27 March 2012

ACC must protect data, lawyer says

An article from the Otago Daily Times by By John Gibb
Dunedin lawyer Peter Sara is urging a "culture change" over privacy issues at the ACC after the names of several hundred Otago claimants were included in an email mistakenly sent to Auckland resident Bronwyn Pullar late last year.
Acclaim Otago, a group supporting Otago ACC claimants, has written to Privacy Commissioner Marie Shroff voicing its concern about wider privacy practices at ACC and offering to make some input during the commissioner's inquiry into privacy issues at ACC. ACC needed to tighten up its privacy practices, so that all electronic data involving clients was encrypted and password-protected, Acclaim Otago president Denise Powell said recently.
ACC has apologised for the email privacy breach, which involved the names of 6725 ACC claimants throughout the country, including 137 people with "sensitive" claims, involving rape and sexual abuse. The emailed information involves a spreadsheet listing the names of ACC clients and client reference numbers, relating to claims going through the Disputes Resolution Services Ltd review process, apparently between July 1, 2010 and June 30 last year. The spreadsheet had earlier been sent internally to ACC branch managers throughout the country.
It is understood more than 700 Otago reviews were considered in that 2010-11 period, and it is believed at least 400 Otago people were named in the list. The ODT has made an Official Information Act request to ACC to obtain the exact number of Otago people involved. A much smaller group of "sensitive" Otago claimants were also named.
Mr Sara, who has been dealing with ACC cases for more than 30 years, said ACC needed to take concrete action to prevent such privacy breaches being repeated. In recent years, when ACC client file material was sent to him at his request, some information about other clients had been wrongly included about six times a year. He believed that up to 200 of his own clients' review claims could have been referred to on the Auckland email list.
An ACC spokeswoman noted that ACC had provided an interim report to ACC Minister Judith Collins. The Privacy Commissioner and ACC were working together to develop terms of reference for a substantive review of both the incident and ACC's privacy operating practices, the spokeswoman said.
Dr Powell has recently received her own letter of apology, signed by Denise Cosgrove, ACC general manager, claims management. Ms Cosgrove said ACC took the collection and storage of its clients' information "very seriously", and apologised for Dr Powell's name being accidentally disclosed in the Auckland email.
© 2012 Allied Press Ltd

http://www.odt.co.nz/news/dunedin/202962/acc-must-protect-data-lawyer-says

No comments:

Post a Comment