ACC: what we really need to ask

There’s nothing quite like a ministerial resignation to send political insiders and journalists into a frenzy. There are big issues arising from Nick Smith’s interference in Bronwyn Pullar’s ACC claim. Such as:

  • Are the four letters that Nick Smith wrote concerning Ms Pullar’s claim the extent of his interference in her claim, or is there more?
  • Did he interfere in other claims also?
  • What effect did Nick Smith’s interference have on ACC? As everyone has pointed out, an ACC case manager seeing a letter from the Minister on the file is highly unlikely to be unaffected, and perhaps his involvement explains why two senior managers fronted up for a meeting with Ms Pullar.

New Zealanders are entitled to have confidence that there will not be political interference in ACC claims. We cannot have that without a full and independent investigation of these and other matters. On Tuesday, I wrote to the Office of the Auditor-General asking her to initiate such an investigation. I’d also be happy  if some other form of independent inquiry (retired Judge, Commission etc) were used, so long as it occurs.

But let’s remember that Nick Smith’s political interference was uncovered because of arguably the greatest breach of privacy in New Zealand history, with confidential information relating to almost 7,000 people being leaked. These confidentiality issues also raise extraordinarily important questions, such as:

  • What was the purpose of this spreadsheet that had these 9,000 records on it?
  • Given ACC’s history of inadvertently sending confidential information to the wrong people, why had ACC not developed robust data management procedures, such as data encryption or dis-aggregating names from other information?
  • How did the information get sent to Ms Pullar?
  • Isn’t that a really amazing coincidence that random chance saw this highly confidential and potentially damaging information being sent to Ms Pullar specifically?
  • Why was the privacy breach, which occurred in August 2011, not detected until Ms Pullar told ACC about it in December 2011?
  • Is it actually credible that the two senior managers who met with Ms Pullar in December then did not mention the privacy breach to more senior figures? (as a former senior public servant myself, I can tell you that this does not ring true at all: their strong instinct, and correct procedure, would be to report this risk up the chain of command. I would be very surprised if the CEO and Chair were not informed.)
  • Why was no action taken to repair and manage the privacy breach once Ms Pullar did not return the information she had been sent? (according to ACC’s account that is.)
  • If ACC senior managers (the same ones who apparently did not report it to their superiors)  felt the organisation was being blackmailed in December, why did they wait until now to raise this with Police?
  • Why was information about Sensitive Claimants routinely distributed to ACC managers who are not part of the Sensitive Claims Unit?
  • Why were the staff, who called those whose privacy had been breached, often described by these claimants as not understanding the impact of the news, insensitive, and unresponsive, in an organisation for which privacy ought to be an absolutely central consideration?

So, some issues for the Privacy Commissioner to look at as well. I wrote to her last Wednesday asking her to investigate and I’m pleased she is going to do so. However, the scope of her inquiry will be limited to privacy issues. The Privacy Act will not empower her to investigate non-privacy matters like political interference, a fact which is apparently lost on the Prime Minister.

And there is another set of issues again. The reason Bronwyn Pullar and her support person Michelle Boag were meeting ACC in December was to discuss a list of more than 40 breaches by ACC of the law, its own rules and good process. The existence of such a list will hardly be a surprise to many ACC claimants. There are still many good people working in the ACC system, and the organisation itself is fundamentally sound, but it is changing for the worse and good people are being squeezed out. A culture of public service is being replaced by what I call a culture of disentitlement: claimants are seen as the enemy, and the prime directive has become minimising expenditure rather than meeting needs. For well over a year I have been calling for an independent review of the reinterpretation ACC has conducted of its Act, which has seen large numbers of people denied cover because of assertions of “degeneration” or “pre-existing condition” and rapidly increasing numbers of ACC decisions being overturned by review or in the Courts.

Sounds like we need three inquiries.

19 thoughts on “ACC: what we really need to ask

  1. @toad: “Of course I wouldn’t read the details. Just delete anything under headings like “Name”,”Claim No.”, “Address” or “Phone No” that could identify individual claimants. Easy to do with an electronic file, without reading the details.”

    I hope you wouldn’t if my info was involved. I totally get making sure that a big thing is made of it, getting the Privacy Commissioner and Police or a lawyer involved and so on. But I’d hate it if some random person off the street took it upon themselves to know how to properly redact a document before giving it to the media.

    What you’ve just suggested with an electronic file is precisely the same sort of process that some organisations already mess up if they’re not ultra-careful about understanding what they’re doing and all the technology and hidden information involved, thinking they’ve wiped information from a document when they really haven’t. There are countless of examples of screwups with Word, Excel and PDF documents just for starters.

    On a related issue, why does ACC not have a recording of the meeting with Bronwyn Pullar? It’s common today for government organisations and insurance companies and so on to record phone conversations with clients (with permission) for exactly the reason that when disputes arise about what was said, there’s objective information available. If individual clients don’t want a recording made about something sensitive then by all means declare what’s happening and confirm the permission before starting, but it should really be something that happens by default.

  2. Privacy breeches are in fact an excellent idea! Avoids public embarrassment and keeps your bits warm.

    Privacy breaches however are as you state, bad news news indeed.

    :)

  3. PhotoNZ is right here; privacy breeches are very bad news indeed, and fooling with a file you have received that you shouldn’t have makes you an accessory to the breech, increasing the scope of the breech. Sadly, NZ law doesn’t take privacy sufficiently seriously, so the penalties involved are, well, missing.

    The correct approach is to report the fact the breech occurred to the Privacy Commissioner. The Commissioner will determine the process required to determine the scale of the problem. Breech investigations are publicly viewable on the Commissioner’s website.

  4. toad says “so I can’t be specific about the detail of what I would redact, but I certainly would do all that is necessary to ensure the privacy of the individuals concerned is not further compromised by my actions.”

    It’s unbeleivable that YOU think YOU have the right to read and judge peoples traumatic private details and YOU have the right to decide which should and which shouldn’t be given to media.

    That shows extreme arogance.

    You can certainly tell media there has been a privacy breach, but it’s appalling you think it’s ok to hand over private details, after you have put YOUR judgement on what part of victims private details should and shouldn’t be censored.

  5. I’ve not been following this closely, so I have a question – how did this file get sent to this person?

  6. @photonz1 9:27 AM

    Stop twisting my words. We are talking about a hypothetical document here, so I can’t be specific about the detail of what I would redact, but I certainly would do all that is necessary to ensure the privacy of the individuals concerned is not further compromised by my actions.

    But to just destroy the document and inform the state agency concerned that I had received it inappropriately and destroyed it does nothing to make that agency more accountable with regard to information privacy.

  7. toad says “Of course I wouldn’t read the details. ”

    So you would release thousands of pages of notes of peoples horrific personal circumstances to the media without bothering to find out if their names were in those details.

    It’s absolutely disgraceful that you think YOU would have the right to decide to release all these traumatic and personal details – even without names.

    Worse still that you would have to read all those details if you wanted to make sure you removed every name.

    Then what happens when inevitably you miss deleting a few names out of thousands.

    And your reasons to take such drastic action with peoples personal traumas?

    To sling some mud in the hope of scoring a few cheap political points.

    Your actions would be disgraceful, highly unethical, and very likely illegal.

  8. Of course I wouldn’t read the details. Just delete anything under headings like “Name”,”Claim No.”, “Address” or “Phone No” that could identify individual claimants. Easy to do with an electronic file, without reading the details.

    A bit more problematic with a paper file. A number I years ago when I was working as an ACC claimant advocate I was sent (with the proper privacy authorisation) a claimant’s file I had requested. Upon reading it, I discovered a number of pages that related to a completely different claimant with a similar name. I immediately returned the file to ACC and asked for the pages that should not have been in it to be deleted before it was resent to me. But I also advised the Office of the Privacy Commissioner of the privacy breach. If state agencies are not made accountable for impropriety such as this, it will continue to happen.

  9. No offence, but the Facts Do the talking – if Dr Smith remains in Parliament – then Chris Martin is a Dangerous Batsman – and I’m a Wall St Banker!

  10. toad – so you would READ the 9000 cases of people sexual assaults etc, so you could then tell them you have deleted their personal info.

    Personally, I think anybody who goes through names from a file like that rather than deleting the whole lot should be locked up.

    If it’s not a crime, it should be.

    Who the hell do you think you are to have the right to read thousands of peoples personal files so you can delete names.

    That fills me with disgust.

  11. Go On Piccy – You going in to Bat for Dr Nick?
    Bring on the slow bowlers, we love you –
    coming and going Nick
    – get out!

  12. photonz1 7:29 PM

    …not hold onto them then months later hand over peoples very personal information to the news media.

    I wouldn’t. I would redact any personal information that could identify any individual, and then send the redacted files straight to the media and to the Privacy Commissioner.

    State agencies that compromise personal privacy in the manner ACC has done have to be made accountable. Just destroying all the information I knew I had improperly received and taking no steps to hold ACC accountable for their privacy breach would be an abrogation of my civic duty as a citizen.

  13. Mark asks “Photo – are you saying this arrogant(saw a news clip of her…) Pullar person successfully blackmailed a Cabinet Minister”

    I’ve got no idea.

    I’m just saying I’d expect any normal person mistakenly receiving thousands of extremely personal files, would either delete them or send them back straight away – not hold onto them then months later hand over peoples very personal information to the news media.

  14. Photo – are you saying this arrogant(saw a news clip of her…) Pullar person successfully blackmailed a Cabinet Minister….it already clear to me Nick should be leaving Parliament – for a Courtroom if I read you succinctly?
    I thought so anyway – but this is much more serious

  15. Sorry for Smith? I feel sorry for those who Die every Day in gross pain as a result of ACC negligence – Dr Nick Should leave Parliament AND be brought to Book for his indecency. It will serve warning to all those who are so corrupt.
    There are more fingers than Pie – and we keep exporting Citizens – oh my! Look at us in twenty years if this continues….

  16. Smith had to fall on his sword quickly before demands built up for his total resignation, and a by election was required.

    Now we just have to get the rest of them for their incompetence, fraud, theft and cronyism.

    Starting with the insiders in SCF and Huljich Finance.

    I feel a bit sorry for Smith. After all, he was just following his leaders examples.

  17. Could just be the tip of the ‘ice-berg’, with Govt. (C of I ?)
    Needs further questions from the Opposition

    Kia-ora

  18. You omit the most important question, that no media or polititians seem to have asked –

    Why did Bronwyn Pullar pass on thousands of very private and confidential files to the media, instead of destroying them or handing them back to ACC?

    Nick Smith’s letter that as reported made it clear he was only making a comment on her previous health and made it claer he was not commenting about her actual the claim. I would have thought this was foolish, but not a hanging offence.

    The speed at which he jumped suggests there’s a lot more to this story that we haven’t yet heard.

Comments are closed.