Zurich Insurance fined £2.3m over customers' data loss

USB memory stick Zurich Insurance says its loss of customer information was "unacceptable"

Related Stories

The UK operation of Zurich Insurance has been fined £2.27m by the Financial Services Authority (FSA) for losing personal details of 46,000 customers.

It is the highest fine levied on a single firm for data security failings.

Margaret Cole, the FSA's director of enforcement and financial crime, said: "Zurich UK let its customers down badly."

Stephen Lewis, chief executive of Zurich UK, said: "This incident was unacceptable."

Start Quote

Firms across the financial sector would do well to look at the details of this case ”

End Quote Margaret Cole FSA director of enforcement

The data on policyholders, including in some cases bank account and credit card information, went missing in August 2008.

However, Zurich did not become aware of the loss until a year later, when it then began notifying customers.

The information went missing during a routine transfer to a data storage centre in South Africa.

'Oblivious'

The FSA said in a statement: "Zurich UK failed to take reasonable care to ensure it had effective systems and controls to manage the risks relating to the security of customer data resulting from the outsourcing arrangement.

"The firm also failed to ensure that it had effective systems and controls to prevent the lost data being used for financial crime."

Margaret Cole added that Zurich "failed to oversee the outsourcing arrangement effectively and did not have full control over the data being processed by Zurich SA".

"To make matters worse, Zurich UK was oblivious to the data loss incident until a year later.

Start Quote

What this fine should do is drive the issue [of data loss] up the agenda”

End Quote Rupert Casey Macfarlanes law firm

"Firms across the financial sector would do well to look at the details of this case and learn from the mistakes that Zurich UK made," she said.

Zurich said that it had no evidence the data had been misused. The firm said it had introduced new security measures, and had appointed a dedicated information security officer.

Mr Lewis said that the incident "served to remind us of the need to strive continually to improve the ways in which we seek to protect customers' data".

As Zurich agreed to settle at an early stage of the investigation the firm's fine was reduced by 30%. Without this discount the fine would have been £3.25m.

Encryption

Experts said the size of the fine sends a signal that the authorities will crack down hard on data loss.

Rupert Casey, partner at Macfarlanes law firm, said companies and organisations had previously failed to take data loss seriously.

"That stemmed from the fact that data protection law never had any bite to it. That has all changed.

"What this fine should do is drive the issue up the agenda," he said.

Better encryption of data, password protection, and measures to ensure large files cannot be downloaded to devices like memory sticks must all be improved, he said.

The FSA has previously fined HSBC, Nationwide and Norwich Union for data loss.

More on This Story

Related Stories

The BBC is not responsible for the content of external Internet sites

More Business stories

RSS

Features

  • Alana Saarinen at pianoMum, Dad and Mum

    The girl with three biological parents


  • Polish and British flags alongside British roadsideWar debt

    Does the UK still feel a sense of obligation towards Poles?


  • Islamic State fighters parade in Raqqa, Syria (30 June 2014)Who backs IS?

    Where Islamic State finds support to become a formidable force


  • Bride and groom-to-be photographed underwaterWetted bliss

    Chinese couples told to smile, but please hold your breath


  • A ship is dismantled for scrap in the port city of Chittagong, BangladeshDangerous work

    Bangladesh's ship breakers face economic challenge


BBC © 2014 The BBC is not responsible for the content of external sites. Read more.

This page is best viewed in an up-to-date web browser with style sheets (CSS) enabled. While you will be able to view the content of this page in your current browser, you will not be able to get the full visual experience. Please consider upgrading your browser software or enabling style sheets (CSS) if you are able to do so.