The number of inquiries into ACC's mass privacy blunder has widened, with the Office for the Privacy Commissioner announcing it will investigate not just the huge breach of privacy but also the corporation's standards for securing personal information. The inquiry, announced yesterday, follows calls by ACC Minister Judith Collins for an urgent report from ACC on the breach.© 2012 Fairfax New Zealand Ltd
A sensitive claims client whose privacy was breached said the corporation had apologised at least nine times for previous breaches. The client has written to ACC chief executive Ralph Stewart asking why she should believe the corporation's mantra it "takes the privacy of its clients seriously".
ACC also gave her repeated written assurances that only three people in the sensitive claims unit had access to her files, she said. "Why then were at least 50 other team managers, including case managers external to the unit, privy to my information?"
Calls have been mounting for an independent report into ACC's privacy processes this week after it was revealed more than 9000 claims - some featuring well-known people - were emailed to a person who should not have received them.
Senior management at ACC were told three months ago that they had possibly made the biggest privacy breach in New Zealand history but, apart from asking for the data back, they failed to investigate or contain the breach. The details revealed included full names, the nature of each claim and dispute, and individual claim numbers, as well as personal information on nearly 250 claims within the sensitive claims unit. Some of the names were public figures, and others were victims or alleged victims of violent and sex crimes.
The unit claimant - who is not the recipient of the 9000 claims - said she had been grossly misled by staff who had told her that her name and details would not go outside the unit. "Clearly my information is available to all and sundry within ACC and external to ACC," she told Mr Stewart. "Your reassurances on many media forums [yesterday] that this is a one-off is completely meaningless and trite, when in fact privacy breaches keep on occurring."
The client was sick of getting "the same apology letter" saying "on this occasion we have fallen short of our expectations and we have put in place systems that will prevent this happening again". She told Mr Stewart: "I simply do not believe you or ACC any more and I have no faith, trust, confidence or belief that this will not occur again."
Mr Stewart said he would respond to the client "directly".
Ms Collins said yesterday ACC needed to improve its privacy processes "straight away". She was also critical of the claimant not returning the data to ACC immediately.
The sensitive claims client said that criticism was appalling because the client did not divulge any confidential details from the files they had been wrongly sent.
"The minister is blaming the ACC client.
"But it was ACC management who were told about it and it was ACC who breached our privacy, not the poor recipient."
The Dominion Post was also contacted by two ACC clients yesterday who said that, when ACC called to say their privacy had been breached, they were told the breach was of "no concern" and the newspaper was hyping it up.
"Actually it's up to me to decide if I'm concerned my privacy has been breached," one client said.
SLOPPY PRIVACY PROTECTION, SAYS CLIENT
A man who was paid $12,000 by ACC for breaching his privacy was later sent sensitive information by the corporation relating to fraud investigations. Even after being ordered by the privacy commissioner to pay Bruce Van Essen $12,000, ACC then sent him a document identifying six people, and their case details, who were under investigation.
Mr Van Essen said the privacy breach last year was yet another example of a sloppy culture of privacy protection at ACC. "Regardless if they are under investigation for fraud or not these people still have privacy rights yet ACC couldn't care less."
The fraud details were wrongly sent to him last year and he said it took three phone calls to ACC over several days before a member of ACC's fraud unit finally contacted him. ACC asked him to return the information and Mr Van Essen agreed, on the condition that the corporation tell the six people their privacy had been breached.
Mr Van Essen, who lives in Dunedin, said ACC has repeatedly flouted his privacy. "Just before Christmas ACC paid me $12,000 for a privacy breach that the privacy commissioner upheld in 2007."
He said it had taken him nearly five years to settle that breach and he has also had several other privacy breaches upheld by ACC.
The Dominion Post was also provided with an edited document yesterday containing another nine privacy breaches of ACC clients' details. The details included names, occupations, diagnosis of injuries and duration of compensation to the clients. The details were sent to an ACC client who should not have received them.
http://www.stuff.co.nz/dominion-post/news/politics/6569694/ACC-filing-systems-under-investigation
No comments:
Post a Comment