ACC has 'an almost cavalier attitude' to clients – privacy commissioner
-
Strengthening board governance of personal information management.
-
Stengthening privacy leadership and strategy.
-
Enhancing ACC's privacy programme.
-
Strengthening the organisational structure.
-
Strengthening privacy accountability.
-
Reviewing and updating business processes and systems.
-
Providing additional resources to clear backlogs on privacy related processes.
Among some of the changes, the board will be required to include the word "privacy" in its terms of reference for committees responsible for privacy monitoring.
The recommendations also call for better staff training and "day-to-day" leadership of ACC's privacy programme.
There is also a recommendation to treat security as a business issue, rather than an IT issue and establish a clear process for managing "near-misses" and privacy breaches
ACC will also be required to shift its culture to include privacy, while encouraging staff to immediately report issues and near-misses.
Earlier this year, then-ACC chief executive Ralph Stewart admitted a staff member mistakenly sent out details of more than 6000 claimants by email to Ms Pullar in August last year.
He said a spreadsheet with records of the name of the client, their claim number and local ACC branch were attached to the email.
Two hundred and fifty people with sensitive claims could be identified. Those claims are made when sexual abuse or assault results in a mental injury.
The Pullar affair subsequently led to former ACC minister Nick Smith resigning his portfolios, ACC board chairman John Judge’s departure, along with Mr Stewart, deputy chairman John McCliskie, director Rob Campbell and then board member Murray Hilder.
ACC interim chairwoman Paula Rebstock has welcomed the recommendations and says ACC will be implementing them in full.
She acknowledges the events of the past six months have raised serious questions about the insurer's management systems and its privacy.
"If something goes wrong, we must have systems to respond quickly and appropriately, and just as importantly, we need to find out what went wrong so we can try to prevent it happening again."
Meanwhile, Ms Provost's report will be tabled in parliament later today.
She launched her investigation in April.
At the time, she said her investigation would cover aspects of ACC’s governance not being examined elsewhere, including:
- Policies and practices at ACC for managing risks relating to conflicts of interest, legal compliance, and communications between board members and clients and staff.
- Policies and practices that apply when claimants personally contact board members.
- How any matters relating to Ms Pullar that came to the attention of the board or individual board members were dealt with on any other matters that the auditor-general considers it desirable to report on.
ACC has since apologised to those claimants whose details were leaked.
Back to home
Back to top
Print
Latest
NBR SERVICES
SUBSCRIPTIONS
Sign up for NBR subscriber content or email alerts
Comments and questions10
John Judge's stewardship.. great ! NOT !
Real scary for the ANZ.
Judge's attitude towards conflicts of interest are more worrying that his cavalier attitude towards privacy issues
Have you seen the OAG Report: http://www.oag.govt.nz/reports/2012/inquiry-acc-board-level-governance
The Minister treats ACC as a Government Department! Sounds like the MInister is interfering with ACC operational matters. The SSC should integrate the Ministers' actions.
Why should it care. It cannot loose income no matter what.
Watch that situation change very quickly once exposed to competition.
You are onto it, exactly right, also a private insurer would not be seen as such a soft touch for blackmail either, unlike a Gov. owned one that must lean towards losers demands in case the claimant might rush off to the media.. Cheers
I still haven't heard/seen/read a valid reason why Bromwyn Puller needed to "hold onto" all this private information in the first place?
Why didn't she just inform ACC of their human error, delete it and go about her own business? Why the need to keep all this information until her case had been finalised?
The cynic in me can't help but wonder if some form of stand-over tactic was being attempted on ACC?
Seems there's some really dodgy, whiffy rational and reasonings goings on.
Bronwyn could always front-up and explain in her own words...
She has done and has answered all your questions and addressed all your issues. But if you had noticed, would it have changed your stirring regardless?
No, I understand she answered the questions she wanted to answer, and the real tough questions were avoided in a craftily staged interview tightly managed for its PR effect...
Because if she had simply informed them and then away she went, then firstly they would likely have done nothing about fixing this breach, and secondly the public would have been none the wiser as to how ACC regard their private information.
I have done a huge number of assessments through ACC, and I'm guessing that is not the case with you, as you seem to have no real idea of how sensitive and personal that information is. Internal ACC policy states that only your case manager and the medical advisor should ever see your medical information - yet when most claimants get their file it appears that half of ACC has read, passed on, commented or gossiped about the content of their reports. Would you accept that from your doctor or lawyer? I think not.
You go Solidarity, with you all the way.