- TCAP – Page Partners : Serasa Experian And The Other Lee Thompson
- PageGroup – Data Subject Access Request Response To Lee Thompson, 7 April 2025
- Mishcon de Reya – Mega Data Leak Case
- Agência Pública – Megavazamento: Inglaterra Julgará Ação Sobre Dados De Brasileiros
- MPDFT – MPDFT Obtém Decisão Que Suspende A Venda De Dados Pessoais Pela Serasa Experian
- Autoriteit Persoonsgegevens – Experian Krijgt Boete Van 2,7 Miljoen Euro Voor Privacyovertredingen
- Meio & Mensagem – Facebook Encerra Parceria Com Serasa Experian