Editorial: Evidence mounts against muddled ACC

19:59, Sep 03 2012

To paraphrase Oscar Wilde, to breach the privacy of one's clients once may be regarded as a misfortune; to do so twice looks like carelessness.

Except when the clients involved are accident victims who have entrusted sensitive personal information to the state accident insurer, ACC. Then the breaches look less like misfortune and carelessness and more like gross negligence.

The latest breach, revealed in yesterday's Dominion Post, shows the agency has learnt nothing from the earlier privacy breach, also revealed by The Dominion Post, that contributed to former ACC minister Nick Smith resigning and former ACC chairman John Judge and two other ACC board members not having their terms extended.

Then an ACC manager mistakenly attached a spreadsheet containing information about almost 7000 ACC clients to an email sent to Auckland client Bronwyn Pullar. Informed of the breach, ACC wrote to Ms Pullar, asking for the return of the material but, despite not receiving it, took no further action till the breach was made public four months later.

The most recent breach occurred a few weeks after the Pullar breach became public. The circumstances are disturbingly similar. They betray a cavalier disregard for client privacy, slipshod systems and a reluctance on the part of the corporation to admit to making mistakes.

On March 29, ACC mistakenly sent a bundle of documents relating to an elderly Auckland client, Diane Hawke, to another claimant.


The recipient did not notice the extraneous material till July when she went through the information sent to her by ACC, but when she did she emailed and called ACC several times. Despite that, Mrs Hawke did not learn of the breach till she spoke, six weeks later, to the woman mistakenly sent the information about her.

The corporation also failed to inform ACC Minister Judith Collins of what she has called a ''totally unacceptable'' mistake - a clear breach of the ''no-surprises'' policy insisted upon by ministers.

The picture that emerges is of an organisation in disarray and more concerned with maintaining the fiction that it knows what it is doing.

Less than two weeks ago, a damning independent report on the Pullar breach highlighted systemic inadequacies within ACC that increased the likelihood of privacy breaches, variable attitudes towards client personal information and a lack of accountability for addressing privacy issues.

The latest breach shows nothing has changed.

The public expect ACC to test the veracity of claims made by clients and to do all that can reasonably be done to rehabilitate them.

However, they also expect claimants to be treated with dignity and respect and ACC staff to handle sensitive client information with care, not scatter it about cyberspace like confetti.

If mistakes are made they should be acknowledged, not ignored.

Ms Collins has her work cut out.

The Dominion Post