ACC 'has work to do' to regain trust after privacy breach - Govt

Source: 1News

ACC “has work to do” to regain Kiwis’ trust that their private information is safe with the agency, the Government says. 

It comes after revelations that a group of more than a dozen Hamilton-based ACC call centre staff shared details of people's injuries on Snapchat

It saw the Green Party call for major changes to ACC, describing the latest privacy breach "evidence of a pattern of breaches of privacy within ACC, which suggests urgent changes are required to organisational culture and practice in order to safeguard personal and medical information". 

File image of ACC branding

Green MP Jan Logie said the "one-size-fits-all approach to injuries is not appropriate, and we urge the chair to review the procurement model for rehabilitative treatment so that they focus on the whole of the person and not just the specific manifestation of the injury".

Internal Affairs Minister Jan Tinetti said in the House today she was “concerned” about the reports. 

“ACC does have work to do to reassure New Zealanders their private information is safe.” 

ACT’s deputy leader Brooke van Velden asked whether it was appropriate that 1414 staff had access to the approximately 27,000 sensitive claims lodged every year. 

Tinetti said the size of that group “made sense” because they needed to have access to the right information to help claimants.

“It is important we have enough trained people when we’re dealing with 27,000 sensitive claims that are very complex in nature," she said. 

"However, it is clear that ACC has work to do to reassure New Zealanders that their private information is safe. ACC has already been looking into staff access to sensitive claims information, and this work is ongoing."

In October, RNZ also reported that advocates believed ACC staff had inappropriate access to files of sexual abuse survivors. 

Even before Wednesday’s revelations, Tinetti said ACC was already looking into the levels of staff access to sensitive claims information. 

Tinetti said the Minister would also make it clear to ACC’s incoming chief executive Megan Main that “privacy and culture are to be a priority”, and that the directive would be in the Minister’s next letter setting out her expectations. 

Van Velden asked if the Minister was planning to do more than “simply writing a letter”. 

Tinetti said the Minister was “only able to direct its actions in very limited circumstances” because ACC was a Crown entity.

“However, I have made it clear to ACC this is unacceptable and I expect all ACC staff to respect claimants’ privacy.” 

The Minister continued to have confidence in ACC’s ability to safeguard people’s privacy, Tinetti said.

She said she didn’t know of any other cases of claimants’ information being shared on social media in the past five years. 

An internal investigation is now underway, and 12 ACC staff had been stood down over the issue. 

Logie questioned whether ACC’s internal review would be enough when” they've been in trouble for privacy breaches before” and they hadn’t picked up this breach of privacy. 

Tinetti said if a “systemic issue” was found at ACC, “I expect them to use whatever means necessary to fix it”.

The Green Party has written to former Labour Minister and ACC board chair Steve Maharey “with significant concerns with how ACC is currently operating, but with hope to highlight the changes that can be made”. 

Meanwhile, ACT wants to greatly limit the number of people who have access to sensitive claims information.

“There is absolutely no need for so many people to have access to sensitive claims.

"There are 27,000 active sensitive claims a year. That means on average one person is reading 19 files a year," van Velden said.