Actions taken by ACC since 2022 Privacy Report

AS Van Wey (Account suspended) made this Official Information request to Accident Compensation Corporation

The request was successful.

From: AS Van Wey (Account suspended)

Dear Accident Compensation Corporation,

In May 2022, Linda Clark provided the ACC Board was contracted to review ACC's compliance with the privacy legislation. This report titled, Independent review
of access to and use of client information at ACC, is available on ACC's website.

ACC CEO, Megan Main, stated that ACC has "an action plan in place to implement all its recommendations". I am requesting a copy of ACC's action plan, as well as the evidence of ACC having implemented and actioned the recommendations in the report.

In the event that any of the issues raised in the report have not been addressed, I seek a list of those, as well as the reasons for why ACC has not implemented changes to address those issues in the last +1 year.

I make a request under the OIA and the Code.

Yours faithfully,

AS Van Wey

Link to this

From: Government Services
Accident Compensation Corporation

Kia ora

 

Thank you for contacting ACC; this is an automatic reply to confirm we
have received your email.

 

We will try to respond your query as quickly as possible. However,
depending on the nature of your request you may not receive a response for
up to 20 working days. You can check the [1]Ombudsman OIA response
calculator to find when your request for official information will be due

 

In cases where ACC’s response provides information that is identified to
be of general public interest, the response may also be published on the
ACC’s website. If ACC publishes the response to your OIA request, all
personal information, including your name and contact details, will be
removed.

 

The information you have requested may involve documents which contains
the names of our staff. Please let us know whether you require these
names. We may need to consult our staff before deciding whether we can
release this information, and this may take a bit more time. If we do not
hear from you, we will assume that you do not require staff names.

 

Our [2]website provides up to date news and information about our work.
You can also follow us on [3]Facebook and [4]Twitter. Further information
about how to contact us is also available [5]here.

 

Ngâ mihi,

Government Engagement Team

 

Government Engagement, ACC

' 0800 101 996
* Box 242, Wellington 6011

[6]www.acc.co.nz

 

 

Disclaimer:

"This message and any attachments may contain confidential and privileged
information. If you believe you have received this email in error, please
advise us immediately by return email or telephone and then delete this
email together with all attachments. If you are not the intended
recipient, you are not authorised to use or copy this message or any
attachments or disclose the contents to any other person."

References

Visible links
1. http://www.ombudsman.parliament.nz/agenc...
2. http://www.acc.co.nz/
3. http://www.facebook.com/ACCNewZealand/
4. https://twitter.com/accnz
5. http://www.acc.co.nz/contact/
6. https://aus01.safelinks.protection.outlo...

Link to this

Rodney Whitworth left an annotation ()

Amy,
You are asking for alot of information from Gov Servicrs, Just like many before you.
The main thing is you understand the Accodent Compensation Act sections “3 to 160i”, the Delegation Manaual, the Fairways Benchbook.

Most important “Medical Information”, ACC will keep tryimg to collect medical information to support declining cover or entitlement, you cant stop them collecting information but you can control how they obtain it.
Learn about Prinicpals 4,6,7,8 & 11 of the Privacy Act 2020
Learn how ACC responds to claimants with a grievence.
Thats to start

Link to this

From: AS Van Wey (Account suspended)

Dear Accident Compensation Corporation,

This is a follow up on my request, which I make pursuant to the Code and OIA.

In Independent review of access to and use of client information at ACC, Ms Clark wrote:
32. In our view, irrespective of whether access is authorised or unauthorised, it is reasonable for clients and advocates to feel a degree of anxiety when faced with the knowledge that any file (let alone a file containing information of great sensitivity to a client) has been accessed over 300 times by 92 ACC personnel. Or, as the advocate did, that a file had been accessed in association with an investigation into another person. We identify later in this report the issues raised by this incident.

48. These issues highlight tensions that push and pull two ways. In the case of the Access Incident:
a. Clients are entitled to expect that the minimum number of 'eyes' will access their personal information, and that only those staff with a legitimate reason for accessing their files (or certain information in their file) will do so. This requires ACC to have clearly defined boundaries for determining who should have access and for what purpose. All ACC staff need to understand these boundaries and know what applies to them and the work they do; but also
b. ACC staff, particularly call centre workers, manage multiple calls each shift with each client seeking a swift response to a personal and pressing query, preferably without being 'passed on' to a second or third ACC staff member. Providing this level of service requires ready access to client information. Requests cover a range of issues that are unpredictable. Call centre workers may need to access a wide range of different information across a large number of calls each day; and
c. There needs to be regular monitoring and auditing of information and clients can be reassured all access is necessary and in their interests access so that staff are deterred from the temptation to browse any client.
...
50. In both cases, we were surprised to learn of the significant administrative issues engaged when ACC sets out to audit access or act on complaints about unauthorised access. Addressing these issues, together with the circumstances which contribute to such high volumes of access involves an analysis of ACC's systems and processes (which we comment on further in Part 7 (Systems)).

91. ... b.The Code of Conduct requires staff to 'take all reasonable steps to protect the privacy of clients' but it provides no explanation about what that means in practice (that is, what is appropriate and inappropriate behaviours in the context of client information) (see our comments at paragraphs 117 to 123).

163. In particular:...f. The systems that ACC relies on to manage personal information contribute to the disconnect between clients' expectations about how their information will be treated and how ACC actually handles that information. It is not unreasonable for individuals to be surprised when they learn about how many personnel have accessed their information held by ACC. It is incumbent on ACC to ensure that it takes all reasonable steps to ensure individuals are aware of how ACC manages their information, and how many ‘eyes’ might legitimately access a file.
g There are steps ACC can take to codify and explain the client information journey, from
collection to destruction.

Thus, addition to the information I had already requested, I seek specifically, the following:

ACC found it "reasonable" that over 90 people accessed Mr M's sexual abuse claim, even after it was closed. ACC found it "reasonable" that ACC employees shared client information on SnapChat.

(1) Please provide the updated definition of "reasonable", when referring to reasonableness of actions, decision making, access to claimant information, obtaining claimant information, and disclosing claimant information.
(2) The "reasonable" number of persons who will access any given claim, based on level of complexity (please specify how the level of complexity is determined).
(3) Definition of "necessary access". For instance, suppose a client calls the ACC call centre . The claimant requests that they be directed to a named department e.g., complaints Team, Resolution Team, Privacy Team) or asks to be directed to a specific individual (e.g., name of their claim manager or the review specialist). The ACC rep requests personal information and then accesses the claimant's file. I do not think it is "necessary" for a switchboard operator to access my personal information to transfer a call to a specified person, but ACC switchboard operators do. Is it "necessary" for the ACC call centre rep to access a claimant's information when all they are asked to do is transfer a call to the appropriate person or department? If so, please provide the rational as to why a person who is acting as a switchboard operator needs to access personal information in order to transfer a call to a specified person or team.
(4) An explanation of the client informatino journey, from collection to destruction, including stages in which ACC must communicate with the claimant to discuss the actions, seek consent to obtain or disclose the information, determine which information will be collected and from whom, how it will be used, disclose information, to the claimant and seek clarification on what may or may not be disclosed, or what needs to be corrected, etc.
(5) Access definitions and thresholds for all personnel, by employment type.
(6) Information on 'permissions' process to grant only certain persons access to EOS, and the information, policies, and process that govern who, and in what circumstances, access to EOS will be granted.
(7) Policies and process to ensure maintain an up-to-date role map and access granted commiserate with the role
(8) Employee roles of persons who have "open gate access" to claimant files, based on claim category. Number of ACC employees who have "open gate access" to EOS.
(9) Current number of ACC employees.
(10) Number of number of ACC employees , based on role and department, who "open gate access" to
(a) sensitive claims,
(b) VIP claims,
(c) RCU clients, t
(d) treatment injury claims,
(e) staff claims,
(f) claims transferred to Te Ara Tika,
(g) and all other claim categories not specified (please specify the category).
(11) Number of number of ACC employees, based on role and department, who have "limited access" (with the inclusion of the description of "limited access") to
(a) sensitive claims,
(b) VIP claims,
(c) RCU clients, t
(d) treatment injury claims,
(e) staff claims,
(f) claims transferred to Te Ara Tika,
(g) and all other claim categories not specified (please specify the category).
(12) Processes, procedures, rules, guidelines, manuals and other documents which describe how a claimant can determine who may and may not have access to their claim information, and to what extent.
(13) Processes, procedures, rules, guidelines, manuals and other documents for changing the claim manager or SCA when the relationship between the claimant and the claim manager or SCA is dysfunctional and when requested by the claimant.
(14) Processes, procedures, rules, guidelines, manuals and other documents for changing the review specialist or resolution specialist, when the relationship between the claimant the review specialist or resolution specialist is dysfunctional, and when requested by the claimant.

To be clear, dysfunctional communication includes when the ACC employee fails to provide any notifications, in accordance with the legislation and Code, fails to seek to clarify the issues with the claimant, fails to communicate with the claimant in accordance with ACC's policies, fails to seek informed consent when obtaining or disclosing information, fails to ensure all decisions are made on accurate and complete information, fails to communicate with the claimant before making decisions, fails to meet statutory deadlines and ACC deadlines, fails to engage in reviews in a manner consistent with ACC's policies, provides the claimant with "patently wrong" information (as the FairWay Reviewer described it), and in general, conducts themselves in a manner which is patently inconsistent with their employment agreement, ACC's policies, the Code and the law.

Thanks again for all your help.

Yours faithfully,

AS Van Wey

Link to this

AS Van Wey (Account suspended) left an annotation ()

FYI: For those who are unfamiliar with Te Ara Tika, this is a sub group within ACC where claimant files are sent when ACC feels threatened or worries about potential public embarrassment. See OIA responses GOV-027330, Transition Claim to Te Ara Tika, which includes "the client regularly contacts the media, senior managers, CEO, Minister and/or MP". It is worthy of noting that escalation of a complaint to line manages, and ultimately to the CEO, is the legislative process under the Code (Part 3). Further, Freedom of expression is a protected right under the NZ Bill of Rights Act (right 14).

See also information about risk and care indicated clients in GOV-017518 and Media Engagement: Issues Alert in GOV-027330. What ACC deems "threatening" and worthy of issuing an alert includes, according to the Issue Alert Template (GOV-027330):
(1) "formal complaints, privacy breaches, a serious breakdown in the client-case manger relationship; risk of harm to client; threats against staff, or threat to involve media or take protest action;
(2) issues with providers;
(3) significant privacy breaches, i.e., size or impact, widespread or high-level complaints from levy payers".

So who qualifies for transfer to Te Ara Tika, and who gets issued an "Alert" on their file, people who ask too many questions (like repeated OIA requests), people who follow the legislative process under the Code and Act, and people who complain when ACC is non compliant with the law.

Link to this

From: Government Services
Accident Compensation Corporation

Kia ora

 

Thank you for contacting ACC; this is an automatic reply to confirm we
have received your email.

 

We will try to respond your query as quickly as possible. However,
depending on the nature of your request you may not receive a response for
up to 20 working days. You can check the [1]Ombudsman OIA response
calculator to find when your request for official information will be due

 

In cases where ACC’s response provides information that is identified to
be of general public interest, the response may also be published on the
ACC’s website. If ACC publishes the response to your OIA request, all
personal information, including your name and contact details, will be
removed.

 

The information you have requested may involve documents which contains
the names of our staff. Please let us know whether you require these
names. We may need to consult our staff before deciding whether we can
release this information, and this may take a bit more time. If we do not
hear from you, we will assume that you do not require staff names.

 

Our [2]website provides up to date news and information about our work.
You can also follow us on [3]Facebook and [4]Twitter. Further information
about how to contact us is also available [5]here.

 

Ngâ mihi,

Government Engagement Team

 

Government Engagement, ACC

' 0800 101 996
* Box 242, Wellington 6011

[6]www.acc.co.nz

 

 

Disclaimer:

"This message and any attachments may contain confidential and privileged
information. If you believe you have received this email in error, please
advise us immediately by return email or telephone and then delete this
email together with all attachments. If you are not the intended
recipient, you are not authorised to use or copy this message or any
attachments or disclose the contents to any other person."

References

Visible links
1. http://www.ombudsman.parliament.nz/agenc...
2. http://www.acc.co.nz/
3. http://www.facebook.com/ACCNewZealand/
4. https://twitter.com/accnz
5. http://www.acc.co.nz/contact/
6. https://aus01.safelinks.protection.outlo...

Link to this

From: Government Services
Accident Compensation Corporation


Attachment GOV 028127 Response.pdf
205K Download View as HTML


Kia ora Amy
Please find attached our response to your official information request
dated 30 September 2023. If you have any questions about the response you
can contact us at this [1]address, for all other matters please use our
contact form at: [2]https://www.acc.co.nz/contact/ alternati... give us a
call on 0800 101 996.
If you are having trouble viewing the PDF, please ensure you have the
latest version of Adobe Acrobat Reader. To download this freeware please
click [3]here. 
Ngâ mihi

Sara Freitag (she/her)
Acting Manager | OIA Services

' 027 973 7330
* PO Box 242, Wellington 6011
ACC cares about the environment – please don’t print this email unless it
is really necessary. Thank you.
 

Disclaimer:

"This message and any attachments may contain confidential and privileged
information. If you believe you have received this email in error, please
advise us immediately by return email or telephone and then delete this
email together with all attachments. If you are not the intended
recipient, you are not authorised to use or copy this message or any
attachments or disclose the contents to any other person."

References

Visible links
1. mailto:[email address]
2. https://www.acc.co.nz/contact/
3. https://get.adobe.com/nz/reader/

Link to this

From: Government Services
Accident Compensation Corporation


Attachment GOV 028268 Extension.pdf
336K Download View as HTML


Kia ora

Please find attached an extension letter for this official information
request dated 9 October 2023.

If you have any questions about this you can contact us at this
[1]address, for all other matters please use our contact form
at: [2]https://www.acc.co.nz/contact/ alternatively give us a call on 0800
101 996.

If you are having trouble viewing the PDF, please ensure you have the
latest version of Adobe Acrobat Reader. To download this freeware please
click [3]here. 

 

Ngā mihi

Sara Freitag (she/her)
Acting Manager | OIA Services

' 027 973 7330
* PO Box 242, Wellington 6011

ACC cares about the environment – please don’t print this email unless it
is really necessary. Thank you.

 
------------------- Original Message

show quoted sections

Please use this email address for all replies to this request:
[FOI #24287 email]

Disclaimer: This message and any reply that you make will be published on
the internet. Our privacy and copyright policies:
[11]https://aus01.safelinks.protection.outlo...

If you find this service useful as an Official Information officer, please
ask your web manager to link to us from your organisation's OIA or LGOIMA
page.

-------------------------------------------------------------------

Disclaimer:

"This message and any attachments may contain confidential and privileged
information. If you believe you have received this email in error, please
advise us immediately by return email or telephone and then delete this
email together with all attachments. If you are not the intended
recipient, you are not authorised to use or copy this message or any
attachments or disclose the contents to any other person."

References

Visible links
1. mailto:[email address]
2. https://www.acc.co.nz/contact/
3. https://get.adobe.com/nz/reader/
4. https://aka.ms/LearnAboutSenderIdentific...
5. http://www.ombudsman.parliament.nz/agenc...
6. http://www.acc.co.nz/
7. http://www.facebook.com/ACCNewZealand/
8. https://twitter.com/accnz
9. http://www.acc.co.nz/contact/
10. http://www.acc.co.nz/
11. https://fyi.org.nz/help/officers

Link to this

From: Government Services
Accident Compensation Corporation


Attachment GOV 028268 Appendix 1.pdf
1.4M Download View as HTML

Attachment GOV 028268 Appendix 2.xlsx
26K Download View as HTML

Attachment GOV 028268 Response.pdf
340K Download View as HTML


Kia ora

Please find attached our response to your official information request
dated 09 October 2023. If you have any questions about the response you
can contact us at this [1]address, for all other matters please use our
contact form at: [2]https://www.acc.co.nz/contact/ alternatively give us a
call on 0800 101 996.

If you are having trouble viewing the PDF, please ensure you have the
latest version of Adobe Acrobat Reader. To download this freeware please
click [3]here. 

 

Ngā mihi

Sara Freitag (she/her)
Acting Manager | OIA Services

' 027 973 7330
* PO Box 242, Wellington 6011

ACC cares about the environment – please don’t print this email unless it
is really necessary. Thank you.



Disclaimer:

"This message and any attachments may contain confidential and privileged
information. If you believe you have received this email in error, please
advise us immediately by return email or telephone and then delete this
email together with all attachments. If you are not the intended
recipient, you are not authorised to use or copy this message or any
attachments or disclose the contents to any other person."

References

Visible links
1. mailto:[email address]
2. https://www.acc.co.nz/contact/
3. https://get.adobe.com/nz/reader/

Link to this

Things to do with this request

Anyone:
Accident Compensation Corporation only: