DataBreaches.Net

Menu
  • About
  • Breach Notification Laws
  • Privacy Policy
  • Transparency Report
Menu

Commentary: ACC caught out in another privacy breach

Posted on March 24, 2012 by Dissent

It just goes from bad to worse at ACC (the Accident Compensation Corporation), it seems.  I had previously noted reports of a serious breach involving thousands of individuals’ claims.  Since the initial reports, more details have emerged that have made waves, but this newest report will have some just wanting to shut ACC down altogether.  From TVNZ:

 

The latest breach came about when ACC claimant Garth Paul asked to see his file – he had to make repeated requests to get the file as ACC sent only some documents. In the end, ACC sent him a file belonging to a different person.

Paul advised ACC it had sent him another person’s file, but did not reveal whose it was. He did however contact the man whose file was sent out.

The Sunday Star-Times has spoken to that man. We are not naming him to protect his privacy. “I was so angry when I found out. But it’s typical behaviour of ACC,” he said. “I said to him [Garth Paul], hang on to it [the file], use it to show what they’re like.”

He and Paul say ACC’s systems are so bad the case managers cannot work out whose file they breached and have yet to contact the client to let him know his file was wrongly sent out and apologise.

If it were not for Paul contacting him, he would be unaware of the error.

Okay, you’re thinking, we’ve seen that type of mailing error before many, many times…. from all over the world.  But that’s just the latest in what now appear to be a string of privacy screw-ups failures.

Dunedin ACC client Bruce Van Essen has had an ongoing battle over breaches of his privacy. He says the ACC computer storage of clients’ confidential medical records is so primitive the records can be viewed by virtually every employee from a mailroom assistant up. Van Essen found his ACC files had been accessed 2800 times since 2006 – a figure he said could not be justified by everyday claims management. Pullar said her file had been accessed 2000 times over three-and-a-half years by a total of 137 people.

Helping fan the flames, the media got some actual data:

The Sunday Star-Times found the privacy commissioner received 61 privacy complaints about ACC in the last year. Of those, 15 were found to have substance and were subsequently settled. One has been referred to the director of Human Rights Proceedings, who will decide if it will go to a tribunal hearing. The figures show ACC privacy concerns are endemic. There were 57 complaints to the commissioner in 2009/10 and 43 in 2008-09.

Read more on TVNZ.

If this makes ACC look bad, it may make the Privacy Commissioner and legislature look even worse. Why have there been no effective controls required or implemented already?

Weak laws? Strengthen them already.

Strong laws? Enforce them already.

But do something effective.

No related posts.

Category: Breach IncidentsExposureMiscellaneousNon-U.S.Of NoteOther

Post navigation

← Norwegian government portal compromises users’ personal information
Skeptical Science hacked, private user details publicly posted online →

Now more than ever

"Stand with Ukraine:" above raised hands. The illustration is in blue and yellow, the colors of Ukraine's flag.

Search

Browse by Categories

Recent Posts

  • Russia Jailed Hacker Who Worked for Ukrainian Intelligence to Launch Cyberattacks on Critical Infrastructure
  • Kentfield Hospital victim of cyberattack by World Leaks, patient data involved
  • India’s Max Financial says hacker accessed customer data from its insurance unit
  • Brazil’s central bank service provider hacked, $140M stolen
  • Iranian and Pro-Regime Cyberattacks Against Americans (2011-Present)
  • Nigerian National Pleads Guilty to International Fraud Scheme that Defrauded Elderly U.S. Victims
  • Nova Scotia Power Data Breach Exposed Information of 280,000 Customers
  • No need to hack when it’s leaking: Brandt Kettwick Defense edition
  • SK Telecom to be fined for late data breach report, ordered to waive cancellation fees, criminal investigation into them launched
  • Louis Vuitton Korea suffers cyberattack as customer data leaked

No, You Can’t Buy a Post or an Interview

This site does not accept sponsored posts or link-back arrangements. Inquiries about either are ignored.

And despite what some trolls may try to claim: DataBreaches has never accepted even one dime to interview or report on anyone. Nor will DataBreaches ever pay anyone for data or to interview them.

Want to Get Our RSS Feed?

Grab it here:

https://databreaches.net/feed/

RSS Recent Posts on PogoWasRight.org

  • On July 7, Gemini AI will access your WhatsApp and more. Learn how to disable it on Android.
  • German court awards Facebook user €5,000 for data protection violations
  • Record-Breaking $1.55M CCPA Settlement Against Health Information Website Publisher
  • Ninth Circuit Reviews Website Tracking Class Actions and the Reach of California’s Privacy Law
  • US healthcare offshoring: Navigating patient data privacy laws and regulations
  • Data breach reveals Catwatchful ‘stalkerware’ is spying on thousands of phones
  • Google Trackers: What You Can Actually Escape And What You Can’t

Have a News Tip?

Email: Tips[at]DataBreaches.net

Signal: +1 516-776-7756

Contact Me

Email: info[at]databreaches.net

Mastodon: Infosec.Exchange/@PogoWasRight

Signal: +1 516-776-7756

DMCA Concern: dmca[at]databreaches.net
© 2009 – 2025 DataBreaches.net and DataBreaches LLC. All rights reserved.