Cavalier attitude lead to NZ's biggest privacy breach

DANYA LEVY
Last updated 14:03 23/08/2012
Bronwyn Pullar
One News
BRONWYN PULLAR: ACC claimed she attempted to extort a benefit from the corporation after a worker sent her confidential details of hundreds of clients.

Related Links

ACC refers whistleblower to police ACC whistleblower breaks silence The 'friend' linked to Smith's demise ACC whistleblower told to back claims Full list of Bronwyn Pullar's complaints against ACC Key did not help ACC whistleblower No extortion charges against ACC whistleblower Whistleblower: Only rich can fight ACC

Relevant offers

Politics

No rest for Key as schedule heats up Labour leadership contest likely Beehive Live: Now the work begins Death throes, low blows, election night had it all Fresh faces in new Parliament Shuffle ahead for National Kiwis could vote on flag next year Roy happy to be busy outside politics Wagner tightens National's grip on Christchurch Central Defeated Soper bows out of national politics

Systemic weaknesses at ACC and an "almost cavalier" attitude towards claimants and their personal details led to one of New Zealand's biggest privacy breaches, the Privacy Commissioner has found.

Culture change starting at the top of the Corporation is vital to prevent any further breaches, Marie Shroff says.

The Commissioner has released her report, commissioned by her office and the ACC board it was revealed in The Dominion Post that the Corporation inadvertently emailed the private details of more than 6700 clients, including 250 sexual abuse cases, to claimant Bronwyn Pullar.

The breach, which also forced investigations by the Police and the Auditor-General, led to the resignation of Cabinet minister Nick Smith and the departures of board chair John Judge and three other board members. Chief executive Ralph Stewart has also announced his resignation.

The report found the breach, which occurred in August 2011, was a genuine error but occurred because of systemic weaknesses within ACC's culture, systems and processes.

The management of information at ACC was "low level and defensive". It focused on breaches and complaints rather than emphasising respect for claimants and their details.

"That is not good enough, particularly in this digital age," Shroff said.

"Personal information is the lifeblood of ACC and it is vital that ACC treats that information with respect - the trust of its clients, and it many respects, the success of its operations depend on it."

While privacy awareness at branch level was good, there was a culture within ACC that had at times an "almost cavalier" attitude towards its clients and the protection of their private information.

Shroff, who interviewed 150 ACC staff for her report, also found ACC lacked a comprehensive strategy for protecting and managing claimants' information.

ACC had "elements" of privacy protection but they were not up to standards expected of a responsible public sector agency which held highly sensitive information about a large number of people.

Much change was needed to restore public confidence in ACC, Shroff said.

Ad Feedback

The commissioner's recommendations to ACC include: clear privacy policies be established, the organisational culture and privacy accountability be strengthened, its business processes and systems be reviewed and updated, and extra resources be provided to clear backlogs of privacy related processes.

Pullar said she was  ''delighted that the various investigations have highlighted the deficiencies with the way the ACC was being run.''

''It gives me great heart to hear that the Minister is going to accept all the recommendations. ''

She added: ''I believe this outcome will provide much better and fairer processes for all New Zealanders who have dealings with ACC.''

ACC's interim chair Paula Rebstock says the Corporation will be implementing the recommendations in full.

"The events over the last six months have raised profound questions about our management of information."

ACC had to show its customers and stakeholders that change was occurring quickly, she said.

"We need processes that help minimise errors with safeguards to provide checks and back-ups. If something does go wrong, we must have systems to respond quickly and appropriately, and just as importantly, we need to find out what went wrong so we can try to prevent it happening again."

 

 

- The Dominion Post

Comments

Special offers
Opinion poll

Where do you stand on political coat-tail riding?

If it gets marginalised voices into Parliament, I'm for it.

I'm against it - if you don't get the votes, you shouldn't be there.

It's just part of the political game.

Vote Result

Related story: Voters reject riding on the coat-tails

Featured Promotions

Sponsored Content