Almost a year after the Bronwyn Pullar scandal erupted,
privacy breaches at the Accident Compensation Corporation
remain "unacceptably high" chairwoman Paula Rebstock says.
Appearing before a parliamentary committee Ms Rebstock was
questioned by Labour MP Phil Twyford on ACC's efforts to
improve client privacy.
The corporation's reputation has suffered massive damage
since Ms Pullar went public over ACC's blunder in sending her
information about 6700 other clients in March last year.
Ms Rebstock told the committee today there was an average of
75 privacy breaches a month in the most recent quarter.
That incidence was "unacceptably high".
"Any breach is unacceptable", she said.
"I'm not satisfied with it." She believed the corporation had
yet to find the right way to organise its staff to minimise
the number of breaches and get the corporation's 80 million
client records held on a more secure basis.
"We have invested a very considerable amount of money time
and effort, our very best people to do these checks but
they're still missing some of the things."
The number of breaches recorded included relatively minor
incidents such as levy invoices sent to the wrong employer or
even mistakes made by doctors not employed by the corporation
over which it had no control.
However, it was "heartbreaking to think of it from the
clients' perspective but also soul destroying for the staff
trying desperately dealing with the breaches."
Ms Rebstock said the ACC's system was built for paper records
and "until we can move into a digital world it's really hard
to support our people to fully deal with those breaches".
However the privacy crisis at ACC was an opportunity to
"re-engineer" the corporation's business processes "to put
the customer at the centre of what we do".
Until that was done the privacy problem would not be fixed.
Ms Rebstock said she was impatient with progress to date, but
the corporation was on track to meet the targets set after an
independent privacy inquiry "systemic weaknesses within ACC's
culture, systems and processes".
- Adam Bennett of the New Zealand Herald
A name, residential address, and (preferably residential) telephone number is required from readers who comment on ODT Online. These details will not be visible to site visitors.