When Ms Pullar met Mr McCliskie in September 2011, the issues that she raised with him were arguably general issues about ACC, rather than (or not only) specific to her claim. However, the matters that ACC investigated because of Ms Pullar’s approach to Mr McCliskie focused on its handling of her claim.
In our view, the matters that Mr McCliskie recorded in his email of 14 September (illegal access to files, incompetent ACC specialists, fraudulent activities by ACC staff) are areas of risk with which a Board should be concerned. That was Mr McCliskie’s original reaction.
We looked for some reporting back to the Board, or to Mr Judge and Mr McCliskie, on the issues raised by Ms Pullar. This included issues raised at her meeting with Mr McCliskie, in her emails to Mr McCliskie of 14 and 15 October, and in the list of 45 issues presented at the 1 December meeting. We did not find any evidence of this.
We have some observations about why ACC might have failed to appreciate the risks arising from the privacy breach and the allegations of systemic wrongdoing.
In this environment of change and transition, Ms Pullar’s allegations, and the privacy breach in particular, were not recognised for the risks they presented. We have no view as to whether Ms Pullar’s wider allegations are in any way justified. We have not inquired into
those matters. However, we consider that accusations of systemic illegality and fraud are issues that any public sector organisation should take seriously.
Both Directors acted unwisely in my opinion, and as the AG noted they failed to seperate out the operational issues raised by Pullar (which were for management) and the more general allegations of wrong-doing, such as privacy breaches.
I can’t do quotes from the Privacy Commissioner report as some idiot has set the pdf, so you can not copy and paste text. Grrr, that pisses me off. Why would you set a public document to not allow copying extracts. Don’t you want the extracts to be accurate rather than retyped?
The overall assessment though was ACC had no strategies in place to properly manage data and privacy, which led to a history of privacy breaches and complaints.
I would note that ACC Minister Judith Collins has already seen a significant personnel change at board level, and instructed ACC to focus on restoring confidence in how it deals with data and privacy.
The response from Judith Collins is above. I think the reports vindicate the decisions she has taken to date.