Adam Bennett

Adam is a political reporter for the New Zealand Herald.

ACC privacy report may lead to wider overhaul

Judith Collins dismissed a call from Labour for her to resign as ACC Minister. Photo /Ross Setford
Judith Collins dismissed a call from Labour for her to resign as ACC Minister. Photo /Ross Setford

All government agencies' handling of private data may be reviewed after an independent inquiry into the ACC privacy breach found it could have happened in any department.

The report by former Australian Privacy Commissioner Malcolm Crompton and accountancy firm KPMG examined what led to a spreadsheet containing details about 6748 clients being emailed to claimant and former National Party insider Bronwyn Pullar last year, and ACC's response when it learned of the breach in December.

It concluded that the breach, which was disclosed to the public, senior management and ACC Minister Judith Collins only when Ms Pullar went to the media with the information in March, was down to "a genuine human error".

However, "such an error was more likely to occur because of systemic weaknesses within ACC's culture, systems and processes".

The report also found ACC's subsequent response process could have been better "if appropriate policies, practices, escalation protocols and the right culture were in place".

It made a series of recommendations to improve privacy handling at the corporation.

Acting ACC chairwoman Paula Rebstock said the corporation would be implementing the review's recommendations in full.

Speaking to reporters, Mr Crompton said Ms Pullar had done the public "a service by making sure that we pay attention to the proper governance of personal information".

"Most organisations should be taking great note of the fact that it could have been them."

State Services Commissioner Ian Rennie said the report was "a dramatic reminder of the need for all government agencies to treat private information with the utmost care and respect".

"To this end, I am considering that state sector chief executives review their systems for handling private information. Any stocktake would initially be targeted on areas of greatest potential risk."

But Labour's ACC spokesman, Andrew Little, said he did not believe Mr Crompton's claim it was bad luck that the breach occurred at ACC rather than another department.

"There is nowhere else in the Government where there has been the apparent sloppiness in the approach to managing that information as at ACC."

Mr Little said the National Government on coming to power had painted a picture of an organisation in financial crisis that therefore needed to focus on cutting costs.

"That is at least one explanation for the more cavalier attitude towards claimants, their issues and their privacy. I don't think the Government can disown responsibility for it having got to this point."

Privacy Commissioner Marie Shroff, who commissioned yesterday's report, said it appeared ACC staff had been under pressure and "a failure in systems processes and perhaps leadership has led to them developing a somewhat cavalier attitude towards people's information and that needs to change".

Mr Little called for Ms Collins to be replaced as ACC Minister to allow the culture change required. Ms Collins dismissed that call, and Mr Little, as "silly".

A report by Auditor-General Lyn Provost into whether Ms Pullar gained any advantage in the way her claim was treated because of her connections with former board member John McCliskie, which was also released yesterday, found no evidence that was the case.

But the report did raise concerns Mr McCliskie and then-chairman John Judge failed to recognise wider allegations of illegality and fraud at the corporation brought to their attention by Ms Pullar late last year.

- NZ Herald

© Copyright 2014, APN New Zealand Limited

Assembled by: (static) on production bpcf03 at 01 Nov 2014 18:20:26 Processing Time: 531ms