The ACC Blunder-Bus
Ooops! An inadvertent click and drag by an ACC manager attaches a file of the names of 6,748 claimants to an email to a claimant who had been complaining about the behaviour of a medical adviser.
It appears that the claimant doesn't realise what she's been sent for some time to come, but, in the meanwhile, she in turn inadvertently forwards the attachment as part of a further set of complaints about ACC to the State Services Commission.
In her battle with the ACC, the claimant looks up an old acquaintance, who is now ACC's deputy chairperson. She raises concerns about the Corporation's compliance with its own code of claimants' rights and about its so-called 'independent' medical assessors. The chair and deputy chair agree that they can kick the matter downstairs to management, thinking it's a purely operational issue. According to the Report put out by the Auditor-General, the directors should have recognised that some of the issues raised by the claimant were more than merely operational ones concerning her particular claim - but rather they implied reputational risks to the Corporation that the Board should have taken a more direct responsibility for. At least the report clears them all of any suggestion that the contact with the claimant led to any material advantage for her regarding her claim.
Once the claimant meets with the managers tasked with sweeping things under the carpet, however, it's revealed only then that there's been a massive privacy breach. ACC ask her to return the file of private information and to delete it from her computer, but they fail to make sure that this has been done until after the whole affair gets blown up in the media a few months later. Clearly ACC have some work to do on their privacy policies - and let's not forget that they do keep files on most of us, arising from one thing or another, including some very sensitive personal matters.
I would say that the rest is history, if it weren't for the fact that there are more revelations to come.
At least the Privacy Commission's report on 'the story so far' is independent, thorough and apparently robust. The Minister seems determined to implement the many recommendations. But we have yet to find out who leaked the identity of the claimant to the media...
And we have yet to find out about a few other things too: Like how the ACC plans to ensure that its medical assessors are genuinely independent (rather than deeply in the Corporation's pocket), and how the Corporation plans to avoid turning rehabilitation into a battle with claimants (as compared with a collaborative client-centred process).
And there's a question too for Ms Pullar: Exactly when did she become aware that the file of personal information had been sent to her?