EQC accidentally leaks details of 8000 claims
The Earthquake Commission (EQC) has accidentally released confidential details of 8000 insurance claims, and admits it may not have contained the privacy breach.
Details of the claims were mistakenly sent last week to one claimant and their lawyer.
EQC chief executive Sid Miller said he was ‘‘embarrassed and frustrated’’ after the leak. ‘‘Unfortunately, a staff member last Thursday failed to follow several key security steps, including well-established password protection of the documents, despite receiving the appropriate training.’’
Miller said they had only intended to send out the individual customer’s information.
EQC ‘‘took all possible steps to rectify the error and contain the information’’ when they learned of the leak, he said.
The lawyer involved has deleted the documents, but they had yet to receive confirmation that the customer had done the same, he said.
‘‘We are also contacting all affected customers to apologise to them and explain the steps we have taken to protect their claims information,’’ Miller said.
EQC has been responsible for a large number of privacy breaches since the Canterbury earthquakes, including accidentally releasing information on 98,000 claims including homeowners’ addresses in one incident in 2013, and admitting hundreds more breaches in subsequent years.
In the 2013 incident, a spreadsheet with claims details was posted online, and EQC spent over $100,000 on legal action trying to keep the information from falling into more hands.
Miller said the latest breach was disappointing after EQC had worked hard to put new systems and security measures in place after a similar earlier incident. ‘‘Whilst it is difficult to protect any organisation from human error, the incident demonstrates that our systems, processes and training still require further tightening.’’
Miller said he had begun a review on the handling of customer information to further reduce the chance of errors, and to ensure staff get more training and follow proper security protocols.