Rebuilding trust and confidence: ACC’s privacy journey

OPC Technology and Privacy Forum, 20 February 2014Paul Holmes and Fiona Colman, ACC

Contents

– About ACC

– Privacy at ACC

– Then– Now– Future

About ACC

About ACC

– Comprehensive, no-fault personal injury cover for all New Zealand residents and visitors to New Zealand

– Governed by the Accident Compensation Act 2001

– Funded by New Zealanders through five accounts

Every day…

letters sent

claims processed

calls answered

25,000 7,000 24,000

*Correct as at May 2013

Claims volumes

4.4m

1.7m

1 EVERY

seconds

CLAIMSPER YR

*Correct as at May 2013

Privacy at ACC

March 2012

August 2012

Structural changes

•Privacy Group – BAU, full time Privacy Officer

•Project team – progress Independent Review recommendations

•Taskforce – targeted breach reduction

•Customer Information Teams – pre-release file checking

Mechanical changes

•ACC-specific breach definition

•Organisation-wide reporting process established

•Breach root cause analysis

•Breach management process

•Training for all staff

Establishing accountability

ACC Privacy Strategy sets accountability for privacy with:

•ACC Board

•Executive

•Managers

•Staff

ACC privacy now

•Positive feedback

•Reduced complaints about privacy

•Many Review recommendations actioned

•Privacy by Design, through PIAs

•International/national networks

•Advisor to other agencies

•Third party accountability

•Breach numbers reduced

•Reporting tool operating

•Heightened staff awareness of privacy

•Breach simulation and incident response team

Lessons learned

Communicate

Plan

Co-ordinate

Challenges for the future

•Keeping up momentum

•Embedding good practice, especially for new staff

•Looking wider than ‘Disclosure’

Questions

Web addresses

www.acc.co.nz to access:

Independent Review http://www.acc.co.nz/about-acc/overview-of-acc/acc-and-your-personal-information/index.htm

– ACC’s privacy notice and privacy policy http://www.acc.co.nz/privacy/index.htm?ref=footer

– ACC’s privacy strategy http://www.acc.co.nz/privacy/privacy-notice/WPC120320

Contact us: Privacy.Officer@acc.co.nz

Thanks