Zurich fined £2.28 million for policy data loss
Tuesday 24 August 2010
Zurich Insurance has been fined a record £2.28 million for losing personal details on 46,000 policyholders, the City watchdog said today.
The Financial Services Authority said the fine, which has been levied on the UK branch of the company, was the highest it had yet imposed for data security failings.
The data loss occurred in August 2008, when the South African branch of the company lost an unencrypted back-up tape during a routine transfer to a data storage centre, but Zurich UK did not learn about the incident until a year later.
The disc contained personal information on general insurance customers, including details of their identity and in some cases bank account and credit card information.
It also had details about the assets people had insured, and the security arrangements they had in place.
The FSA said the loss of the disc could have led to serious financial detriment for customers, as well as exposing them to the risk of being burgled.
But Zurich UK stressed it had seen no evidence that suggested the personal data on the disc had been compromised or misused.
The regulator said Zurich had failed to ensure customer data was secure, following its outsourcing arrangement with the South African arm of the company, which processed some general insurance data on its behalf.
It added that the firm also failed to have controls in place to prevent the lost data being used for financial crime.
Margaret Cole, the FSA's director of enforcement and financial crime, said: "Zurich UK let its customers down badly.
"It failed to oversee the outsourcing arrangement effectively and did not have full control over the data being processed by Zurich SA.
"To make matters worse, Zurich UK was oblivious to the data loss incident until a year later."
She added that Zurich would have been fined £3.25 million for the incident if it had not agreed to settle at an early stage and qualified for the FSA's 30% discount.
Zurich said it regretted the concern the incident had caused its customers, who were informed of the loss in October last year.
Stephen Lewis, chief executive of Zurich UK, said: "This incident was unacceptable. It served to remind us of the need to strive continually to improve the ways in which we seek to protect customers' data."
The group had appointed KPMG to review its data security systems, and it had taken a number of steps to improve them, he added.
"We are appointing a dedicated information security officer to provide ongoing assurance that appropriate measures are in place and that they will continue to be effective.
"We believe our customers can be confident that we are doing everything we can to keep their data secure and protected," he said.
"The FSA has acknowledged that we fully cooperated with its investigation and recognised that we treated the incident with utmost seriousness and have demonstrated a commitment to take the necessary steps to ensure the ongoing security of our customer data."
The FSA has previously fined Nationwide £980,000 for data security failings after a laptop containing customer details was stolen from an employee's home.
Three HSBC firms were fined between £700,000 and £1.6 million each for not properly protecting customers' personal details, while Norwich Union was fined £1.26 million for similar failings which led to a number of its customers being the victims of fraud.
The Microsoft mogul told fans a few home truths during his Reddit AMA
- 1 Woman falls to her death as she celebrates marriage proposal at the edge of Ibiza cliff
- 3 Dad attempts revenge on teenage daughter, plan backfires spectacularly
- 4 Ball pool for adults opens in London
- 5 Amal Clooney gives excellent response to fashion question at European Court of Human Rights
Woman falls to her death as she celebrates marriage proposal at the edge of Ibiza cliff
Boris Johnson claims porn-obsessed Islamic jihadists are 'literally w*****s'
Saudi preacher who 'raped and tortured' his five -year-old daughter to death is released after paying 'blood money'
Ball pool for adults opens in London
Amal Clooney gives excellent response to fashion question at European Court of Human Rights
9 reasons Greece's experiment with the radical left is doomed to failure
'We would evict Queen from Buckingham Palace and allocate her council house,' say Greens
Have we reached 'peak food'? Shortages loom as global production rates slow
Greece elections: Syriza and EU on collision course after election win for left-wing party
British grandmother Lindsay Sandiford faces execution by firing squad in Indonesia
Liberal Democrat minister defends comments suggesting immigration causes pub closures
iJobs Money & Business
£40000 - £50000 per annum: Recruitment Genius: This is an exciting opportunity...
£30000 - £35000 per annum + Benefits: Ashdown Group: Marketing Manager - Marke...
£13000 per annum: Recruitment Genius: This Pension Specialist was established ...
£23000 - £26000 per annum + Benefits: Ashdown Group: Market Research Executive...