Q+A: Paul Holmes Interviews Ralph Stewart
 
Ralph Stewart “wishes” that from tomorrow there would be no more privacy breaches, but he knows there won’t be. “The key thing is to declare for ACC that no breaches is our objective”.
 
Won’t say what it would take for him to resign, but stresses that privacy is just one of his responsibilities in a complex organisation. “The buck stops with me.”
 
ACC boss says privacy breaches are occurring because it handles 1.7 million claims per year. “I think a sense of context helps to understand the privacy issues.”
 
“In terms of public trust and confidence, I believe that ACC has it.”
 
On his first six months as ACC CEO: “It’s been a baptism of fire”, but he’s enjoying the job.
 
On the Bronwyn Pullar case: “We are managing her case as we can under legislation and as carefully and sensibly as we can through ACC”
 
Stewart says the privacy breaches have to be put into context: “Bronwyn is one of 1.7 million claims last year.”
 
ACC’s three responses to privacy lapses: KPMG report to be released in June… Because ACC are handling a lot of electronic files, they have commissioned a second report into best practice… created 80 privacy champions inside ACC to monitor privacy issues.
 
Q+A, 9-10am Sundays on TV ONE. Repeats of Q&A will screen on TVNZ7 at 9pm Sundays and 9am and 1pm on Mondays.       
 
Thanks to the support from NZ ON Air.
 
Q+A is on Facebook, http://www.facebook.com/NZQandA#!/NZQandA and on Twitter, http://twitter.com/#!/NZQandA
 
Q + A
PAUL HOLMES INTERVIEWS  RALPH STEWART
 
PAUL             ACC – accident compensation.  It’s been a year of controversies and complaints around ACC.  As a result, inquiries by the police and the Privacy Commissioner are being conducted.  The ACC Minister, Judith Collins, is threatening to sue two Labour MPs for defamation and says the corporation needs to rebuild public trust.  And yet last week ONE News revealed yet another privacy breach involving the private financial details of more than a hundred ACC clients being sent to the wrong people, so what’s going on?  The ACC chief executive, Ralph Stewart, is with us live.  Good morning.
 
RALPH STEWART – ACC Chief Executive
            Good morning, Paul.
 
PAUL             You’ve been in the job, what, six or seven months?
 
RALPH          Seven months.
 
PAUL             Seven months?  You come from— You were head of AXA?
 
RALPH          Yes, I was.
           
PAUL             You’ve come from a very successful private-sector company.  How would you describe your first six months in the public service?
 
RALPH          (laughs) It’s been a baptism of fire, Paul, quite genuinely, but I’m enjoying it  It’s very challenging.  ACC, in particular, is an organisation that’s quite different to a private-sector insurance company.  It’s deep and rich in New Zealand, both in a financial sense and a social sense, and I’m really enjoying that.
 
PAUL             Right, now, when it comes to the security lapses, these privacy breaches, how seriously do you take them?
 
RALPH          Immensely seriously.  Can I—?
           
PAUL             Why do we—?  Go on.
 
RALPH          Can I give you three examples of what we’re doing in terms of privacy at ACC?
 
PAUL             All right.
 
RALPH          The first example is we’ve conducted a complete independent report that’s now halfway through.  It’s been conducted by KPMG as experts and also has on the panel the ex-Federal Privacy Commissioner out of Australia.  It’ll be completed by June.  It’ll be made public.  Secondly, in terms of privacy, I think one of the key influences of privacy is development of the digital age.  As a consequence, we’re sending a lot more files out electronically, ie, attaching things to emails.  So we’ve commissioned a second piece of work to look at the infrastructure in ACC and say, ‘How can we take us from where we are in terms of client records and privacy and take us to world best practice?’  And thirdly, if I may just quickly, is we’ve commissioned 80 privacy champions through the ACC network to constantly monitor, maintain and raise awareness for privacy in ACC
 
PAUL             Well, that seems a very effective package, but, you know, we still have to ask the question – why are we suddenly getting these substantial leaks of private information?  You’re not getting them from Work and Income.  I can’t think of any other government department or government corporation that is leaking willy-nilly to the tune of thousands of people’s files.
 
RALPH          I understand, Paul.
 
PAUL             Why is this suddenly happening?
 
RALPH          Can I try and give it some context?  ACC is a very large, complex organisation.  To give that some content, for example, we’re talking about almost 160 claims per hour.  We’re talking about 140,000 per month, 1.7 million per year.  It’s a very busy, complex organisation.  I think a sense of context helps to understand the privacy issues.
           
PAUL             Yeah, I mean, you’ve got an incredible workload.  People understand that, I’m sure.  Perhaps unfortunately don’t.  Look, this whole fuss started, didn’t it, I’ve got to ask you about Bronwyn Pullar – Miss Pullar.  It started with the release of the 6500 claimants’ names and info to this particular person, Bronwyn Pullar.  Now, you claim that she threatened ACC at this particular meeting that she attended.  She says she did not.  We understand she has sent ACC a transcript showing she was not blackmailing or threatening.  Why continue with this police complaint against her?
 
RALPH          Paul, I want to be as helpful this morning as I possibly can.  There are two things that prevent me from going further on this particular issue.  Now, the first is Bronwyn Pullar is a client, and I won’t talk about client issues on air, and second—
 
PAUL             I don’t want you to be specific, but what I’m saying to you is taking this police complaint against this particular person looks vindictive – big company against little person.  How’s that helping you gain the hearts and minds— the hearts of New Zealanders?
 
RALPH          Paul, I really want to be helpful, but the review for the Pullar case has to play out first.
 
PAUL             Ms Pullar is not well – that’s the point I’m trying to make.  She admits that.  She has a head injury.
 
RALPH          She’s a client, and we support her in every way we can.
 
PAUL             No, you’re not.  You’re taking police action against her.  I’m sorry I’m distracting here.  I’m fiddling around with the microphone.  There’s something urgent with that.
 
RALPH          It’s okay.
           
PAUL             Yeah, I mean, she’s a client, and she wanted some action, and she feels wrong done by.
 
RALPH          We’re managing her case as we can under legislation and as carefully and sensibly as we can through ACC.
 
PAUL             Look, I don’t want to bore in on this.  I promise you we will not have this for the whole interview, but the thing that I’m saying to you is your minister’s said you’ve got to restore trust amongst the public of New Zealand, and here you are slamming down on an injured single person the might of ACC.
 
RALPH          Paul, again, I bring you back to—
 
PAUL             And you apparently have a transcript saying it wasn’t a threat, showing it wasn’t a threatening meeting.
 
RALPH          I know you’re trying to challenge this particular point.  It would be wrong of me for both Bronwyn and for ACC and for all those involved for me to talk further about that case.  If I can revert back to context, ACC is a critical part of New Zealand’s infrastructure.  Bronwyn is one of 1.7 million claims last year.  If you think about the context, the amount of support we provide in New Zealand, let me just give you a short example.  For example, seriously injured people, ACC managed 12,000 seriously injured people in New Zealand, of which 5000 of those are very very seriously injured.
 
PAUL             Mm-hm.         
 
RALPH          They’re with us for decades.  Their relationships we’re going to have for 20, 30, 40 years because we help them return to independence and return to some sort of vocational guidance if they can or social independence. 
           
PAUL             Yeah, the point I’m trying to make is you say you’ve got 1.7 million clients, and I’m sure most of those are very well served and appreciative of the care and service they get from ACC.  But the Minister, your minister, said a month ago that ACC needs to rebuild the public trust, and I’m simply wondering how turning the cops on Bronwyn Pullar is helping you with that.
 
RALPH          In terms of public trust and confidence, I believe that ACC has it.  I believe the good work that ACC does in the community every single day from injury prevention, to providing rehabilitation services, to helping seriously injured people—
 
PAUL             No, you’re missing my point, Ralph, which is that how does turning the headlights of ACC on one little person help restore the trust and the confidence of the people in New Zealand in ACC?
 
RALPH          Because I really do believe – and I can’t go too far, Paul;  I know where you’re trying to go with this – is trust and confidence comes from two aspects.  One is what we do for people who are injured in New Zealand.  The second piece is how we manage New Zealand money in terms of the revenue collected and the levies paid.  It’s important to manage both sides.
 
PAUL             Yes.  Of course, the other side to manage also is 6500 bits of private information that went out to Bronwyn Pullar, but let’s move on.  We had another leak found this week – details of a hundred clients sent to the wrong person.  You have apologised for this happening, but you did say if TVNZ had not discovered it, you would have shut up about it.  Do you regret that?
 
RALPH          What I— That was a piece of— Let me explain to you.  What I said was that there is a process to follow, and it’s a three-step process.  Under the act, the Privacy Act, there is a definition or a criteria for a breach.  So when there’s a breach that occurs, the first thing we do, whether it’s in the criteria or outside of the criteria, is contact the people involved.  That is the first step.  The second step is if the breach is material enough, we advise the Office of the Privacy Commissioner.  And third, if there’s any need for media, it might come then, but it’s certainly a long third.
 
PAUL             Well, you see, you’ve got the media involved anyway, because breach after breach appears to be happening, and it’s a magntitude.  And you made it clear that if TVNZ had not come to you, you would not have gone public about it.  Was that wise?  And do you regret that?
                       
RALPH          Paul, can I answer the question I was asked—?
           
PAUL             I understand you have process, but you’ve got a media game happening here.
 
RALPH          I was asked is the first port of call to advise this to the media?  It is not.  The first port of call, the first responsibility is to our clients.
 
PAUL             Would you ever have gone to the media about it after you’d been through your processes?
 
RALPH          There is an established process for the media and for the public at large—
 
PAUL             Would you have owned up publicly?
 
RALPH          If you let me explain, Paul, as I just mentioned, through the Office of the Privacy Commissioner, they collect statistics about breaches.  They collect statistics about ACC breaches.  And if you look at last year’s annual report, you can identify the number of breaches that occurred for ACC.
 
PAUL             All right, now, have you got your provisions – privacy provisions – and protocols in order.  Again, Collins wants you to do that.  Have you done that?  Is that your three-stage that you’re doing?          
RALPH          It is.  We’re in the process of doing it.
           
PAUL             You’ve now got— I wonder about you coming from the private sector across to the government – the public sector.  You’ve now got a police inquiry, the Auditor General inquiry and the Privacy Commissioner breathing down your neck.  Is that comfortable or uncomfortable?
 
RALPH          (laughs)
 
PAUL             Enjoying that?
 
RALPH          It’s very hard to say it’s comfortable.  It’s not.
 
PAUL             No.  The Privacy Commissioner, Marie Shroff, she wants the powers to come in and fix your privacy issues.  Would you welcome that?
 
RALPH          We’ve been working with Marie and the OPC for years.  This is nothing new.  We’ve had a strong relationship with the OPC.  In fact, if you look at some of the publications in the past from the OPC, you’ll note that they quote the ACC privacy approach as being of a good standard
 
PAUL             So should Marie butt out?
 
RALPH          Marie has a job to do under legislation.  It’s important that she fulfils it for trust and confidence in New Zealand.
 
PAUL             Would you invite her in to have a look at your big problem and to fix it?  Or would you like her to not do that?
                       
RALPH          We absolutely welcome Marie’s involvement.  And if I can just bring you back to the first point I raised, which is the first review that we’re doing, the internal system and processes review, that’s done in conjunction with Marie and her team.
 
PAUL             So when are we going to get to a point where there’s no more breaches?
 
RALPH          Oh, I wish it was tomorrow. I know it won’t be.  The key thing is to declare for ACC that no breaches is our objective.
 
PAUL             It’s amazing, isn’t it?  It’s incompetent, isn’t it?  
                       
RALPH          Well, I think, again if I can bring it back to the absolute scale—
                       
PAUL             I’m sorry, it doesn’t happen in Work and Income.  I haven’t heard anything about anybody in a letter from the Education Department.  Do you know what I mean?
 
RALPH          I do.  I understand that the emphasis is on us now.
 
PAUL             And you’re dealing with people with personal injuries and all kinds of personal things, and you’re flapping them around all round the country.
                       
RALPH          The point is we’re dealing with 1.7 million claims plus existing customers every year.  That’s the most important thing.  Yes, some breaches have occurred, but relatively speaking, I’ll just bring you back.  Say there were 10 or 20 or 30 or 40 breaches – I’m not saying there are, but say there was – in relation to 143,000 claims per month.
                       
PAUL             Yes, no, look, I’m sure that’s a big workload.  130,000 in April alone.  Is ACC going to be accountable?
 
RALPH          ACC is accountable.
 
PAUL             Are you going to be accountable?  Are you accountable?
                       
RALPH          A corporation as large and as complex as ACC must have clear leadership, it must have clear responsibilities and accountabilities, and the buck stops with me.
                       
PAUL             At what point would you fall on the sword?
 
RALPH          ACC is a very complex environment.  We’ve talked about breaches largely this morning, we’ve talked a bit about the scale and scope of ACC, but think about ACC in an absolute term.  We’re talking about $30 billion worth of liabilities, $20 billion worth of assets, $2.6 billion in payments every year to individuals in New Zealand, 1 billion remuneration payments.  It’s a complex organisation.  Yes, I’m responsible for it, but privacy is one part of it.
 
PAUL             I have to leave it there.  Ralph, thank you very much.  Ralph Stewart, chief executive of ACC, thank you very much for coming in.
                       
RALPH          Thanks, Paul.

ENDS