EQC chief offered to quit
Cabinet minister Gerry Brownlee says Earthquake Commission chief executive Ian Simpson offered to resign over a mass privacy breach - but he still has full confidence in the civil servant.
In a privacy blunder, an EQC staffer sent a spreadsheet containing estimated repair costs and other details on damaged properties on Friday.
EQC at first believed 9700 claims were affected, but yesterday revealed the breach was much more extensive.
Simpson and chairman Michael Wintringham met Canterbury Earthquake Recovery Minister Brownlee in Wellington this morning to explain what went wrong. Simpson was reportedly late for the meeting.
Speaking to reporters afterwards, Brownlee confirmed Simpson made the offer to quit, but he rejected it.
"I think he's done a very good job over a period of time. This is a most unfortunate incident ... He said he understood it caused embarrassment to the Government and said that if he was a casualty of that he certainly understood that," he said.
Simpson had made the same offer to EQC's board.
"They said they wanted him to get on top of the problem," Brownlee said.
Brownlee said progress on claims should not "stumble in any way over this unfortunate incident".
The EQC information was sent to Bryan Staples, boss of insurance advocacy company Earthquake Services.
Staples said he had not leaked information to Labour, but there were five other people in the room when he got the email, which he subsequently deleted.
He said it was "every bit of information that every homeowner in Christchurch has been trying to get out of EQC for years".
He has promised not to make any information public, but he wants the data to be released to homeowners.
"I'll take him at his word," Brownlee said.
"What I do note is that the deal to get the email destroyed occurred about 40 minutes after it was sent. For five people to have viewed it in that time is somewhat unusual ... You would have to had a few minutes at least to work out how to get into those files."
Brownlee said calls for the information to be released were "quite unreasonable."
"Anybody can call up EQC and can get their scope of works provided to them,'' he said.
''What they won't get is the estimate of costs that EQC put on it because obviously we want tradespeople who are doing that work to compete for the work.
"If you say right up at the front what you expect to pay you'll end up paying more. That would come straight out of the pockets of taxpayers."
Brownlee said the EQC had "massive" databases. "Of course they should be careful; that's the issue."
An "auto-address" system had brought up the emails of frequently contacted people.
"Mr Staples' name was among those and his name got attached to the email," he said.
"They are working very hard to put in new protocols that should prevent it happening. In the end, the wrong address got put on an email."
A spokesman for Brownlee confirmed Btrownlee's name was not on the database because his claim was greater than $100,000.
Labour leader David Shearer said the mistake was the third major breach by a government department. and basic safeguards were still not in place.
"We have to get to the bottom of why it is government departments can release sensitive data like this over and over and over," he said.
Privacy Commissioner Marie Shroff had said departments needed to be much more secure with information.
EQC STAFFER SHOULD KEEP HER JOB
Earlier today, Prime Minister John Key said the woman who accidentally emailed out the details of more than 80,000 Earthquake Commission claimants should not be sacked.
An inability to open a simple Excel spreadsheet meant EQC initially understated the number of people affected by the embarrassing privacy breach on Friday morning.
The organisation yesterday revealed EQC's leaked spreadsheet held details of 98,000 claims from the 83,000-plus claimants, who make up the entire Canterbury EQC home-repair programme.
Key said the breach was down to "human error".
"I don't know the woman involved that sent out the email, but I've seen her name in the paper and I suspect she's probably mortified,'' he said.
''I'm not saying we don't take responsibility and people don't seriously go back and look and see how these things happen.
"I'm just simply saying that ... if one of your employees made a mistake, as happens because we get them on the other side ... would we really go out there and sack that person? I don't know; it seems a bit hard to me."
Key said there was a "political element" to the outcry.
He said his office got an email recently from a journalist "we should never have got" but agreed to delete it.
"It was a ripper, but because we have a constructive working relationship, we deleted it. In the end, we could have used it ... but sometimes we take the moral high ground here on the ninth floor of the Beehive."
The row erupted on Friday after an EQC senior staffer sent an email with the Excel data attachment to Christchurch businessman and persistent EQC critic Bryan Staples.
He deleted the information and signed a statutory declaration that he did not copy it.
Staples, who owns Earthquake Services Ltd, went public yesterday, saying he wanted the EQC to disclose the information to the individual householders.
"This is stuff everyone has a right to know," he said.
"From EQC's perspective they could not have sent it to a worse person. I have spent two and a half years trying to get EQC to be transparent and to deal with homeowners fairly."
The inability to open the Excel spreadsheet was a further sign of EQC incompetence, he said.
"I opened it with three clicks of the mouse. I had to tell them how to do it."
Staples said he received the email from claims process manager, repairs, Susan David about 8am on Friday and was astounded.
"She then realised what she had done and asked me to delete the email."
An EQC fraud investigator called, asking him to destroy the email and to sign a statutory declaration.
Staples said he was not the only person to see the email, which listed the household's claim number, asbestos rating, EQC tolerance approval, which aspects of the claim were on hold, land information, whether the address was awaiting assessments, engineer's report, the EQC supervisor, the contractor's name and quote, and the EQC's value of damage estimate.
Four other people were in the room when it was received by Staples. He did not want David punished as she was one of the better EQC people to deal with, but he wanted the incident to lead to transparency and accountability.
'This is the perfect opportunity for EQC to come clean, open up their books and be as transparent as glass."
Staples claimed he had been told his phones could be tapped and he could be the victim of a smear campaign after receiving the information.
"You have no idea the hell I've been through since Friday morning."
Staples said he looked up the information for one of his clients on the list for whom his company had done repair work, costing $55,000.
The EQC had said $55,000 was too much and had cash-settled for $30,000 with the homeowner, but the spreadsheet showed the EQC had allocated $59,000 for repairs.
Staples said he started his business with independent assessments, then developed a claims resolution service.
Earthquake Services was managing over $200 million worth of claims and was owed $500,000 to $700,000 by the EQC. His firm had conducted over 1000 assessments.
"I'm in this game to help people," he said.
He said he did not want the leak to become a political football.
"Let's use this opportunity to make real change."
To questions from The Press, an EQC spokesman said yesterday the data was prepared for Fletcher EQR.
"We are not prepared to discuss the purpose of the spreadsheet. The data in question included only claims which were under managed repair. By definition these claims were not in line for a cash settlement,'' he said.
"We are not prepared to compound the privacy breach by indulging in speculation about the contents of the spreadsheet."
EQC chief executive Ian Simpson said the staffer would not be disciplined and did "everything right" after the initial mistake.
"The accountability for privacy at EQC sits with me ... The person involved is distraught over this ... What we need to do is make sure that people aren't put in a position where they feel they need to try and email this data," he said.
Yesterday he said that when the breach was first announced to the media last week, the fact information on the other 73,000 claimants could be accessed using the spreadsheet's pivot table tool was not apparent.
The email referred to homes requiring repairs costing between $15,000 and $100,000, he said.
The scale of the breach meant the EQC would not be contacting each claimant to inform them, but would be taking out advertisements in Christchurch newspapers.
An independent review would advise EQC on email security.