rebuilding trust and confidence: acc’s privacy journey opc technology and privacy forum, 20...
TRANSCRIPT
Rebuilding trust and confidence: ACC’s privacy journey
OPC Technology and Privacy Forum, 20 February 2014Paul Holmes and Fiona Colman, ACC
Contents
– About ACC
– Privacy at ACC
– Then– Now– Future
About ACC
About ACC
– Comprehensive, no-fault personal injury cover for all New Zealand residents and visitors to New Zealand
– Governed by the Accident Compensation Act 2001
– Funded by New Zealanders through five accounts
Every day…
letters sent
claims processed
calls answered
25,000 7,000 24,000
*Correct as at May 2013
Claims volumes
4.4m
1.7m
1 EVERY
seconds
CLAIMSPER YR
*Correct as at May 2013
Privacy at ACC
March 2012
August 2012
Structural changes
•Privacy Group – BAU, full time Privacy Officer
•Project team – progress Independent Review recommendations
•Taskforce – targeted breach reduction
•Customer Information Teams – pre-release file checking
Mechanical changes
•ACC-specific breach definition
•Organisation-wide reporting process established
•Breach root cause analysis
•Breach management process
•Training for all staff
Establishing accountability
ACC Privacy Strategy sets accountability for privacy with:
•ACC Board
•Executive
•Managers
•Staff
ACC privacy now
•Positive feedback
•Reduced complaints about privacy
•Many Review recommendations actioned
•Privacy by Design, through PIAs
•International/national networks
•Advisor to other agencies
•Third party accountability
•Breach numbers reduced
•Reporting tool operating
•Heightened staff awareness of privacy
•Breach simulation and incident response team
Lessons learned
Communicate
Plan
Co-ordinate
Challenges for the future
•Keeping up momentum
•Embedding good practice, especially for new staff
•Looking wider than ‘Disclosure’
Questions
Web addresses
www.acc.co.nz to access:
Independent Review http://www.acc.co.nz/about-acc/overview-of-acc/acc-and-your-personal-information/index.htm
– ACC’s privacy notice and privacy policy http://www.acc.co.nz/privacy/index.htm?ref=footer
– ACC’s privacy strategy http://www.acc.co.nz/privacy/privacy-notice/WPC120320
Contact us: [email protected]
Thanks