Handling of privacy gaffe 'disappointing'
Work and Income has apologised for giving a client's private details to another client and then failing to treat the blunder seriously enough.
The document containing the client's details was given to Whitireia Polytechnic journalism student Jean Eltringham in a pile of other papers during a meeting at the agency's Kapiti Coastlands office last month.
The one-page application for financial help shows contact details, a client number, weekly income and money owed by a Paraparaumu benefit recipient.
When Mrs Eltringham rang the Work and Income call centre to report the mistake, she was told to destroy it herself. She offered to hand it back to the Work and Income office, but the call centre worker told her there was no need.
The beneficiary whose privacy was breached said it was an unpleasant surprise, and she had not been informed by Work and Income.
“I'm quite upset about it and disturbed that my privacy hasn't been respected. Because it's the same office, it could have been someone who knows me. My biggest fear is that someone else would use it to commit fraud and I'd get done for it.”
The incident comes in the wake of the privacy scandal that saw ACC email sensitive details about more than 6000 claimants to a client.
After the release last month of two inquiries into the breach, Privacy Commissioner Marie Shroff said ACC's troubles served as a timely warning to similar entities.
"Agencies that hold large amounts of personal information should be taking note of what has happened at ACC and learn from its mistakes. Many organisations will recognise it could just as easily be them in the headlines."
Work and Income head Debbie Power said the mistake was due to human error but the agency's processes for handling privacy breaches were not followed.
"More care should have been taken and this has been reinforced with the case manager."
They had since apologised to the client whose privacy had been breached.
"This incident is a disappointing reminder that we must be ever vigilant and ensure our practices when handling client information are impeccable."
Three Work and Income staff were fired in July after a review into misuse of client information found that nearly 10 per cent of frontline staff surveyed had breached the department's own code of conduct by inappropriately accessing information.
Privacy expert Jonathan Forsey from law firm Duncan Cotterill said the incident represented a cavalier approach to personal information in large agencies.
“It's clearly a breach of the obligations of [Work and Income] under the Privacy Act, both in terms of safeguarding information they hold, and in terms of informing the provider of information that it's been disclosed to a third party,” he said. “Financial information and contact details can readily be used for benefit fraud or identity theft, so it is a significant breach.”
Assistant Privacy Commissioner Katrine Evans said public sector agency policies must ensure continued protection of clients' privacy after a breach.
“Any major agency that handles huge amounts of personal information is bound to have the odd mistake, but it's the putting right that counts.”
The Dominion Post