£2.3m fine for loss of details
The UK arm of Zurich Insurance, which employs 400 people in Swindon, has been fined £2.3 million by the Financial Services Authority (FSA) after it lost the confidential details of 46,000 customers.
The fine, the highest levied to date on a single firm for data security failings, was subject to a 30 per cent discount after Zurich UK agreed to settle at an early stage of the investigation.
The FSA said the loss, which included customers’ identity details, and in some cases bank account and credit card information, could have led to serious financial detriment for policyholders and may have exposed them to burglary risk.
In a similar incident in 2007, Swindon-based Nationwide was fined £980,000 by the FSA after a laptop containing confidential information was stolen from an employee’s home.
Stephen Lewis, chief executive of Zurich UK, said: “This incident was unacceptable. It served to remind us of the need to strive continually to improve the ways in which we seek to protect customers’ data.”
The information went missing when Zurich UK outsourced the processing of some of its general insurance customer data to Zurich Insurance Company South Africa Limited (Zurich SA).
Zurich SA lost an unencrypted back-up tape in August 2008 during a routine transfer to a data storage centre, but a lack of communication lines meant Zurich UK remained unaware of the incident until 2009. Zurich UK has seen no evidence to suggest that the personal data was misused.
Margaret Cole, the FSA’s director of enforcement and financial crime, said: “Zurich UK let its customers down badly.
“It failed to oversee the outsourcing arrangement effectively and did not have full control over the data being processed by Zurich SA.
“To make matters worse, Zurich UK was oblivious to the data loss incident until a year later.”
A statement from the FSA said the firm failed to take reasonable care to ensure it had effective systems for managing the risks relating to data security.
Mr Lewis said: “We believe our customers can be confident that we are doing everything we can to keep their data secure and protected.
“The FSA has acknowledged that we fully cooperated with its investigation and recognised that we treated the incident with utmost seriousness and have demonstrated a commitment to take the necessary steps to ensure the on-going security of our customer data.”
Rob Harman, a partner in top Swindon accountants with Morris Owen, said: “While not all businesses can expect to receive a fine as large as Zurich did there can be little question that any business handling personal data cannot afford to ignore this.”
This article originally appeared in the Swindon Advertiser on the 25 August 2010
Return to Morris Owen News menu