Zurich in security pledge after data breach

Zurich Insurance agreed to improve its information security today after it lost a tape containing the personal details of 46,000 of its customers.

The Information Commissioner's Office said it had found Zurich Insurance in breach of the Data Protection Act over the loss.

The incident occurred in South Africa nearly two years ago, when the group's sister company, Zurich Insurance Company South Africa, lost the back-up disc during a routine transfer to a data storage centre.

The disc, which also contained personal details of 1,800 third parties, was lost on August 11 2008, but the sister company did not inform Zurich Insurance about it for more than a year.

The group said last year that it had no evidence that the data had been misused, but it has written to all its customers whose details were on the tape advising them to take precautions.

Stephen Lewis, UK branch manager of Zurich Insurance, has now signed an undertaking to ensure that any back-up tapes that are moved in future are secure, including encrypting the data where this is appropriate.

The group has also committed to put controls in place to monitor and promptly report any data losses.

Staff and external contractors will also be made fully aware of the group's security procedures.

Sally-Anne Poole, head of enforcement and investigations at the ICO, said: "It is vital that organisations ensure effective safeguards are in place to protect personal information.

"Failure to adequately protect personal details could lead to information falling into the wrong hands and ultimately the loss of customers' trust and confidence.

"I am pleased to see that Zurich Insurance plc has taken remedial steps to ensure individuals' personal details are protected in future."