EQC customer might still hold leaked details
The Earthquake Commission (EQC) says it still doesn’t know whether a customer who received private details of 8000 claims in an accidental leak has deleted them.
A commission staffer inadvertently released confidential details of the claims to the customer and their lawyer on May 21. The botch came to light on May 22 and EQC did not contact affected homeowners until June 4.
Claimants affected have been appalled it took EQC so long to contact them.
The released spreadsheet contained the customer’s claim number, name, address, private insurance company, EQC cap amount, apportionment, and amount paid or estimated.
EQC chief executive Sid Miller said yesterday that the organisation had been working with the lawyer and customer.
‘‘The lawyer has deleted the information but we have been unable to confirm that the customer has done the same.
‘‘We had hoped that our email to the 8000 customers would have been able to confirm that the information has been deleted by the customer involved, but unfortunately we are still not able to confirm that this has happened.
‘‘We are taking advice from the Office of the Privacy Commissioner around our options and continue to pursue the customer involved to get the information deleted. We want to reiterate that they have found themselves involved in this situation through no fault of their own and it would be inappropriate for us to speculate about their involvement.’’
He said EQC decided to inform the public of the breach through a media release on May 26 and then started work to contact the 8000 customers on the list.
‘‘This involved a considerable amount of work to work through the 8000 customers impacted.’’
The work had taken longer than anticipated and, in hindsight, certain steps should have been completed faster to get this email out earlier. ‘‘I want to apologise again to our customers for releasing their information and that we were unable to contact them directly at an earlier stage.’’
An affected claimant who asked not to be named said she was appalled by the time it took EQC to contact the actual customers impacted.
‘‘Over the past fortnight, EQC has not only spoken to media, they have contacted the Privacy Commissioner, the unintended recipients of this information, and correctly taken steps to rectify the situation. I am incredibly disappointed that notifying those of us whose privacy was breached was not higher up their priority list,’’ she said.
The customer said she didn’t want anyone sacked but EQC’s communications issues should have been fixed by now.
Insurance claimant advocate Ali Jones said the claimants she was in contact with were wondering why it had taken EQC so long to make personal apologies to those whose privacy was breached.
In the email this week, Miller apologised to the customers and said the organisation was working with the lawyer and customer to ensure the information was destroyed.
EQC has been responsible for many privacy breaches since the Canterbury earthquakes, including accidentally releasing information on 98,000 claims including homeowners’ addresses in one incident in 2013, and admitting hundreds more breaches in subsequent years.
In the 2013 incident, a spreadsheet with claims details was posted online, and EQC spent more than $100,000 on legal action trying to keep the information from falling into more hands.
Dame Silvia Cartwright’s inquiry into EQC, released last month, described an organisation beset by incompetence, dysfunction and arrogance, and totally unprepared for the earthquakes.