This is an HTML version of an attachment to the Official Information request 'ACC Staff Accessing Claimants files Without Proper Authority or Reason and Process in which the ACC Investigate such Allegations and Time Frames'.



Conduct Claims Access Monitoring Check [ Historical ] v0.60
Summary
Objective
Perform an Access Monitoring Check as part of 
 
ACC's commitment to ensuring client personal information is only accessed for 
appropriate reasons.
Background
We consider ourselves to be kaitiaki (guardians) of any personal information we receive. It is our responsibility to treat personal infor-
mation as a taonga – to care for and use it only for its intended purposes. Respecting the personal information and privacy of ACC’s 
clients, staff, and stakeholders is a core value and behaviour required of all ACC people.
To ensure we meet these responsibilities for our clients, we regularly monitor how our people are accessing client’s personal infor-
mation through our claims management systems. This will provide assurance that staff behaviour in managing personal information is 
meeting our high expectations and any instances of concern are followed up on.
Owner
Out of scope
Expert
Out of scope
Procedure
1.0 Select teams ready for Access Monitoring Check
Technical Manager
In Team Selection tool, refresh data to confirm six team names for access check.
NOTE Teams are selected at least two weeks prior to the beginning of the month during which the checks are to be 
performed.
NOTE What if Workforce Planning determine that capacity issues require a reduction in teams selected for a month?
In these scenarios Workforce Planning can reduce selection down to a minimum of four teams.
Notify the relevant Workforce Planner to notify the selected team/s.
2.0 Notify team that they have been selected for an Access Monitoring Check
Workforce Planner
Copy the Access Monitoring Notification into the Workplan.
Access Monitoring Notification
Send to the selected teams that will need to perform Access Monitoring Checks.
NOTE How are selected Teams notified?
Access Monitoring Check notifications are delivered to teams via their preferred method of delivering workplans and 
updates to teams.
This may vary across different functions.
NOTE How far in advance do selected teams need to be notified?
Teams must be notified two weeks prior to the beginning of month in which they are required to perform the checks.
3.0 Prepare for Access Monitoring Check
Team Leader
Review the Client Information Access Review Tool to ensure it includes all team members in the team, and that their access 
information is recorded in the tool.
Client Information Access Review Tool
Leader Instructions for Access Monitoring Tools
NOTE What if you have a team member who does not have any access information in the Client Information Access 
Review Tool?
These team members can be excluded from the checks.
Schedule a suitable time with each team member to complete the Access Monitoring Check together.
NOTE Can you use an existing coaching time?
You may want to complete the check as part of existing coaching conversations you have in place with your staff 
member (ie CXQ conversation).
ACC > Risk Management > Risk and Control Processes  > Conduct Claims Access Monitoring Check
Uncontrolled Copy Only : Version 0.60 : Last Edited Tuesday, November 1, 2022 4:16 PM : Printed Wednesday, 7 December 2022 2:34 PM
Page 2 of 3

NOTE How long do you need to perform the checks?
The checks should take appropriately 15 minutes to complete per team member but could take longer depending on 
the quantity and complexity of access information to review.
4.0 Perform Access Monitoring Check
Team Leader
Meet with your team member at the scheduled time.
 
Talk your team member through the objective and process of the Access Monitoring Check.
Review and discuss the information presented for each claim in the Client Information Access Review Tool with your team 
member, assessing them against the Access Monitoring Criteria.
Access Monitoring Criteria
NOTE What if there are multiple actions on a claim within a session?
Review all activity as a collective set of actions leading to an outcome. The question needing to be answered in these 
situations was whether the access to the claim was a for valid reason.
NOTE What if a claim has been accessed in more than one session during the time period captured in the Access 
Report?
Complete a separate check for each session.
Record the findings of each claim access using the Client Information Access Validation Tool.
Client Information Access Validation Tool
Leader Instructions for Access Monitoring Tools
NOTE What if a check has resulted in a Low Assurance rating?
This does not mean that access to the claim was inappropriate, just that we cannot provide clear evidence backing up 
a valid business reason for access using our current systems and tools. Depending on the reason for assigning a Low 
Assurance rating you may also want to take additional steps or actions to work with the Team Member to fill know-
ledge gaps or reinforce best practice behaviors.
NOTE What if you have concerns about access to a claim?
This does not automatically mean that access to the claim was inappropriate, but that the access is currently unex-
plained and requires further validation due to a concern raised during the check. Proceed to 'Assess Claims Access 
Concerns'
PROCESS Assess Claims Access Concerns
ACC > Risk Management > Risk and Control Processes  > Conduct Claims Access Monitoring Check
Uncontrolled Copy Only : Version 0.60 : Last Edited Tuesday, November 1, 2022 4:16 PM : Printed Wednesday, 7 December 2022 2:34 PM
Page 3 of 3




Assess Claims Access Concerns [ Historical ] v0.50
Summary
Objective
Assess claims access concerns raised during 
 
Access Monitoring Checks and determine whether a referral to Integrity Services or 
Employment Relations is required.
Background
If an Access Monitoring Check finds concerns around access to a claim there is a need to further assess this access and make a 
determination as to whether a referral to Integrity Services or Employment Relations is required.
Owner
Out of scope
Expert
Out of scope
Procedure
PROCESS
Conduct Claims Access Monitoring Check
Team Leader

1.0 Assess access concern with the team member
Team Leader
Ask the team member to explain why they accessed the claim in an instance where you have identified a concern.
NOTE How should you ask the team member to explain their reasons for access?
The purpose of this conversation is to understand the staff members version of events.
This must be asked in a non-confrontational and non-judgmental way, and should be an exploratory conversation in 
nature. There are many valid reasons why a team member may have accessed a claim, even if it cannot be evidenced 
with the systems and processes in place.
Capture your findings in the Client Information Access Validation Tool.
Client Information Access Validation Tool
Leader Instructions for Access Monitoring Tools
Determine if the reasons provided by the team member are valid or not.
NOTE How do you make this determination?
Refer to Claims Access Criteria.
You must also exercise your judgement if the reasons provided are valid or not valid or you have ongoing concerns 
about the reasons for access.
As a Team Leader who has high visibility of the workloads, work types, relevant processes, experience, expertise, and 
other attributes of the team environment, you must make a reasonable and fair assessment based on the explanation 
provided by the staff member, taking into account the factors listed above or any other evidence that is available.
Access Monitoring Criteria
NOTE What if you decide that the reasons provided are valid and so a referral is not required?
You may also want to take action to address knowledge gaps or reinforce best practice.
This process ends.
NOTE What additional kinds of information could be used to help make a determination?
• Access to Integrity Services advice and guidance to enable additional self-powered validation.
• Access to peer reviews by suitably qualified practitioners to verify the reasons
• Request additional footprint reporting to establish a wider data set that may be indicative of
access trends.
• Benchmarking against similar roles or functions to establish normalised access behaviour.
2.0 Determine where to direct referral
Team Leader
Discuss your findings with your Line Manager and together and confirm that a referral is required.
NOTE What if you decide that the reasons provided are valid and so a referral is not required?
You may also want to take action to address knowledge gaps or reinforce best practice.
This process ends.
ACC > Risk Management > Risk and Control Processes  > Assess Claims Access Concerns
Uncontrolled Copy Only : Version 0.50 : Last Edited Tuesday, November 1, 2022 4:15 PM : Printed Sunday, 11 December 2022 8:46 PM
Page 2 of 3

Determine whether the referral should be directed to Integrity Services or to Employment Relations.
NOTE When should you direct the referral to Integrity Services?
A referral should be made to Integrity Services where the access concern identified requires additional specialised 
assessment.
NOTE When should you direct the referral to Employment Relations?
A referral should be made direct to Employment Relations only in situations where there is clear evidence of deliberate 
inappropriate access by the team member, or where the team member has made a direct admission of deliberate 
  inappropriate access.
3.0 Refer to Integrity Services
Team Leader
Draft a referral email to Integrity Services using the subject heading 'Access Monitoring IS Support'.
NOTE What information do you need to include in the referral email?
• The team members name and role
• Access points that cause concern
• Details of additional validation steps completed and the results
• Why concerns persist
• Any conflicting or unusual explanations for the access
• Details of discussion held with you Line Manager, including rationale for referral.
Send the referral to Integrity Services via the email address [email address].
3.1 Refer to Employment Relations
Team Leader
Draft a referral email to HR Help using the subject heading 'ER Support'.
NOTE What information do you need to include in the referral email?
• The team members name and role
• Access points that cause concern
• Details of additional validation steps completed and the results
• Why concerns persist
• Any conflicting or unusual explanations for the access
• Details of discussion held with you Line Manager, including rationale for referral.
Send the referral to Employment Relations via the email address [email address].
4.0 Action Outcome of Referral
Team Leader
Receive outcome of the assessment from Integrity Services or Employment Relations.
Action any activities as required, including changing the Assurance rating assigned in the Client Information Access Validation 
Tool if instructed.
ACC > Risk Management > Risk and Control Processes  > Assess Claims Access Concerns
Uncontrolled Copy Only : Version 0.50 : Last Edited Tuesday, November 1, 2022 4:15 PM : Printed Sunday, 11 December 2022 8:46 PM
Page 3 of 3




Complete Digital Footprint Request v9.0
Summary
Objective
To resolve clients concerns about how their personal inf
 
ormation has been accessed in ACC systems by providing them with a digital 
footprint report or access log information in a timely manner.
Background
ACC staff access claim file or party record information when providing services to clients to help them recover from an injury. This 
access is recorded in the claim system as ‘digital footprint’ logs, which details what information has been accessed, when and by 
whom.
When a client wants information about how their claim has been accessed, we can produce a digital footprint report. This report pro-
vides an overview of claim access, including the total amount of access for the life of the claim, the number of individual staff who 
have accessed the claim, as well as a breakdown of access by staff role, staff location, by month/year, and the type of information ac-
cessed (eg task, contact, document).
After reviewing the digital footprint report, a client may sometimes require more detailed access information to address a specific con-
cern. In these situations, we can search for the specific access log information the client requires, and if the information is recorded in 
our systems, download the logs, and send them to the client.
Claim access details is personal information about our clients and is readily retrievable by ACC, so people have a right to request this 
information from us under the Privacy Act 2020.
Owner
Out of scope
Expert
Out of scope
Procedure
1.0 Receive and discuss request
Customer Experience Representative, Recovery Team Member, Resolution Specialist
Determine that the request is for information about how their claim has been accessed by ACC staff.
NOTE This may be requested using different terminology such as access report, digital footprint, or simply as a re-
quest for a record of who has accessed their claim file.
NOTE What if the task is regarding a Remote Claims Unit client?
Send the request to the RCU ([email address]).
The RCU will manage all contact with the client. If a client requires digital footprint information they will be provided 
with the logs for the period of concern without staff names or locations. The task to produce the logs will clearly state 
‘RCU’ and the information will be sent following the RCU dispatch procedures.
Ask the client for their reasons for making the request to help understand what information they require.
NOTE What if the client is concerned about an individual staff member accessing their information outside of what 
would be expected in their role?
Concerns of this nature (eg where the client has a personal connection with the staff member) need to be resolved by 
the Customer Resolution Team.
Transfer the call to 0800 650 222 or create a 'Call back request' task outlining the details of the concern and allocate it 
to the 'Customerresolution' queue.
The Resolution Specialist will view the client's claim access information by reviewing the information in the Digital 
Footprint Report Tool or Digital Footprint Logs Tool, and discuss the concern with the client.
If the client requires a copy of their digital footprint report and/or detailed logs, they will request a copy is sent to the 
client by following step 2.0 below.
Explain to the client what information is provided in a Digital Footprint Report.
NOTE What if you have received the request in the Contact Centre?
Follow the instructions in The Vault to produce the client’s digital footprint report for the claim they are interested in 
and discuss the access information with the client. If the client requires a copy of the report, or requires specific 
access log information, continue with the steps in this process.
ACC > Claims Management > Manage Client Information > Manage Information Requests > Complete Digital Footprint Request
Uncontrolled Copy Only : Version 9.0 : Last Edited Friday, 7 October 2022 4:45 PM : Printed Tuesday, 6 December 2022 1:04 PM
Page 2 of 4

NOTE What information is in a Digital Footprint Report?
The report provides an overview of staff access to a specific claim. The report will show the number of individual staff 
who have accessed the claim, as well as the number of claim views:
• in total
• per calendar year
• by staff location
• by staff job title.
  The report also provides details of about what parts of the claim have been accessed by staff since the system started 
recording this information on 29 July 2022 (eg tasks, contacts and documents).
The access details table in the report shows a further breakdown of this access by staff over recent months and pre-
vious years.
Please note: Staff Role titles did not lock prior to 29 July 2022. This means the role recorded may reflect the most 
recent role the team member held when this report was created, rather than the role held at the time the claim was ac-
cessed.
For more information see 'Digital Footprint Report Example' and 'Understanding your Digital Footprint Report’
Digital Footprint Report Example
Understanding your digital footprint report
NOTE What if the client requires more detailed information about who has accessed their claim and which parts 
have been accessed?
You will need to request the detailed access logs related to the period of concern. Ask the client to confirm the specific 
information they require, including:
• claim number
• access date/period, and/or
• the type of information that may have been accessed.
Digital Footprint Logs Example
NOTE What if the client requires a copy of their claim or specific claim documents?
Go to the Complete Client Information Requests process and follow the instructions for providing the client with the 
information.
PROCESS Complete Client Information Requests
Explain to the client that the preferred channel for providing the information is by their verified email address.
NOTE What if the client would prefer their information to be provided via another method?
Inform the client that providing the information by other channels will likely take longer than providing it by email. Dis-
cuss the options available in the Confirming Requirements for Client Information Requests guideline.
Confirming requirements for client information requests
Inform the client that we aim to provide the information as quickly as possible, but within the 20-working day timeframe for pro-
viding personal information under the Privacy Act 2020.
2.0 Request digital footprint report and/or detailed logs
Customer Experience Representative, Recovery Team Member, Resolution Specialist
In Eos, create a 'Complete Request for Copy of Clients Information' task and add the digital footprint information requested in 
the Task Description box.
NOTE What must be captured in the task?
• In description field, state one of the following:
• Digital Footprint Report
• Digital Footprint Logs
• Digital Footprint Report and Logs
• Claim number(s)
• Date request was made
• Method of delivery eg email, mail, USB etc (emailed to a verified email address is the default method)
If detailed logs have been requested, also state:
• the access date/period of interest and/or
• the information that may have been accessed.
Assign the task to the 'Client Information Request' Eos queue.
ACC > Claims Management > Manage Client Information > Manage Information Requests > Complete Digital Footprint Request
Uncontrolled Copy Only : Version 9.0 : Last Edited Friday, 7 October 2022 4:45 PM : Printed Tuesday, 6 December 2022 1:04 PM
Page 3 of 4

3.0 Receive and allocate report or log request
Recovery Administrator - Client Information Request
In the Client Information Request queue, open the task, review the description, and determine the type of information required.
Allocate the task to the appropriate team member assigned to this work.
4.0 Produce digital footprint reports or logs
 
Recovery Administrator - Client Information Request
Identify whether the client requires a digital footprint report , digital footprint logs, or both.
Open the appropriate Digital Footprint (PDF version) Tool.
Digital Footprint Report (PDF Version) Tool
https://app.powerbi.com/groups/d511fa9d-9192-4c4d-a362-c57d031117ec/rdlreports/2c0792a7-e275-4cef-ac1d-9c25db36a
Digital Footprint Logs (PDF Version) Tool
https://app.powerbi.com/groups/d511fa9d-9192-4c4d-a362-c57d031117ec/rdlreports/94e1409d-0307-4ce6-8d14-51abc0c5
Digital Footprint Report Tool
https://app.powerbi.com/groups/d511fa9d-9192-4c4d-a362-c57d031117ec/reports/142bb72b-de93-4eed-bede-e3189010c3
Digital Footprint Logs Tool
https://app.powerbi.com/groups/d511fa9d-9192-4c4d-a362-c57d031117ec/reports/1c209d14-dd2a-425c-96e1-f23a929a4cc
Follow the system steps for the appropriate tool to produce the information based on the client's requirements.
NOTE What if the request is from a RCU client?
Digital Footprint Reports should NOT be provided to RCU clients as it includes location information.
RCU clients can be provided with Digital Footprint Logs for the period they are concerned about, however Staff Name 
and Staff Location are NOT to be included.
NOTE What if the claim search failed to return any results?
This means that prior to the current day, the claim has not been accessed within the current year, or the previous two 
calendar years. However, if the claim has been accessed today to resolve the customers query, a digital footprint 
report would be available tomorrow (after the daily log data has been refreshed).
Digital Footprint Report (PDF Version) System Steps
Digital Footprint Logs (PDF Version) System Steps
Save the document into the CIR working folder.
NOTE What do you name the document?
Name the document '[claim number][client's name] - digital footprint report' or '[claim number][client's name] - digital 
footprint logs'
Upload a copy of the document to the client’s claim
5.0 Complete outbound checks and send
Recovery Administrator - Client Information Request
Check the task to determine how the client would like to receive their report.
Produce the INP05a Digital Footprint Request - provide info letter and 'Understanding your digital footprint report' guide and 
collate with the client's digital footprint information.
INP05a Digital Footprint Request - provide info
Understanding your digital footprint report
Follow the CIR Map to complete the privacy check dispatch procedures and final administration of the task.
NOTE What if the information is being emailed to the client?
Ensure the report or log information is password protected and the client is informed.
ACC > Claims Management > Manage Client Information > Manage Information Requests > Complete Digital Footprint Request
Uncontrolled Copy Only : Version 9.0 : Last Edited Friday, 7 October 2022 4:45 PM : Printed Tuesday, 6 December 2022 1:04 PM
Page 4 of 4



June 2025 
14 June 2022 
4.1 
Allegations  of  misconduct  or  serious  misconduct  will  be  dealt  with  in  a  procedurally  fair 
manner. 
 
4.2 
There  may  be  events  or  situations  where  an  investigation  into  the  employee’s  conduct  is 
warranted. The potential outcome of such an investigation could include disciplinary action. 
4.3 
ACC will determine the process for conducting disciplinary investigations on a case-by-case 
basis. Investigations will be full and fair and compliant with natural justice. 
4.4 
Employees have the right to request assistance or support from representatives, including 
their union, at any stage of the disciplinary process. 
4.5 
Matters of concern will be discussed with employees in a clear and timely manner, giving the 
employee a reasonable opportunity to explain or respond. 
4.6 
ACC will genuinely consider any explanation provided by the employee before making any 
decision or taking any disciplinary action. 
4.7 
Employees are entitled to all the relevant information that ACC uses to make any decision. 
4.8 
Support is available to all employees through the Employee Assistance Programme (EAP).  
4.9 
The action taken in any case will depend on the circumstances, including the seriousness of 
the substantiated conduct and could include written warnings or dismissal (with or without 
notice). Previously issued warnings may be taken into account in determining the appropriate 
outcome.  
4.10  Disciplinary processes are managed confidentially. 
4.11  The process and its outcome will generally be recorded in writing, with copies provided to the 
individual and placed on their personal file.  
4.12  Warnings will specify the misconduct so the employee understands what corrective action is 
needed.   
5  Accountabilities 
The Deputy Chief Executive People and Culture is responsible for ensuring organisational controls 
are in place in support of this policy. 
 
 
 
 
 
Accident Compensation Corporation 
Page 2 of 6 


 


 


 

June 2025 
14 June 2022 
12 Version control 
Version 
Date 
Change reason 
Who 
1.0 
21.12.17 
Updated existing policy into new template 
Out of scope
 
2.0 
23.08.18 
Slight changes following feedback from Out of scope  
Out of scope
 
3.0 
19.09.18 
Changes  following  feedback  from  the  working  Out of scope
 
group 
4.0 
20.09.18 
Added  monitoring  and  oversight  section.  Added  Out of scope
 
responsibilities  for  senior  managers  and  Talent. 
Reworded policy statement. Included right to EAP 
support as a standard. 
5.0 
25.09.18 
Updated to Disciplinary policy, removing dismissal  Out of scope
 
and adding Investigator to responsibilities. 
6.0 
28.09.18 
Updated following working group 
Out of scope
 
7.0 
03.09.18 
Added  4.9  Disciplinary  processes  are  managed  Out of scope
 
confidentially 
8.0 
04.03.22 
Reviewed  as  part  of  review  cycle  and  updated  to  Out of scope
 
reflect  change  in owner  and  following  consultation 
with Risk and Compliance Policy working group. 
Out of scope
 
Disciplinary procedure updated. 
Out of scope
 
8.0 
14.06.22 
Approved  by  Out of scope  
  Deputy  Chief 
Executive, People and Culture 
Accident Compensation Corporation 
Page 6 of 6 

Document Outline