The UK division of Zurich Insurance was fined £2,275,000 by the Financial Services Authority (FSA) for failing to prevent the loss of customers' personal information. This is the largest fine ever levied to a single firm for data security failings in the UK.
This fine is the result of Zurich Insurance losing 46,000 customers' personal details, including identity details and some bank / credit card information in 2008. The company lost an unencrypted back-up tape during a transfer to a data storage centre - the loss, however, was not noticed for a year, as no reporting lines were in place to catch the incident. Though there has, yet, been no information to suggest data was compromised or misused.
Margaret Cole, the FSA’s director of enforcement and financial crime, commented:
"Zurich UK let its customers down badly. It failed to oversee the outsourcing arrangement effectively and did not have full control over the data being processed by Zurich SA. To make matters worse, Zurich UK was oblivious to the data loss incident until a year later.
"Firms across the financial sector would do well to look at the details of this case and learn from the mistakes that Zurich UK made."
Zurich UK agreed to settle on their case. The £2,275,000 fine is a 30% discount off the original fine.
Via The Guardian