John Armstrong: Pullar has done us a huge favour

NZ Herald

23 Aug, 2012 05:30 PM3 mins to read

Bronwyn Pullar speaks to 60 Minutes about the ACC privacy breach. Photo / TV3

Whatever you think of Bronwyn Pullar's motives, she and her "support person" Michelle Boag have done everyone a massive favour in confronting ACC head on.

That was acknowledged yesterday by the Australian who headed the independent team that investigated ACC's handling of the data security breach which saw the confidential files of nearly 7000 men and women mistakenly being emailed to Pullar, one of the corporation's longstanding claimants.

Michael Crompton, a former Privacy Commissioner across the Tasman, caused some surprise at the press conference which followed the release of his team's report. He said breaches of data security were a fact of life and the one at ACC could have happened to any organisation because it was the result of genuine human error.

That said, that was about as far as you can go when it comes to drawing parallels between dysfunctional ACC and any organisation which is functioning normally. What happened next at ACC after the breach would not have occurred in the great majority of private companies, public corporations or state-owned entities.

Such was the breakdown of normal lines of responsibility and accountability that the ACC board and the portfolio minister were not aware of the security breach until more than three months after two senior managers were informed of it by Pullar - and only then by reading about it in the newspaper.

With Boag's help, Pullar's efforts have culminated in a flurry of recommendations on how to bring ACC's sloppy data management up to a level worthy of the digital age.

However, the necessary "culture change" in the handling of personal information recommended by the investigative team and endorsed by Judith Collins, the ACC Minister, will go further by also bringing more consistency to how ACC treats claimants.

Crompton's report notes successive governments have applied differing interpretations of the level of assistance which should be given to claimants, thereby producing variation in entitlements in terms of them being more generous or more conservative.

That had created ambiguity among staff about how they should manage claims. Crompton's report also had staff saying they ended up being more focused on managing high workloads and reaching performance targets than protecting personal information.

The investigating team reported that claimants now considered there was an almost cavalier attitude among ACC staff handling sensitive personal information.

Rectifying that will not happen overnight. Paula Rebstock, the interim chairwoman of the ACC board, is warning "culture change" will take between 18 months and two years to percolate through an organisation of ACC's size.

However, the near half-century-old social contract by which New Zealanders relinquished the right to sue after injury in return for a no-fault scheme guaranteeing a reasonable level of income demands nothing less. ACC is not another form of welfare. Pullar's actions and Crompton's report have done a service in underlining that. The alternative is a return to the courts. And no one wants that.