A victim of several ACC privacy breaches has an increasing pile of apologies, but says nothing has changed since she requested action on the organisation's handling of personal information years ago.
The Government agency's privacy practices are under investigation by the Privacy Commissioner after it was revealed in March that it sent whistleblower Bronwyn Pullar 6500 clients' private details, including the names of victims of sexual abuse and other violent crime.
The commissioner is believed to have sent a letter to people who have made a complaint about the breaches, asking them to explain their preferred outcome and provide evidence about how they had been "significantly hurt".
But one complainant, a sensitive claims unit client, said in cases like this privacy laws were a "toothless wonder".
She said a letter she received from the Privacy Commissioner's assistant commissioner of investigations, Mike Flahive, last week minimised the latest privacy breach.
And she believed it invited her to direct the blame on Ms Pullar instead of the corporation. It "smacks of state bullying", she said. "Had they listened to the concerns of complainants way back, then we may not have been in the position we are in now."
She did not want compensation, just action.
An ACC spokesman said the corporation did not comment on individual claims.
The woman said ACC had dealt with "stacks" of her complaints about privacy breaches before, dating back to 2006 when it had first breached her privacy.
She was tired of repeatedly getting letters that had "become meaningless and trite" and containing apologies.
Mr Flahive indicated in the letter that if ACC's information handling practices were not up to the expectations of the Privacy Act, it would be dealt with by "agreement with the commissioner". If an agreement could not be reached court action was possible.
The breach in question was at the "low end of potential breaches that occur in any agency" so in most cases an apology was appropriate, he said.
"However, there may well be exceptional cases where the hurt is truly significant and there is evidence in support."
A statement from the office of the Privacy Commissioner said about 75 letters had been sent out to those who had raised complaints about the disclosure of ACC material in March.
The commissioner's office had to be satisfied that a privacy principle had been breached and that the complainant had suffered harm before finding an interference with privacy.
"In some cases, the harm might be a loss of dignity, humiliation or injury to feelings. The Privacy Act requires this harm to be `significant'."
The process then looked at reconciliation – past settlements included an apology, an assurance an action would not recur, monetary compensation or smaller gestures, such as vouchers.
An earlier version of this story wrongly attributed the statement from the office of the Privacy Commissioner to an ACC spokeswoman.
- The Dominion Post
Is New Zealand's airport security stringent enough?Related story: Risky objects bypass Wellington Airport security