In-depth ACC review needed

The hastily announced independent review into the management of Accident Compensation Corporation data and client information needs to do much more than skim the surface of the organisation’s culture.

Fourteen employees (including two in the Dunedin office) were stood down last week for alleged breaches of privacy.

The allegation from a whistle-blower that some Hamilton call centre staff were sharing details of client’s injuries and making fun of them in a private Snapchat called "ACC whores" was shocking.

This news came hard on the heels of concerns from clients and their advocates about too many staff having access to sensitive claims information, a concern echoed by some staff. Acting chief executive Mike Tully was quick to defend that situation when the concerns were brought to his attention, rather than stand back and reassess whether the way the claims were being handled was truly in the best interests of the claimants. It was not a good look, compounded by the later revelation, the result of a parliamentary question, that 1414 staff have access to sensitive claims.

Should the investigations into the privacy breach allegations confirm the bad behaviour, the temptation will be for the organisation to see those involved as bad apples.

But do senior management and the ACC board understand what is going on at call centres much beyond micro-managing the time of staff to ensure they get through the required number of calls a day?

Mr Tully says all front-line staff have begun refresher training on the code of conduct, but this may be missing the point.

We wonder if all staff dealing with claims have the same idea about what they are there to do.

Do some wield their power, and it can be considerable given that we are all covered by ACC, as if they are the personal holders of a public purse which must be opened as little as possible? Are others more inclined to think about the purpose of the legislation and see it as their role to help claimants receive everything they are due without putting unnecessary hurdles in the way?

That tension between fiscal prudence and the generous provision of services is something which was referred to in the 2012 independent review of ACC’s privacy practices.

The review, by KPMG and former Australian Privacy Commissioner Malcolm Crompton, followed the scandal involving dissatisfied claimant Bronwyn Pullar who was emailed information about 6700 claimants.

No doubt the management of documents has improved considerably since then, although it is concerning that regular audits of privacy compliance which followed that review have not been made public. Privacy compliance information in the latest annual report, complete with an incomprehensible graph, is too high level to be meaningful.

In a section on culture, the 2012 review pointed out that successive governments had placed different emphasis on the implementation of the Accident Compensation Act — some supporting a strong social interpretation leading to more generous assistance to claimants and others more worried about the money and expecting a more conservative response.

"This has created ambiguity for staff in terms of customer service and managing claimant entitlements."

We suspect that ambiguity remains. As we await the terms of reference for the review, we agree with ACC Futures Coalition co-convenor, lawyer Hazel Armstrong, who told RNZ the inquiry must take a broad look at the culture of ACC, not just privacy, but also respect and the organisation’s purpose.

And another thing

News last week the Dunedin City Council has abolished charges for overdue library books will have been welcome news for tardy borrowers.

They will not, however, escape being charged for lost items. The library service tested the waters on this by dropping charges for under-18-year-olds in July last year, which had the desired effect of increasing borrowing.

We hope this latest move, part of a world-wide trend, will further boost numbers of users of this excellent facility.

 

Comments

We are 'covered', with no right to sue. If compensation is so constrained, investigate some kind of legal redress.

What is also needed is a review of the IT data governance systems. Re-educating staff once again is a pretty shallow response when systems should not allow abuse and automate reporting of access.