24 August 2012

Knee-jerk privacy measures put ACC staff under more stress

A press release from the Public Service Association
The Public Service Association says ACC has introduced a range of knee-jerk processes around privacy which are only serving to put staff under more pressure.
An independent report into privacy breaches has blamed systematic weaknesses and says a culture change is needed from the top down.
“Frontline ACC staff have been working in a high pressure environment due to cost-saving driven restructuring. They are the ones dealing with the fallout from poor management and privacy breaches which happened at much higher levels of the organisation,” says PSA National Secretary Richard Wagstaff.
“What they are currently facing is a kneejerk response from ACC which will do nothing to change the top down culture outlined in the report.”
ACC staff are reporting that a range of new checks and procedures have been introduced which they were not consulted about and which are having an almost unmanageable effect on their workloads and ultimately their service to clients.
“In its haste to clamp down on privacy breaches ACC is not giving frontline staff the support they need and is transferring a culture of fear down through the organisation,” Richard Wagstaff says.
The PSA says it is good to see the independent report into the privacy breaches acknowledging the need for strong leadership, clear policy and more support for staff.
“ACC should use it as a turning point to make meaningful change throughout the organisation. Staff want to ensure that everything is done to protect client privacy and rebuild public confidence in ACC. They want to be part of the solutions,” Mr Wagstaff says.
http://www.scoop.co.nz/stories/PO1208/S00383/knee-jerk-privacy-measures-put-acc-staff-under-more-stress.htm

Claimants shouldn’t be forgotten in ACC fallout

A press release from the Labour Party by Andrew Little
ACC must take the concerns of sensitive claims unit claimants seriously, and set up a high level unit to deal with the outstanding complaints around breaches of privacy and misuse of information, Labour’s ACC spokesperson Andrew Little says.
Two independent reports yesterday highlighted the "cavalier" nature of information management and called for a change in culture within the Corporation.
"While the work of the two review teams will be helpful in moving to a healthier culture at ACC, it is still surprising little was said by either review team about the fate of nearly 200 sensitive claims unit claimants who had some of their details released in the mass privacy breach that was the subject of the investigation.
"The Privacy Commissioner's review treated the SCU claimants too lightly when it implied not much identifying information was disclosed, but the report shows there was an identifying code for the issues under appeal, so unauthorized ACC staff would know exactly what those claims were about.
"A couple of months ago Labour called for a high level independent review team to be set up straight away to deal with all existing complaints about misuse of information.
"If ACC and Judith Collins are serious about restoring confidence, then this is an initiative that could go a long way to doing so as well as exorcising some difficult demons that will only hold the Corporation back if they are not dealt with.
"ACC really needs to accept that an entirely new approach is required. All of the difficult files of recent years need to be reviewed with a fresh pair of eyes so everyone can move on with the confidence that they have been treated fairly,” said Andrew Little.
http://www.scoop.co.nz/stories/PA1208/S00370/claimants-shouldnt-be-forgotten-in-acc-fallout.htm

Privacy breach a warning for others

An article from the Nelson Mail by Laura Basham
In a chilling revelation, an inquiry into the case of ACC emailing sensitive details about more than 6000 claimants to the wrong person reveals it could have happened to any big government agency.
A spreadsheet containing details of the 6000-plus claimants - including more than 200 handled by the ACC's sensitive claims unit dealing with rape and sexual abuse victims - was emailed to Auckland woman Bronwyn Pullar after an ACC staffer mistakenly clicked on it and sent it as an attachment without noticing.
An inquiry yesterday found simple human error was to blame for the breach, which has so far claimed the scalps of a government minister, the chairman and chief executive of ACC and could yet claim further victims as the hunt continues for the person who leaked an email from Pullar support person, former National Party president Michelle Boag, to ACC Minister Judith Collins.
Former ACC minister and Nelson MP Nick Smith said today he was pleased that the reports concluded that Ms Pullar did not receive any extra entitlements or benefits as a consequence of her friendship with him or that she was known through the pipfruit industry and to former ACC director John McCliskie. The inquiries were initiated out of allegations that because Ms Pullar had been involved with the National Party, she had received entitlements, he said.
"These reports show that is not true and that both myself and the board were very clear Bronwyn Pullar should not be treated in any way differently from any other claimant," said Dr Smith.
However, he said he still regretted writing the letter attesting to Ms Pullar's health prior to her accident, that ultimately triggered his resignation from his ministerial portfolios in March.
Dr Smith also noted that the system issue that led to the accidental email of a large file of client information could happen to other government agencies, and said there needed to be a broader review of systems to ensure that did not happen.
The release of the reports concludes the investigations on the ACC issues, but Dr Smith would not be drawn on the issue of his potential return to Cabinet, saying it was up to Prime Minister John Key. "We'll just have to see how it goes."
The report released yesterday remains silent on whether ACC was justified in going to police over claims that Ms Pullar tried to use the data breach to guarantee her benefit for two years - despite four members of the independent review team listening to a tape recording of the meeting where the blackmail threat was alleged to have been made. Police later tossed out the complaint because of a lack of evidence but ACC has so far refused to apologise to Ms Pullar over the claim.
The head of the review team, former Australian privacy commissioner Malcolm Crompton, said the blackmail allegation was outside the inquiry's terms of reference.
The inquiry, commissioned by the Privacy Commissioner and ACC, was one of two reports released yesterday into the mass privacy breach. The second was by Auditor General Lyn Provost. Both reports call for a culture change at ACC, which acting chairwoman Paula Rebstock promised yesterday would occur after the privacy breach raised "profound questions about our management of private information".
Privacy Commissioner Marie Shroff said the breach threw the spotlight on the use of personal information by government agencies.
"Public sector agencies collect information from us on a very large scale, often by compulsion, in a situation where we really have no alternative but to provide it. The information is held these days in vast electronic databases. That information is the necessary lifeblood of those agencies and a major business asset for those agencies. But the bargain for us, the citizens, the clients, is we need to be able to trust those agencies to protect our information and not to misuse it or lose it."
Both reports released yesterday raise questions not just about the privacy breach, but also over the treatment received by Ms Pullar, who was a former high-flying business woman and moved in National Party circles. Mrs Provost found Ms Pullar received special treatment after she approached a former business associate, Mr McCliskie, who was on the ACC board, over her case and he set up a meeting with senior managers.
"Although meetings with such senior ACC officials are not without precedent, few claimants have that opportunity," she noted.
© 2012 Fairfax NZ News

http://www.stuff.co.nz/nelson-mail/news/7541881/Privacy-breach-a-warning-for-others

ACC privacy report may lead to wider overhaul

An article from the New Zealand Herald by Adam Bennett
All government agencies' handling of private data may be reviewed after an independent inquiry into the ACC privacy breach found it could have happened in any department.
The report by former Australian Privacy Commissioner Malcolm Crompton and accountancy firm KPMG examined what led to a spreadsheet containing details about 6748 clients being emailed to claimant and former National Party insider Bronwyn Pullar last year, and ACC's response when it learned of the breach in December.
It concluded that the breach, which was disclosed to the public, senior management and ACC Minister Judith Collins only when Ms Pullar went to the media with the information in March, was down to "a genuine human error".
However, "such an error was more likely to occur because of systemic weaknesses within ACC's culture, systems and processes".
The report also found ACC's subsequent response process could have been better "if appropriate policies, practices, escalation protocols and the right culture were in place".
It made a series of recommendations to improve privacy handling at the corporation.
Acting ACC chairwoman Paula Rebstock said the corporation would be implementing the review's recommendations in full.
Speaking to reporters, Mr Crompton said Ms Pullar had done the public "a service by making sure that we pay attention to the proper governance of personal information".
"Most organisations should be taking great note of the fact that it could have been them."
State Services Commissioner Ian Rennie said the report was "a dramatic reminder of the need for all government agencies to treat private information with the utmost care and respect".
"To this end, I am considering that state sector chief executives review their systems for handling private information. Any stocktake would initially be targeted on areas of greatest potential risk."
But Labour's ACC spokesman, Andrew Little, said he did not believe Mr Crompton's claim it was bad luck that the breach occurred at ACC rather than another department.
"There is nowhere else in the Government where there has been the apparent sloppiness in the approach to managing that information as at ACC."
Mr Little said the National Government on coming to power had painted a picture of an organisation in financial crisis that therefore needed to focus on cutting costs.
"That is at least one explanation for the more cavalier attitude towards claimants, their issues and their privacy. I don't think the Government can disown responsibility for it having got to this point."
Privacy Commissioner Marie Shroff, who commissioned yesterday's report, said it appeared ACC staff had been under pressure and "a failure in systems processes and perhaps leadership has led to them developing a somewhat cavalier attitude towards people's information and that needs to change".
Mr Little called for Ms Collins to be replaced as ACC Minister to allow the culture change required. Ms Collins dismissed that call, and Mr Little, as "silly".
A report by Auditor-General Lyn Provost into whether Ms Pullar gained any advantage in the way her claim was treated because of her connections with former board member John McCliskie, which was also released yesterday, found no evidence that was the case.
But the report did raise concerns Mr McCliskie and then-chairman John Judge failed to recognise wider allegations of illegality and fraud at the corporation brought to their attention by Ms Pullar late last year.
© 2012 APN Holdings NZ Ltd

http://www.nzherald.co.nz/nz/news/article.cfm?c_id=1&objectid=10829060

ACC victims still bruised by privacy breaches

A report from Radio New Zealand National
In the wake of a critical report into ACC's culture and privacy failings, victims of its substandard processes feel let down by the corporation they thought was there to help them.


Copyright 2012 Radio New Zealand

http://www.radionz.co.nz/national/programmes/morningreport/audio/2529096/acc-victims-still-bruised-by-privacy-breaches

Privacy lawyers astounded by report on ACC privacy breach

A report from Radio New Zealand National
Privacy lawyers are astounded by the report on the Accident Compensation Corporation, saying the internal problems identified should not exist in any well run organisation.


Copyright 2012 Radio New Zealand

http://www.radionz.co.nz/national/programmes/morningreport/audio/2529088/privacy-lawyers-astounded-by-report-on-acc-privacy-breach

Culture of fear at ACC

An article from the Dominion Post by Phil Kitchin
Further action could yet be taken against senior ACC managers who failed to act on whistleblower Bronwyn Pullar's first warnings of a massive privacy breach.
As a damning independent report into the breach was published yesterday, ACC Minister Judith Collins has revealed that senior management were operating in a culture of fear at the time.
The report vindicates Ms Pullar, who revealed the breach after making repeated complaints to ACC management, board and staff members about privacy and other alleged breaches of the corporation's codes and laws.
Ms Pullar, an ACC client, was inadvertently sent private details of 6500 fellow clients. The information contained names and details of hundreds of people from ACC's sensitive claims unit, including rape and incest victims.
Since The Dominion Post revealed the privacy breach in March, the fallout from the scandal has included the resignations of Cabinet minister Nick Smith and chief executive Ralph Stewart, and the departure from ACC's board of chairman John Judge and directors John McCliskie and Rob Campbell.
Ms Collins said yesterday she had been told by Mr Stewart that, when he arrived in August last year, "even senior management worked in a culture of fear ... people felt they could not tell others about what had happened".
Asked whether she believed ACC should take action against senior managers involved in the case, she said it was difficult to comment on individual staff.
Interim ACC chairwoman Paula Rebstock said yesterday that she could not talk about individual managers either, but ACC would look at performance issues and take appropriate action. The corporation accepted it had a poor culture on privacy and would accept a string of recommendations to change that culture, she said.
Ms Collins said she expressed concerns about ACC's culture to Mr Judge on more than one occasion, and said she wanted clients treated with respect, courtesy and professionalism. The board did not seem to understand "just how important privacy was", and in June she dumped Mr Judge, Mr McCliskie and Mr Campbell by not renewing their directorships. She said it was a serious error of leadership by the board not to tell Mr Stewart of a list of serious allegations made by Ms Pullar at a meeting with ACC senior managers Philip Murch and Hans Verberne in December.
An ACC report of that meeting, given to Ms Collins three days after The Dominion Post exposed the privacy breach, said Ms Pullar threatened to go to the media and would withhold details of the breach unless she was given a guaranteed benefit. But a tape recording Ms Pullar made at the meeting showed the allegations were false, as was the statement by ACC that no specific details on the breach were given to the managers.
The report to Ms Collins also said that, given the serious nature of the breach, the details should have been escalated to more senior ACC management but were not.
Inquiries by police and the auditor-general later showed that statement was also wrong, and that the two managers at the meeting informed two superior managers and the board secretary about it.
Ms Rebstock said yesterday that, if any allegations in the report to Ms Collins were incorrect, "we will correct it". The original report was still on ACC's website yesterday.
Ms Pullar said she was pleased the report had vindicated concerns she had been trying to raise for years, and she was heartened that Ms Collins said all its recommendations were accepted. She said changes would provide better and fairer outcomes for everyone dealing with ACC.
© 2012 Fairfax New Zealand Ltd

http://www.stuff.co.nz/national/politics/7538313/Culture-of-fear-at-ACC

23 August 2012

Coalition welcomes opportunity provided by reports

A press release from the ACC Futures Coalition
The two reports on ACC commissioned by the Privacy Commissioner and the Office of the Auditor-General may highlight failures but they also provide an opportunity to rethink the direction of the scheme, according to the ACC Futures Coalition.
“We welcome these reports,” said ACC Futures Coalition spokesperson Hazel Armstrong. “They confirm that there were problems at the governance and senior levels of the corporation with regard to the management of risk and claimants’ information.”
The report of the Privacy Commissioner (conducted by KPMG) found that the release of claimants’ details to Bronwyn Pullar, which occurred in August 2011, was a genuine error but occurred because of systemic weaknesses within ACC's culture, systems and processes.
“There is much to like about the KPMG report,” said Ms. Armstrong, “for example, we are pleased to see the emphasis that the report places on organisational culture. The report emphasises the need for a balance between ‘privacy, customer service and efficient and effective management so that “firm is also seen as fair” by ACC and its external clients and stakeholders.’ The report also stresses the importance of a culture of respect for claimant privacy which will lead to the wellbeing of clients and to achieving community trust in ACC.”
“We see these points as recognition of the link between the problems with the culture around the protection of information and the wider culture of the corporation,” said Ms. Armstrong.
“When discussing the culture of corporation the report raises the challenge arising from conflicting political views on the role of ACC and the resulting fluctuations in scheme performance, stating that this has resulted in ambiguity for staff in terms of customer service and managing claimant entitlements. There is a need for multi-party agreement on the future of the scheme,” said Ms. Armstrong, “something which the ACC Futures Coalition has been calling for since its inception.”
“These reports represent an opportunity to achieve a consensus on the future direction of the scheme,” said Ms. Armstrong. “We have begun the process of developing our own manifesto for ACC and are organising a one-day seminar in late October to assist us with that process. We want to contribute to a debate about how we can restore the scheme to its original founding values and we hope that all the parties and the Minister, will join us.”
“Both of the reports also identify failings at governance level around management of risk,” said Ms. Armstrong.
http://www.scoop.co.nz/stories/PO1208/S00364/coalition-welcomes-opportunity-provided-by-reports.htm

Question to Minister

4. DAVID BENNETT (National—Hamilton East) to the Minister for ACC: What are the findings of reports released today by the Privacy Commissioner and the Auditor-General about a privacy breach and governance at ACC?



Hon JUDITH COLLINS (Minister for ACC): The independent report released by the Privacy Commissioner focused on ACC’s culture, policies, and practices around privacy and security of information. It found that these were not up to 21st century standards. The Auditor-General focused on governance of the corporation, and found that senior board members involved and management failed to recognise the systems of systemic failure around privacy and security information, and did not take the appropriate steps. I agree with all the findings.
David Bennett: What specific concerns did the independent report and the Auditor-General raise, and what is ACC doing to address these?
Hon JUDITH COLLINS: The independent report released by the Privacy Commissioner noted systemic weaknesses, including a variable culture around the importance of handling private information carefully and a lack of accountability for addressing privacy issues. ACC will undertake a significant programme of work to address concerns raised by both the independent report and the Auditor-General. A timetable for this programme of work is included in the report from the Privacy Commissioner, and I expect ACC to make the required changes as a priority.
Andrew Little: In view of the findings in today’s reports, both released at 2 p.m., that ACC board members, which her Government appointed, were too inexperienced to appreciate the gravity of Bronwyn Pullar’s complaints, and that the corporation took a cavalier attitude to protecting claimant privacy, what steps is she taking to fill the multiple board and senior management vacancies with people who understand ACC and the importance of utmost public confidence in it?
Hon JUDITH COLLINS: The question is not quite correct in one of the assumptions. I will deal with that first and then deal with the substance of the question. In fact, the board members who were named in the reports as having not appreciated the seriousness of the situation were its longest-serving board members—the chair and deputy chair. In relation to the filling of the board positions, I can tell the member that there is a very thorough process that is ongoing. Interviews are being undertaken and I am putting a great deal of thought into making sure we get the right combination of board members with the right skills, the right character, and the right experience.
David Bennett: What expectations has she set for ACC to improve public trust and confidence in how it operates?
Hon JUDITH COLLINS: Earlier this year I signed a letter of expectations and a service and purchase agreement with ACC outlining my priorities for the board. I expect the ACC board to improve public trust and confidence, improve the management and security of private information, maintain a focus on levy stability and financial sustainability, ensure early resolution of disputes, and provide high-quality service for clients. The Auditor-General noted that “this approach will lead to a more balanced and comprehensive approach to the governance and operation of ACC.”
Hon Trevor Mallard: In light of the Privacy Commissioner’s comment that the ACC culture change has to start at the top, what action has she taken to plug the leaks from her office?
Hon JUDITH COLLINS: There are no leaks from my office, as that member well knows.

http://www.scoop.co.nz/stories/PA1208/S00350/questions-and-answers-august-23.htm

ACC fiasco starts and stops with the Minister

A press release from the New Zealand Labour Party by Andrew Little
The Privacy Commissioner’s report into the ACC leaks is a litany of leadership gone wrong, Labour’s ACC spokesperson Andrew Little says.
“In slamming the culture at ACC, the Commissioner says it is ‘vital’ for a change starting at the top.
“So let’s start with Judith Collins. This whole fiasco is a direct consequence of the Government clearing out experienced board members, putting in their own, overseeing strategies aimed at cost cutting rather than treatment and rehabilitation – which a more experienced board member might have expressed caution about – and then not recognising they were facing allegations of serious problems with the Corporation’s conduct.
“It is not good enough to name and blame others. The Cabinet that Ms Collins is part of has driven the agenda on this and she must take responsibility for the fallout.
“It’s not enough for ACC to be a clip-on to a senior Minister’s other roles.
“If the Government is serious about change from the top then it should start by having a dedicated minister in the role who can work closely with the board and senior management to bring about the necessary changes.
“We will only know the government has taken the reports of both the Privacy Commissioner and the Auditor-General seriously when it appoints a minister who can win public confidence.
“It is essential, too, that the recommendations are put into effect as soon as possible, so that ACC can once again stand by its reputation as a world-class insurance agency,” said Andrew Little.
http://www.scoop.co.nz/stories/PA1208/S00340/acc-fiasco-starts-and-stops-with-the-minister.htm

Privacy Commissioner urges ACC culture change

A press release from the Office of the Privacy Commissioner
The Privacy Commissioner says a culture change starting at the top of ACC is vital if further data security breaches are to be prevented.
Marie Shroff is commenting on the findings and recommendations of the Independent Review of ACC Privacy and Security of Information that were released today.
The report was commissioned jointly by the Office of the Privacy Commissioner (OPC) and the ACC Board following the unauthorized disclosure of details of 6,748 clients.
"The review has found the breach was a genuine error and I accept that. But it also shows the error happened because of systemic weaknesses within ACC's culture, systems and processes," says Ms Shroff.
"The reviewers noted a good level of privacy awareness especially at branch level. But the review also highlights a culture that, according to stakeholder feedback to the reviewers, has at times "an almost cavalier" attitude towards its clients and to the protection of their private information.
"The review shows that information stewardship is low level and defensive and focuses on breaches and complaints rather than taking strong leadership that emphasises respect for clients and their information.
"That is not good enough particularly in this digital age. Personal information is the lifeblood of ACC and it is vital that ACC treats that information with respect - the trust of its clients and, in many respects, the success of its operations depends on it."
Ms Shroff says the report shows that ACC lacks a comprehensive strategy for protecting and managing its client information.
"This sort of data is a major business asset with associated risks that have to be managed.
"While ACC has elements of privacy protection and security, these are not up to the standard expected of a responsible public sector agency that holds highly sensitive information on a large number of people.
"Changing that is essential. And the changes, which must include a culture change, have to start right at the top."
The review recommends that an independent audit of how ACC has implemented the changes is undertaken every two years and provided to the Privacy Commissioner.
Marie Shroff welcomes the recommendation.
"It's evident from the report that a lot needs to change before public confidence in ACC can be restored. I believe it can be done, but only if ACC takes the review's findings and recommendations seriously and gives its many good and committed staff the support they need to implement the necessary changes.
"The review provides a strong set of proposals. I will closely monitor ACC's progress as it implements these changes."
Ms Shroff says the data security breach at ACC has provided a timely warning to both public and private sector organisations.
"Agencies that hold large amounts of personal information should be taking note of what has happened at ACC and learn from its mistakes. Many organisations will recognise it could just as easily be them in the headlines."
http://www.scoop.co.nz/stories/PO1208/S00359/privacy-commissioner-urges-acc-culture-change.htm

Inquiry into aspects of ACC's board-level governance

A press release from the Controller and Auditor-General
In April 2012, I decided to inquire into aspects of the interaction between the Accident Compensation Corporation (ACC) and one of its claimants, Bronwyn Pullar. I wanted to know whether the ACC Board had policies and procedures for managing interaction between Board members and individual claimants who might be known to them. I wanted to be sure that a claimant could not gain any advantage by approaching a Board member.
My inquiry found no evidence that Ms Pullar's approach to one of ACC's Board members affected her claim to ACC. However, the Board had no formal policy to guide Board members on communication with individual claimants, a deficiency it is rectifying. The handling of the matter depended on the long experience in governance of ACC's Chairman and Deputy Chairman, who were the two Board members concerned.
Of greater concern was ACC's failure to recognise Ms Pullar's wider allegations of illegality and fraud as risks to the organisation. I have no view as to whether there is any justification to the allegations, because that was not the subject of my inquiry. However, a public entity should always take allegations that threaten public trust in the organisation seriously. ACC is one of New Zealand's largest public entities and an important part of public services for New Zealanders.
My inquiry team concluded that ACC management and the Board members concerned failed to appreciate the risk that those allegations presented. It seems that the Board and ACC management were so focused on the appropriate separation of governance and operational matters that they did not recognise these issues as possible symptoms of systemic failure.
The events that gave rise to my inquiry occurred when the Board was relatively new and there was extensive change in senior management. Change in ACC will continue, because it will have a new Chairperson, several new Board members, and a new chief executive in the next few months. I consider that a new Board member, even if that person is an experienced director, will take two to three years to understand key actuarial and financial aspects of ACC, as well as its culture.
I asked my Deputy, Phillippa Smith, to carry out my inquiry. Because my inquiry concerned issues of practical governance, we engaged James Ogden, an experienced company director, to advise her on those matters. I am grateful to Mr Ogden for his assistance. I also thank the ACC personnel we interviewed and Ms Pullar, for their assistance with my inquiry.

accboardlevelgovernance.pdf
http://www.scoop.co.nz/stories/PO1208/S00357/inquiry-into-aspects-of-accs-board-level-governance.htm

Damning reports show Government’s role in ACC dysfunction

A press release from the Green Party by Kevin Hague
Reports into ACC provide the most compelling evidence yet that the Government’s focus on saving a buck has caused ACC to lose sight of its role in helping injured and vulnerable New Zealanders, the Green Party said today.
Following requests from the Green Party, reviews into the Bronwyn Pullar Privacy breach and ACC board governance were conducted by the Privacy Commissioner and the Auditor General. Reports on both were released today.
“They reveal a corporation in desperate need of a culture change which the Privacy Commissioner stated must ‘start at the very top’,” Green Party ACC spokesperson Kevin Hague said.
“The reports cite the previous ACC minister’s focus on denying claimants every dollar he could as driving the culture at the corporation.
“And they show that ACC was prepared to sustain human casualties in its drive to achieve the Government’s goal.
“The current minister must now lead the top level change that’s been called for.
“The reports reveal a corporation bumbling along with archaic ideas about communication and responsibility which meant it failed both to treat claimants with decency, and to recognise enormous risks to the organisation even when they hit it in the face,” Mr Hague said.
The Auditor General expresses concern that serous ‘accusations of systemic illegality and fraud were not taken seriously by the corporation’.
And the Privacy Commissioner highlighted ‘an almost cavalier attitude towards its clients and to the protection of their private information’.
“These are two of the most damning reports on a Government entity I’ve ever read.
“It is clear that if board chairman John Judge had not already resigned, he would have been sacked today,” Mr Hague said.
The reports highlight three key issues:
  1. As a result of Nick Smith's direction to prioritise ACC's bottom line, the organisation had inadequate focus on the needs of its clients;
  2. The culture policies and systems of the organisation are a chaotic shambles that are not fit for purpose;
  3. Restoring public trust and confidence is an essential goal and will require very major change starting from the top.
“Given the seriousness of the findings, the Minster must now request that the Auditor General bring forward her review into claims management at ACC. Most of the serious claims Ms Pullar made appear not to have been considered by the board.
“What’s now needed is for visionary leadership to turn this organisation around and focus on the original principals on which it was founded.
“The Minister must ensure that future appointments to the board are up to this task,” Mr Hague said.
http://www.scoop.co.nz/stories/PA1208/S00337/damning-reports-show-governments-role-in-acc-dysfunction.htm

Dual investigations shows culture problems at the ACC

A press release from the New Zealand Association of Psychotherapists by Kyle MacDonald
Today’s dual reports from the Privacy Commisioner and the Office of the Auditor General into the privacy breaches at the ACC show deep concerns about the manner in which privacy is handled, and shows systemic weaknesses within ACC’s culture, systems and processes.
“This report will do little to reassure all those who were effected by the privacy breach and it is very clear that the ACC’s approach to privacy is still of deep concern and clear deficiencies remain,” says Kyle MacDonald of the New Zealand Association of Psychotherapists. “Along with the Auditor General’s report released today, I believe this underlines the fact that there have been, and remain, ongoing problems with the organizations culture.”
“It seems to me that despite ongoing statements by the ACC to the contrary, the blame for this massive breach of privacy and the subsequent frustrations of Ms. Pullar in trying to have her concerns heard, land squarely at the feet of the ACC and senior management. The ACC’s efforts to attack and dis-credit Ms Pullar should now also be called into question.”
The independent report commissioned by the Privacy Commissioner describes an “almost cavalier” approach to the management of private claimant information, and that “the importance of personal information and respecting individual’s personal information is not consistent and is often de-emphasised over dealing with the management of the claim/claimant."
Both reports emphasise the failures of Governance and the systemic and cultural issues that lead to the privacy breach and the way that subsequent events were handled.
http://psychotherapy.org.nz/dual-investigations-shows-culture-problems-at-the-acc/

Reports on ACC privacy, governance welcomed

A press release from the New Zealand Government by Judith Collins
ACC Minister Judith Collins today welcomed the Independent Review of ACC’s Privacy and Security of Information, and the Auditor-General’s Inquiry into aspects of ACC’s Board-level governance.
Ms Collins says ACC must deliver the high level of protection people rightly expect for their personal information and the independent report’s recommendations give clear directions for improvements.



“New Zealanders expect to be able to trust in ACC and be confident their sensitive information will be managed securely, and with care and respect.
“ACC staff have done their best, but they need leadership, tools and processes in place to support them in the important work they do. I am encouraged by the Board’s stated commitment to implementing the report’s recommendations in full.
“I have already put in place a new Service and Purchase Agreement to rebalance ACC’s priorities and set new targets to ensure ACC meets the highest standards of best practice and service for its clients.
“There is a great opportunity now for ACC to restore the public’s trust and confidence. Genuine culture change will take time, but with the right systems and processes, focussed leadership, and commitment to change, ACC can make positive progress.
“I am particularly pleased the authors of the independent review have provided a timeline for improvements in the privacy and security of information. I expect these to be met as a priority,” Ms Collins says.
Also released today, the Auditor-General’s Inquiry into aspects of ACC’s Board-level governance found senior Board members should have managed a client conflict of interest better and failed to recognise and appreciate the risks to ACC of the symptoms of systemic failure.
“The Auditor-General’s report makes it clear that neither the wider Board, nor the Chief Executive were aware of the issues,” Ms Collins says.
In addition, the Board did not have the right protocols to manage risks arising from conflicts of interest with claimants.
“The Auditor-General found the Service and Purchase Agreement the Government has put in place will lead to a more balanced and comprehensive approach to the governance and operation of ACC.
“Building on the strengths of the current four members, I am putting together a reconfigured Board that will have the right experience and the right commitment to leadership to take ACC forward,” Ms Collins says.
http://www.scoop.co.nz/stories/PA1208/S00335/reports-on-acc-privacy-governance-welcomed.htm

ACC chair on independent review of ACC privacy

A press release from ACC by Paula Rebstock
ACC and the Board want to thank the authors for the work they have done and the considered way they have presented the findings.
We will be implementing the recommendations made in full.
On behalf of the Board and ACC, I undertake that we will respond to the challenge before us.
ACC has a clear sense of purpose which is to help individuals, communities and businesses return to independence after accidents. The events over the last six months have raised profound questions about our management of information.
ACC must show customers and stakeholders that change is occurring, that we are responding quickly and that we can demonstrate that people’s personal information is being treated with the care and respect it deserves.
We need processes that help minimise errors with safeguards to provide checks and back-ups. If something does go wrong, we must have systems to respond quickly and appropriately, and just as importantly, we need to find out what went wrong so we can try to prevent it happening again.
The responsibility for this sits with the Board and Management of ACC to provide our people with the environment, tools and processes they need to manage information appropriately.
The review outlines seven broad areas for improving systems and processes with a series of detailed recommendations under each. Just as important, we need strong leadership, the right culture and unquestionable commitment to privacy – and that starts with the Board.
I would also like to acknowledge the work of the Auditor General and the Inquiry Report that was released today into aspects of ACC’s Board-level governance following the breach.
The OAG report recognises the critical importance of having clear and detailed protocols for dealing with communication between Board members and clients.
We accept the conclusions and will incorporate all the OAG recommendations to ensure our practices, training and Governance Manual underpin and support sound governance practice. This includes how the Board and management address any allegations of improper conduct.
The Board is clear about its responsibility and has undertaken to implement the measures in the Auditor General’s report.
Both the Independent Review of ACC and the Auditor General’s report will form part of a programme of work against which ACC can be measured.
We have put in place a structure to lead this work, and we will engage external specialist advice to help plan and prioritise the work ahead of us.
ACC will work closely with the Privacy Commissioner to measure and monitor progress on implementing the recommendations which include regular public reporting of results.
http://www.scoop.co.nz/stories/PO1208/S00352/acc-chair-on-independent-review-of-acc-privacy.htm

Independent review of ACC privacy and information security

A press release from KPMG by the Independent Review Team
A review of the Privacy and Security of Information at the Accident Compensation Corporation was released by the Office of the Privacy Commissioner and ACC’s Board today following a comprehensive review by an Independent Review Team comprising KPMG and Information Integrity Solutions Pty Limited.
The review examined the circumstances relating to a major data breach involving the inadvertent release of personal details of 6,748 ACC clients, and the appropriateness and effectiveness of ACC’s privacy and security policies and practices.
“Information is arguably the most critical asset in any organisation today. The challenge of protecting personal information has never been greater.” says Malcolm Crompton, former Australian Privacy Commissioner and Managing Director of Information Integrity Solutions Pty Limited. “While ACC has suffered a significant data breach, other organisations, both public and private, could face the same.”
The Independent Review Team concluded that the breach that occurred was a genuine human error, but that such an error was more likely to occur because of systemic weaknesses within ACC’s culture, systems and processes. ACC’s subsequent response process could also have been better if appropriate policies, practices, escalation protocols and the right culture were in place to allow for transparency of breach handling at the appropriate levels, in an appropriate manner.
The Recommendations of the Review Team are comprehensive:
  • ACC needs to put in place clear policies that create a positive privacy mindset as part of rebuilding customer trust and establishing a ‘firm but also seen as fair’ image in the minds of the public.
  • Strengthen Board governance of personal information management.
  • Strengthen privacy leadership and strategy.
  • Enhance its privacy programme.
  • Strengthen the organisational culture.
  • Strengthen privacy accountability.
  • Review and update business processes and systems.
  • Provide additional resources to clear backlogs on privacy related processes.
KPMG Partner Souella Cumming commented that “An organisation’s data needs to be protected by thorough and effective risk mitigation strategies to the same or higher levels as other vital assets. Without these strategies in place, the organisation is at risk of significant reputational damage.”
Malcolm Crompton and Souella Cumming noted “We emphasise the significance of a culture and environment where personal information is valued. This must be supported by an approach to compliance with the privacy principles that is embedded within governance, leadership, business processes and systems.”
This forms the basis of the recommendations in the report of the Independent Review Team.

Independent_Review_of_ACCs_Privacy_and_Security_of_Information__August_2012.pdf

http://www.scoop.co.nz/stories/PO1208/S00351/independent-review-of-acc-privacy-and-information-security.htm

Damning report expected on ACC

An article from the Dominion Post by Phil Kitchin
An independent investigation into ACC, prompted by revelations of a mass privacy breach, is expected to condemn the corporation's culture and processes.
A report due out today is expected to bolster widespread criticism of ACC's repeated breaches of thousands of its clients' privacy since the mass breach was exposed by The Dominion Post. It is also expected to criticise ACC's leadership, privacy systems and the corporation's technology for dealing with highly sensitive information.
Fallout from the March privacy breach has included the resignations of Cabinet minister Nick Smith and ACC chief executive Ralph Stewart, and the departure from the corporation's board of chairman John Judge and directors John McCliskie and Rob Campbell.
The report is being made public on the same day that another by the Auditor-General's Office, on how ACC manages risk at board level, is tabled in Parliament.
Both investigations arose after an ACC client - later identified as Bronwyn Pullar - revealed she had been sent private details of 6500 fellow clients. The information contained names and details of hundreds of people from ACC's sensitive claims unit, including rape and incest victims.
In the ensuing fallout, The Dominion Post revealed that ACC grossly misrepresented what happened at a crucial December meeting between Ms Pullar, her supporter Michelle Boag, and two senior ACC managers.
In a report to ACC Minister Judith Collins, the corporation said Ms Pullar threatened at the meeting to go to the media and to withhold details of the mass breach unless she was given a two-year guaranteed benefit. The corporation laid a blackmail complaint with police.
But a tape recording of the meeting, made by Ms Pullar and provided to ACC, made a mockery of the blackmail allegations. It showed no such threats or demands were made, and that Ms Pullar was already on weekly ACC compensation. After police were provided with a copy of the recording, they dismissed the complaint, saying no offence had been disclosed.
Today's reports are not expected to end the scandal, as Ms Collins has taken defamation action against Labour MPs Trevor Mallard and Andrew Little for suggesting her office was involved in leaking an email identifying Ms Pullar as the whistleblower.
The privacy report has been compiled by former Australian federal privacy commissioner Malcolm Crompton and accountancy firm KPMG. Ms Collins has seen the draft and has said she agrees with it. Ms Pullar and Ms Boag would not comment because they said they did not yet know what was in the final report.
© 2012 Fairfax New Zealand Ltd

http://www.stuff.co.nz/national/politics/7530250/Damning-report-expected-on-ACC

20 August 2012

Mixed results in sensitive claims survey

An article from NZ Doctor by Katie Marriner
A survey of ACC sensitive claims providers generated mixed responses on how recommendations from a report to improve the service have been implemented.
Respondents were surveyed in 2010 on the 14 recommendations proposed in an independent review of the sensitive claims pathway conducted by former mental health commissioner Barbara Disley (New Zealand Doctor, 22 September 2010).
When asked how "client-centred" ACC's sensitive claims communications were at the time of the survey compared to 18 months before, 83 per cent of respondents thought they were either much better, better or somewhat better.
Most people (41 per cent) thought the 16 hours of support sessions for certain claimants "definitely" improved access for claimants in the early stage of their claim.
But more than half (55 per cent) of respondents thought ACC was not applying the definition of "mental injury" using a range of assessment tools which was the purpose of recommendation three.
Most respondents (34 per cent) said on-going professional development is the most important thing ACC could do to improve the quality of the service.
Of the 188 people that responded to the survey, most (36 per cent) were counsellors. Psychiatrists, psychologists and psychotherapists were among the other respondents.
All of the survey results are available here.
http://www.nzdoctor.co.nz/news/2012/august-2012/20/mixed-results-in-sensitive-claims-survey.aspx

17 August 2012

ACC sensitive claims provider survey results

An article from ACC
The results of the ACC Sensitive Claims Provider Survey on progress towards implementing the recommendations of the 2010 independent review of the sensitive claims clinical pathway are now available:
ACC Sensitive Claims Provider Survey Results (PDF 214K)
Thank you to all those providers who took the time to complete the survey.
http://www.acc.co.nz/news/WPC113455

16 August 2012

Question to the Prime Minister

5. Dr Russel Norman (Co-Leader—Green) to the Prime Minister: Does he agree with the statement made by the Hon Bill English, in relation to the release of Natasha Fuller’s private details by his Social Development Minister, that, “People who enter into public debate are welcome to do so … and should provide their full information to the public”?



Hon Gerry Brownlee (Leader of the House) on behalf of the Prime Minister: Yes.
Dr Russel Norman: Does the Prime Minister agree with the director of the Office of Human Rights Proceedings that Paula Bennett breached the Privacy Act when she released Natasha Fuller’s private details without her permission?
Hon Gerry Brownlee: In fact, there has not been a finding that the Minister Paula Bennett breached the complainant’s privacy.
Dr Russel Norman: Does that mean that he supports Paula Bennett’s decision to reserve the right to release other people’s private details without their consent in the future “depending on the circumstances”, and is this now Government policy?
Hon Gerry Brownlee: No.
Dr Russel Norman: Will the Prime Minister direct other Ministers to follow the Privacy Act and not release private information without the consent of the people concerned?
Hon Gerry Brownlee: Ministers do, every day, follow the provisions of the Privacy Act and many others as well.
Dr Russel Norman: When Taleni Lafo entered the public debate about the state of Housing New Zealand Corporation homes, claiming hers was making her children sick, under what circumstances would he consider it appropriate for Ministers responsible for the Inland Revenue Department, social development, or housing to access her personal details about herself and her family and make them public?
Hon Gerry Brownlee: The first expectation would be that the Minister investigated the circumstances and remedied the problem.
Dr Russel Norman: I raise a point of order, Mr Speaker. My question asked about the circumstances under which it would be appropriate to release the information. The Minister talked about what they should do in the first instance. He did not address the question at all.
Mr Speaker: I think the member has got a reasonable point there. I invite him to repeat his question.
Dr Russel Norman: Thank you, Mr Speaker. When Taleni Lafo entered the public debate about the state of Housing New Zealand Corporation homes, under what circumstances would the Prime Minister consider it appropriate for Ministers to access her personal details and those of her family, and make these details public?
Hon Gerry Brownlee: That is a hypothetical question, and I am not answering a hypothetical question.
Dr Russel Norman: When sexual abuse survivors criticise Government plans to cut back ACC for sensitive claims, under what circumstances would the Prime Minister support the Minister for ACC accessing the survivors’ personal files, and releasing their private, personal details to the media?
Hon Gerry Brownlee: This is once again a highly hypothetical question. The member can go on all afternoon trying to put forward these alarming situations in a hypothetical sense. They cannot and will not be answered.
Dr Russel Norman: Are there any circumstances in which it is acceptable for a Minister of the Crown to go to the Government files and access the personal, private details of a member of the public, and release those details without consent in order to make political gain?
Hon Gerry Brownlee: I have to say, once again, he is asking for the answer to a question that poses hypothetical situations. What I can say is that when it comes to people like Stewart Murray Wilson, the public expect those details to be in the domain. Therefore, it is a very difficult question to answer specifically.
Dr Russel Norman: I raise a point of order, Mr Speaker. I asked for, basically, a policy guideline. What is the Prime Minister’s policy for guiding Ministers on releasing this information?
Mr Speaker: The member actually asked, if I recollect correctly, whether there are any circumstances under which such information might be accessed and released. In answering it, it appeared the Minister indicated that perhaps there might be some, depending on the circumstances. That seemed to be the answer the Minister gave, because he seemed to cite a situation where that might be a desirable thing to do. It is totally the Minister’s right to answer how he sees fit, but it was certainly an answer. He indicated that there may be some circumstances.
Dr Russel Norman: Does the Prime Minister accept that having a Government that releases the private information of people who oppose Government policy—information that is available only to the State—is an approach that silences dissent, chills dissent in a democratic society, and is not acceptable in a democratic and free country?
Hon Gerry Brownlee: Well, quite clearly by the long list of examples the member has given this afternoon, that is not the case.

http://www.scoop.co.nz/stories/PA1208/S00247/questions-and-answers-august-16.htm

14 August 2012

Wellington Rape Crisis forced to cut services

A press release from the Green Party
Government must step in to protect Wellington Rape Crisis as it is forced to cut services to four days a week, the Green Party said today.
"Despite its client contacts doubling in the last year, Wellington Rape Crisis today announced they will be closing their doors one day a week,” said Green Party women's affairs spokesperson Jan Logie.
“Sexual abuse support and counselling are essential services because sexual violence is such a big problem in New Zealand. Counselling and support services are vital to healing and recovery from sexual abuse,” said Ms Logie.
Services that support survivors from disclosure to recovery reduce mental health impacts, improve well-being and assist people to reclaim their roles in their families and communities.
“The 2009 Taskforce for Action Report on Sexual Violence recommended immediate funding increases for services such as Wellington Rape Crisis. The funding increases never happened and we are now seeing agencies having to close their doors.
"The National Government’s ACC ‘funding crisis’ means that money spent on delivering counselling treatment to those who need it the most has halved and currently 80 percent of sensitive claims are on hold.
“And on top of that, funding from the Ministry of Social Development is being ‘prioritised’ to exclude adult survivors despite this being the largest group seeking support.
“Sexual abuse services are not just needed in good economic times. This Government seems to think they’re optional, maybe because the stigma means a mass protest is unlikely,” Ms Logie said.
Individuals and organisations can find out more about supporting Wellington Rape Crisis at www.wellingtonrapecrisis.org.nz.
http://www.scoop.co.nz/stories/PA1208/S00176/wellington-rape-crisis-forced-to-cut-services.htm

13 August 2012

Minister furious over ACC's privacy stance

An article from Stuff by John Hartevelt
ACC Minister Judith Collins wants the state insurer to start sacking staff who breach a new "zero tolerance" policy on privacy breaches.
A furious Ms Collins has revealed her astonishment at the failure of ACC to include privacy among nine of its "top priorities".
"I'm not going to sit back and let one of the most important government entities [that] we have let people down time and time again around things such as privacy.
"They have to act in the way that I expect them to act. When I go around the branches, most of the people there absolutely understand it.
"But, actually, a few are letting them down and when we have things like the audit and risk committee having nine priorities for the year and not one of them [being] privacy, how can that be acceptable given everything else that's going on?"
Ms Collins' comments come as figures from ACC show 11 staff members have been reprimanded over "serious misconduct" since 2010. The breaches involved: theft; fraud against ACC or a claimant; serious misuse of ACC property, including information and systems; dishonesty; disobeying a lawful and reasonable instruction from a manager; and any act that had the potential to bring ACC into disrepute. Nine staff were sacked as a result of the breaches and two were given final written warnings.
Ms Collins said while the serious misconduct cases were "a shame", she was pleased they were taken seriously and not covered up. "I think that they need to be - and they are now - taking on a culture of zero tolerance to privacy breaches, in particular," she said.
Police had a "zero tolerance" approach to staff accessing private details about people without good reason.
"People lose their jobs over it, and that's something that I think ACC needs to have, which is that we have people's very personal information, we should treat it with respect and should understand it's a very privileged position."
ACC has been under siege over repeated privacy breaches since March, when it was revealed the private details of 6500 clients were accidentally sent to claimant Bronwyn Pullar. The revelation sparked a string of controversies, culminating in three inquiries and the resignations of Cabinet minister Nick Smith, board chairman John Judge, chief executive Ralph Stewart and three other board members. Separate inquiries by the privacy commissioner and the auditor-general will be released within weeks.
Ms Collins said she expected the new board members, including a new chairperson, to be in place "just after that".
"When I reappoint or appoint people to the board, that has to be someone who is going to be able to spend the time necessary in bringing about the cultural change that I expect from ACC . . . We need to do an awful lot around the culture of customer service and respect towards members of the public that I know most of our staff are providing."
Green MP Kevin Hague said even basic data protection systems at ACC still appeared to be hopeless.
"When every other state agency, let alone private sector organisation, was busily doing its best to protect data and figure out how to keep people's privacy protected, how come ACC, an organisation that was dealing with some of the most sensitive information out there in the state sector, was effectively doing nothing? I suspect that their focus has been not on meeting client needs. I think their focus has been on their financial result . . . thinking about clients as liabilities rather than people to whom they owe service."
© 2012 Fairfax NZ News

http://www.stuff.co.nz/national/politics/7464891/Minister-furious-over-ACCs-privacy-stance

11 August 2012

Call for bipartisan agreement on ACC

An article from the Otago Daily Times by John Gibb
Only a bipartisan political agreement about how ACC will operate in future can ultimately restore the public's trust and confidence in the corporation, Dunedin ACC campaigner Dr Denise Powell says.
Recently-released figures showing rapidly dropping numbers of Otago long-term ACC claimants over the past year and growing review applications by claimants challenging ACC decisions were a "wake-up call" over ACC's future, Dr Powell said.
"It's like a line in the sand," she said.
"It's reached the point where the person in the street is asking what's going on."
Otago Daily Times inquiries show the number of long-term claimants in Otago fell more than 15%, from 1199 on June 30 last year to 1014 at the equivalent date this year. This was the biggest one-year change in long-term Otago long-term claimant numbers for at least five years.
ACC officials recently said "long-term claimants" had been receiving weekly earnings-related compensation for a year or more. The number of reviews of ACC decisions sought by Otago-based claimants rose at least 5%, from more than 430 on June 30 last year to more than 450 at the same stage this year, other figures show.
Dr Powell said the community's faith that individuals would receive their fair entitlement under the scheme had been badly shaken, and ACC had been used as a "political football" for too long, including during recent cost-cutting.
ACC figures indicate national long-term claimant numbers fell more than 3600, or 25%, to about 10,626 over the past three financial years. Government officials have also highlighted the need to maintain the scheme's financial viability.
ACC officials say the national "long-term claims pool" has been reducing for several reasons, and improved "focused rehabilitation" by ACC within their first year of weekly compensation payments meant fewer people were becoming long-term claimants.
At an Institute of Actuaries of Australia conference in Brisbane late last year, a New Zealand actuary who has worked closely with ACC, said there was "constant tension between the two sides of politics" in New Zealand, which was reflected in the ACC scheme. Labour governments typically increased access to benefits, but this had been "to some degree reversed" under National, since 2009, given concerns about ACC finances, the actuary said.
In a recent letter to the ACC board, accompanying the latest service agreement signed between the Government and ACC, ACC Minister Judith Collins emphasised the need for the board and management to "rebuild" public trust in ACC and ensure individual claimants received their fair entitlements. She also expected the board to "monitor carefully the numbers and outcomes" of claims disputes, and wanted to see "more disputes resolved satisfactorily" without the need for formal independent resolution.
Dr Powell noted that a broad agreement between the Government and the Opposition had developed about the way much of the KiwiSaver superannuation scheme was operating. If public trust in ACC was to be restored, as Mrs Collins had sought, an agreement between New Zealand's main political parties about how ACC would operate in future was ultimately needed, she said.
http://www.odt.co.nz/news/dunedin/221091/call-bipartisan-agreement-acc

© Allied Press Ltd 2012

10 August 2012

ACC faces new privacy breach claim

An article from the New Zealand Herald by Adam Bennett
The Accident Compensation Corporation is investigating another potential privacy breach which may be similar to the gaffe that saw details of thousands of claimants sent to Bronwyn Pullar last year.
This week, a member of the online ACC claimants' discussion group ACCforum posted that they had requested their "IT Sweep" - a record of which ACC staff had accessed their electronic file. However, with that information they also received "a list of names regarding review dates and reason for review and claim numbers".
After the post generated a strong response from other members, the claimant offered an assurance they would not share the data with anyone else and were now being advised by a lawyer.
Almost a year ago, ACC claimant and former National Party insider Bronwyn Pullar was mistakenly sent a file containing information about thousands of other claimants whose cases had been reviewed in the previous year. ACC plunged into a far-reaching scandal after Ms Pullar went to the media with the file this year.
Yesterday, ACC's privacy officer, Miriama Alexander, responded to the ACCforum post. "If you've received information not about you, ACC needs to recover the information so we can contact the clients whose information has been released. We'll also advise the Office of the Privacy Commissioner of any breach," she wrote.
Last night, an ACC spokeswoman confirmed the corporation was investigating the potential breach, but had been unable to identify the claimant.
Since the Pullar affair came to light in March, ACC has been hit by a string of further privacy breaches. Last month, the Herald reported that a former Auckland builder was sent a document about a Te Atatu brain injury victim among papers about his own case.
© 2012 APN Holdings NZ Ltd

http://www.nzherald.co.nz/nz/news/article.cfm?c_id=1&objectid=10825889

03 August 2012

Wiped data claim fuels war of words

An article from the Dominion POst by Phil Kitchin and Vernon Small
Tensions between ACC Minister Judith Collins and former ACC chairman John Judge have boiled over in public after claims an investigation into a leaked email had been hampered because Mr Judge had replaced his computer and wiped data.
Mr Judge yesterday described the claims as "pathetic".
Ms Collins said she did not know whether the inquiry by Privacy Commissioner Marie Shroff had been delayed or hampered, and had not said that. But she would not descend to "name calling".
The war of words came after Ms Collins confirmed, in response to an Official Information Act request, that Mr Judge had destroyed or replaced his home computer in April, after an inquiry was launched into how an email, sent by former National Party president Michelle Boag to Ms Collins, was leaked. The email related to ACC whistleblower Bronwyn Pullar, who was at the centre of a mass ACC privacy breach. Ms Collins is taking defamation action against Labour MPs Trevor Mallard and Andrew Little over suggestions the leak came from her office.
Asked in the OIA if she had information that Mr Judge's computer had been destroyed, Ms Collins said: "Yes, the information I have received is that Mr Judge's home computer was replaced in April this year."
But yesterday she had received "slightly different" details.
Mr Judge said yesterday that Ms Collins was aware he had replaced his home computer before Mrs Shroff's inquiry was announced and all its data was copied to the new one. His personal computer was replaced in April as part of a routine upgrade. The replacement process began in February when he obtained quotes. As a security measure, redundant material still on his old computer was cleared, before he disposed of it.
"There is nothing untoward in what I did. I had deleted the emails received from the minister's office shortly after I received them."
It was his practice to delete emails not directly relevant to him in the future and where they were held by the organisation with which he was involved.
Mr Judge said he was also provided with an iPad by ACC, which was wiped and handed back to ACC in June. But it was not "synched" to ACC's computer systems nor to Mr Judge's personal computer. It did not receive emails related to the leak.
He had co-operated fully and his personal computer was available to the Shroff inquiry. He had not copied, printed or forwarded any email received from Ms Collins' office.
Outgoing ACC boss Ralph Stewart backed up Mr Judge.
Meanwhile, information provided by Ms Collins has revealed further tensions between her and Mr Judge in March, about the time the leak was made public. In a letter to him on March 27, she said she was concerned ACC made no reference to privacy issues in its draft plan for the year.
"I advised you that I had serious concerns about the level of commitment across ACC to protecting the privacy of claimants' information," she said.
The letter also ticked him off for seeking a law change as a precursor to privatisation.
"I have not suggested this change and made it perfectly clear to you in our meeting on 10 February, when you raised this matter, that this would not be happening."
Labour ACC spokesman Mr Little said Ms Collins was out of line commenting on the Shroff inquiry and should step aside as justice minister until it was was over.
© 2012 Fairfax NZ News

http://www.stuff.co.nz/national/politics/7404841/Wiped-data-claim-fuels-war-of-words

02 August 2012

Ex-chair's moves slow ACC probe, says Collins

An article from the New Zealand Herald by Adam Bennett
Investigations into the source of a crucial leak of information about the Bronwyn Pullar ACC scandal have been hampered by the corporation's former chairman, John Judge, replacing or wiping his computers, according to ACC Minister Judith Collins.
But Ms Collins says she has no evidence that Mr Judge leaked the email, and Mr Judge yesterday stood by his earlier denials that he was the source of the leak.
Privacy Commissioner Marie Shroff in late March began an investigation into how the email identifying Ms Pullar as the Accident Compensation Corporation claimant at the centre of a privacy scandal at the ACC was leaked to the Herald on Sunday. The email Ms Collins received from former National Party president Michelle Boag helped to end her colleague Nick Smith's ministerial career.
Ms Boag, as well as all recipients of the email - including Ms Collins, ACC chief executive Ralph Stewart and Mr Judge - have denied leaking the email.
But Ms Collins told the Herald last night that the email from Ms Boag was forwarded to Mr Judge's personal and only email account. She had been advised by ACC that Mr Judge had his home computer replaced some time in April, and his old one "is no longer able to be accessed".
"In addition, I've now been advised that Mr Judge was given an iPad from ACC ... and that iPad was wiped clean by Mr Judge's computer expert before it was returned to ACC in June."
Ms Collins told the Herald: "I am aware now that that is an issue around being able to access the forensic data which would normally be on the computer."
Ms Collins said she could make no further comment because the matter was still subject to the Privacy Commissioner's inquiry.
Mr Judge was unavailable to respond to Ms Collins comments last night but earlier yesterday said he did "absolutely not" leak the email.
The email was among documents submitted by ACC to police to support a complaint it made against Ms Pullar. ACC alleged that at a December meeting she and Ms Boag attempted to strike a deal to exchange the private information of thousands of other ACC claimants mistakenly emailed to Ms Pullar in return for a guaranteed benefit for her.
But in early June police said they would not lay charges against Ms Pullar. A few days later Ms Collins effectively forced Mr Judge and two other board members out of their jobs.
Mr Stewart announced his resignation shortly after although he is expected to remain in his job until the end of the year.
© 2012 APN Holdings NZ Ltd

http://www.nzherald.co.nz/politics/news/article.cfm?c_id=280&objectid=10823956