ACC privacy breaches still 'unacceptably high'

Inland Revenue. Photo / Janna Dixon

Almost a year after the Bronwyn Pullar scandal erupted, privacy breaches at the Accident Compensation Corporation remain "unacceptably high", chairwoman Paula Rebstock says.

Appearing before a parliamentary committee Ms Rebstock was questioned by Labour MP Phil Twyford on ACC's efforts to improve client privacy. The corporation's reputation has suffered massive damage since Ms Pullar went public over ACC's blunder in sending her information about 6700 other clients in March last year.

Ms Rebstock told the committee today there was an average of 75 privacy breaches a month in the most recent quarter.

That incidence was "unacceptably high".

"Any breach is unacceptable", she said.

"I'm not satisfied with it." She believed the corporation had yet to find the right way to organise its staff to minimise the number of breaches and get the corporation's 80 million client records held on a more secure basis.

"We have invested a very considerable amount of money time and effort, our very best people to do these checks but they're still missing some of the things." The number of breaches recorded included relatively minor incidents such as levy invoices sent to the wrong employer or even mistakes made by doctors not employed by the corporation over which it had no control.

However, it was "heartbreaking to think of it from the clients' perspective but also soul destroying for the staff trying desperately dealing with the breaches." Ms Rebstock said the ACC's system was built for paper records and "until we can move into a digital world it's really hard to support our people to fully deal with those breaches".

However the privacy crisis at ACC was an opportunity to "re-engineer" the corporation's business processes "to put the customer at the centre of what we do".

Until that was done the privacy problem would not be fixed.

Ms Rebstock said she was impatient with progress to date, but the corporation was on track to meet the targets set after an independent privacy inquiry "systemic weaknesses within ACC's culture, systems and processes".