ACC will commission an independent review into its management of client data after standing 12 staff down who shared and mocked their injuries on Snapchat.
The group of more than a dozen employees at ACC's contact centre in Hamilton took photos of clients' injury descriptions displayed on their work screens and posted the images to a private Snapchat group called "ACC Whores".
Another detailed the injuries of a sensitive claimant who ended up in hospital after they tried to end their life.
Acting ACC CEO Mike Tully said he and the ACC board have listened to feedback and concerns around access to client data by their employees and will now undertake an independent review.
"This behaviour is not tolerated at ACC.
"Over coming days we will define the perimeters of the review and who will lead it, but it will investigate the current practices around management of ACC data and client information, including sensitive claims.
"Our employees around the country work hard to support injured people and help them recover following an accident and I am deeply disappointed that a small group of people have allegedly let our organisation down", Tully said.
ACC leadership moved swiftly in response to this situation and stood down the employees involved, removed their access to ACC files and systems and began an immediate investigation, he said.
"The investigation into the alleged information sharing is being overseen by myself as acting CEO and the findings will be reported to the Minister for ACC.
"Following the alleged incident all ACC employees have been reminded of their obligations under ACC's Code of Conduct and anyone with concerns has been encouraged to speak up."
Meanwhile, the ACC whistleblower - who belongs in the Snapchat group - said they were "really disgusted" by the group's behaviour.
"They thought it was funny, but it's a breach of privacy," they told RNZ.
They spoke out after RNZ reported claimants and advocates were concerned about the way the agency handled sensitive information and ACC responded with assurances.
"When I read ACC's comments that it takes privacy seriously, I just knew I had to do something."
RNZ earlier reported the case of a man who was horrified to discover more than 90 ACC staff had accessed an old sensitive claim file more than 350 times since he'd closed it. The man believed his privacy and rights had been breached, but ACC said every login was justified.
The call centre whistleblower said unethical access to claimants' medical records was widespread among her colleagues.
Staff routinely went into files they did not need to, even though they were told not to, the employee said.