Quake documents: 'Everything is in there'

The insurance advocate who was sent details on 83,000 claimants in the Earthquake Commission privacy breach says the document contained detailed information on the expected number of settlements and the estimated cost of the claims.

EQC announced yesterday that every Canterbury resident who had made a home repair claim after the quakes had their privacy breached last week.

It is believed to be one of the largest privacy breaches by a government agency in the country's history.

The information was mistakenly sent to former EQC employee Bryan Staples, the chief executive of insurance resolution company Earthquake Services, who is in regular contact with the commission.

He was shocked when he opened the attachment, which was sent to him by a senior EQC employee he dealt with regularly, he said.

Mr Staples told Radio New Zealand the document contained more than just claimants' addresses and claim numbers, which EQC said it had contained.

It also included estimated settlement costs, the number of settlements EQC expected to make and builders' quotes.

"The information is what everybody in Christchurch and Canterbury have been asking and asking and asking EQC to come clean with - everything is in there," he said.

"For them to come out and say it's only claim numbers and addresses is absolute bulls***."

More than 60,000 claims were categorised as being under $50,000, Mr Staples said.

"This is absolutely outrageous, it's political. EQC fixing Christchurch is all about the next election. They're going to try and cash settle claims for under $50,000. They need to come clean."

Mr Staples denied he was the person who informed Labour's earthquake recovery spokeswoman Lianne Dalziel.

He said the only person he sent the email to was the woman at EQC he received it from.

The information has since been destroyed, but not before Mr Staples and up to four others who were in the room saw the information.

EQC bosses have been summoned to Earthquake Recovery Minister Gerry Brownlee's office this morning for a "please explain" meeting.

EQC chief executive Ian Simpson yesterday said it was initially thought the information of 9700 people was emailed in error.

But the scale of the breach ballooned to more than eight times that size after it was realised that if filters within the spreadsheet were manipulated, all the claims could be seen.

The information covered 98,000 claims from the residents, Mr Simpson said.

Mr Simpson told Radio New Zealand he would hand in his resignation if Mr Brownlee asked for it at their meeting this morning.

"Oh absolutely. [I'm] here to do the best we can, but that's his call."

They would discuss the steps EQC would take to reduce the risk of another breach, he said.

EQC had now disabled the email address auto-complete function on its email client, and was looking at a number of other changes.

A review would take place, but the employee who sent the email had done "everything right" since the mistake, so no action would be taken against her.

Mr Simpson said he had been given a written assurance the information had been destroyed after it was received.

"I've got no reason to believe it's gone elsewhere."

He said someone who had seen the spreadsheet had talked to others about the nature of the privacy breach, but there was no suggestion the information had been forwarded on.

Prime Minister John Key this morning denied privacy breaches were a systemic problem within government.

He told TV3's Firstline he was concerned about every breach that took place.

Mr Key added that recent privacy breaches were not connected, and measures had been taken at both Work and Income and ACC following their breaches.

"We live in a world where increasingly there is the capacity for New Zealanders to engage directly with government departments and agencies electronically, so that opens up a whole new sphere," he said.

"I might be wrong, but my understanding of what's gone wrong at EQC is not much more complex than the person involved has sent it through to the wrong email address."

Mr Key said he suspected the woman who sent the email was "probably mortified" and suggested she should not lose her job.

Asked if emails needed to be double-checked before they were sent, Mr Key said EQC and other agencies would have to look into that.

But a lot of emails were sent every day, and that could slow down the process dramatically.

Mr Staples told TV3's Firstline this morning that EQC should come clean about the information it held, which included information about asbestos in homes.

"Everyone should know the information about their home. EQC have got it all. And what surprised me more than anything was it was in such a simple, basic email Excel spreadsheet," he said.

"If EQC is telling you they don't have the information about your property, it's a lie."

Mr Simpson responded that EQC tried to give all the information it could to claimants, but it kept information like estimated repair costs to itself because of commercial confidentiality.

"All our customers have the option to opt out of our repair programme, and if they knew what our estimated costs were it may put contractors bidding for that work at an advantage, and therefore EQC at a disadvantage," he told Firstline.

Mr Simpson said if the commission knew about asbestos, then the property was tested and owners were informed.

"So that's not something we'd withhold."

Mr Simpson said the person who sent the email was "absolutely distraught".

"Everyone at EQC takes privacy information really seriously. What we need to do is make sure that people aren't in a position where they feel they need to try and email this data."

He said EQC had secure data transfer channels which it would make more available.

- APNZ

© Copyright 2014, APN New Zealand Limited

Assembled by: (static) on production apcf02 at 27 Dec 2014 06:36:59 Processing Time: 461ms