Scoop has an Ethical Paywall
Work smarter with a Pro licence Learn More

Gordon Campbell | Parliament TV | Parliament Today | News Video | Crime | Employers | Housing | Immigration | Legal | Local Govt. | Maori | Welfare | Unions | Youth | Search


Independent Review of ACC Privacy and Information Security

Media Release 23rd August 2012

The Independent Review of ACC Privacy and Security of Information

Independent Review Team

A review of the Privacy and Security of Information at the Accident Compensation Corporation was released by the Office of the Privacy Commissioner and ACC’s Board today following a comprehensive review by an Independent Review Team comprising KPMG and Information Integrity Solutions Pty Limited.

The review examined the circumstances relating to a major data breach involving the inadvertent release of personal details of 6,748 ACC clients, and the appropriateness and effectiveness of ACC’s privacy and security policies and practices.

“Information is arguably the most critical asset in any organisation today. The challenge of protecting personal information has never been greater.” says Malcolm Crompton, former Australian Privacy Commissioner and Managing Director of Information Integrity Solutions Pty Limited. “While ACC has suffered a significant data breach, other organisations, both public and private, could face the same.”

The Independent Review Team concluded that the breach that occurred was a genuine human error, but that such an error was more likely to occur because of systemic weaknesses within ACC’s culture, systems and processes. ACC’s subsequent response process could also have been better if appropriate policies, practices, escalation protocols and the right culture were in place to allow for transparency of breach handling at the appropriate levels, in an appropriate manner.

Advertisement - scroll to continue reading

Are you getting our free newsletter?

Subscribe to Scoop’s 'The Catch Up' our free weekly newsletter sent to your inbox every Monday with stories from across our network.

The Recommendations of the Review Team are comprehensive:

• ACC needs to put in place clear policies that create a positive privacy mindset as part of rebuilding customer trust and establishing a ‘firm but also seen as fair’ image in the minds of the public.

• Strengthen Board governance of personal information management.

• Strengthen privacy leadership and strategy.

• Enhance its privacy programme.

• Strengthen the organisational culture.

• Strengthen privacy accountability.

• Review and update business processes and systems.

• Provide additional resources to clear backlogs on privacy related processes.

KPMG Partner Souella Cumming commented that “An organisation’s data needs to be protected by thorough and effective risk mitigation strategies to the same or higher levels as other vital assets. Without these strategies in place, the organisation is at risk of significant reputational damage.”

Malcolm Crompton and Souella Cumming noted “We emphasise the significance of a culture and environment where personal information is valued. This must be supported by an approach to compliance with the privacy principles that is embedded within governance, leadership, business processes and systems.”

This forms the basis of the recommendations in the report of the Independent Review Team.



KPMG is a global network of professional firms providing Audit, Tax and Advisory services. We operate in 146 countries and have 140,000 people working in member firms around the world. The independent member firms of the KPMG network are affiliated with KPMG International Cooperative (“KPMG International”), a Swiss entity. Each KPMG firm is a legally distinct and separate entity and describes itself as such.

Information Integrity Solutions (IIS) is a global consultancy providing services in data protection and information privacy. It is the largest privacy consultancy company in the Asia Pacific region. Malcolm Crompton is Managing Director of IIS and was Privacy Commissioner of Australia between 1999 and 2004.

© Scoop Media

Advertisement - scroll to continue reading
Parliament Headlines | Politics Headlines | Regional Headlines

Gordon Campbell: On National Spreading Panic About The Economy

The lure for New Zealand to join the AUKUS military alliance is that membership of only its “second pillar” will still (supposedly) give us access to state of the art military technologies. As top US official Kurt Campbell said during his visit to Wellington a year ago:
...We've been gratified by how many countries want to join with us to work with cutting-edge technologies like in the cyber arena, hypersonics, you can go down a long list and it's great to hear that New Zealand is interested...


Government: Retiring Chief Of Navy Thanked For His Service

Defence Minister Judith Collins has thanked the Chief of Navy, Rear Admiral David Proctor, for his service as he retires from the Royal New Zealand Navy after 37 years. Rear Admiral Proctor will retire on 16 May to take up an employment opportunity in Australia... More

Labour: Grant Robertson To Retire From Parliament
Labour List MP and former Deputy Prime Minister and Minister of Finance Grant Robertson will retire from Parliament next month, and later in the year take up the position of Vice Chancellor of the University of Otago... More

Government: Humanitarian Support For Gaza & West Bank

Winston Peters has announced NZ is providing a further $5M to respond to the extreme humanitarian need in Gaza and the West Bank. “The impact of the Israel-Hamas conflict on civilians is absolutely appalling," he said... More

Government: New High Court Judge Appointed

Judith Collins has announced the appointment of Wellington Barrister Jason Scott McHerron as a High Court Judge. Justice McHerron graduated from the University of Otago with a BA in English Literature in 1994 and an LLB in 1996... More




InfoPages News Channels


Join Our Free Newsletter

Subscribe to Scoop’s 'The Catch Up' our free weekly newsletter sent to your inbox every Monday with stories from across our network.