It just goes from bad to worse at ACC (the Accident Compensation Corporation), it seems. I had previously noted reports of a serious breach involving thousands of individuals’ claims. Since the initial reports, more details have emerged that have made waves, but this newest report will have some just wanting to shut ACC down altogether. From TVNZ:
The latest breach came about when ACC claimant Garth Paul asked to see his file – he had to make repeated requests to get the file as ACC sent only some documents. In the end, ACC sent him a file belonging to a different person.
Paul advised ACC it had sent him another person’s file, but did not reveal whose it was. He did however contact the man whose file was sent out.
The Sunday Star-Times has spoken to that man. We are not naming him to protect his privacy. “I was so angry when I found out. But it’s typical behaviour of ACC,” he said. “I said to him [Garth Paul], hang on to it [the file], use it to show what they’re like.”
He and Paul say ACC’s systems are so bad the case managers cannot work out whose file they breached and have yet to contact the client to let him know his file was wrongly sent out and apologise.
If it were not for Paul contacting him, he would be unaware of the error.
Okay, you’re thinking, we’ve seen that type of mailing error before many, many times…. from all over the world. But that’s just the latest in what now appear to be a string of privacy screw-ups failures.
Dunedin ACC client Bruce Van Essen has had an ongoing battle over breaches of his privacy. He says the ACC computer storage of clients’ confidential medical records is so primitive the records can be viewed by virtually every employee from a mailroom assistant up. Van Essen found his ACC files had been accessed 2800 times since 2006 – a figure he said could not be justified by everyday claims management. Pullar said her file had been accessed 2000 times over three-and-a-half years by a total of 137 people.
Helping fan the flames, the media got some actual data:
The Sunday Star-Times found the privacy commissioner received 61 privacy complaints about ACC in the last year. Of those, 15 were found to have substance and were subsequently settled. One has been referred to the director of Human Rights Proceedings, who will decide if it will go to a tribunal hearing. The figures show ACC privacy concerns are endemic. There were 57 complaints to the commissioner in 2009/10 and 43 in 2008-09.
Read more on TVNZ.
If this makes ACC look bad, it may make the Privacy Commissioner and legislature look even worse. Why have there been no effective controls required or implemented already?
Weak laws? Strengthen them already.
Strong laws? Enforce them already.
But do something effective.