There's an old saying that it's too late to be sorry. ACC needs to remember that.© 2012 Fairfax New Zealand Ltd
Chief executive Ralph Stewart yesterday apologised for the latest gaffe by his staff and said they would be calling or writing to 6748 clients with an apology after their privacy was breached when a spreadsheet containing the names and details of at least 9000 claims was emailed to a client. This is not the first time this sort of thing has happened.
The corporation handles some of the most personally sensitive information of any government department and has said before that it does everything to ensure its processes are robust and secure.
Clearly they are not.
The most worrying aspect of the latest security breach, however, is that senior ACC managers were told about it in December. A staffer asked for the information back but did nothing more to follow through.
The client also sent alerts to more than 50 ACC managers raising concerns about the security of information held by the sensitive claims unit, which deals with cases including claims of rape and sexual assault. Details on 250 clients of that unit were included in the mailout.
But it wasn't until the client talked to a Fairfax journalist that ACC started taking the situation seriously.
A spokeswoman said they wished they had done more to investigate and Mr Stewart said the breach had been poorly handled. He has bought into the philosophy that there is no point defending the indefensible, but he's too late and the apology is meaningless without an explanation of how the internal processes were breached and why nothing was done sooner.
ACC Minister Judith Collins and Privacy Commissioner Marie Shroff have asked Mr Stewart to provide an explanation, and these details should also be made public.
It is accepted that ACC deals with a huge number of cases each year, with claims involving contacts with multiple parties such as the claimant, the employer, medical organisations and care providers. Cases are handled by staff who are human and can add the wrong address to an outgoing email.
An organisation that operates in this environment will have appropriate checks and balances in place.
So it is a struggle to understand how a spreadsheet on 9000 claims can be attached to an email and find its way through that checking system to the wrong inbox.
http://www.stuff.co.nz/marlborough-express/news/opinion/6571581/Editorial-Apology-meaningless
No comments:
Post a Comment