Zurich fined record pounds 2.28m for losing customers' data.
ZURICH INSURANCE has been fined a record pounds 2.28m for losing personal details on 46,000 policyholders, the City watchdog said yesterday. The Financial Services Authority said the fine, which has been levied on the UK branch of the company, was the highest it had yet imposed for data security failings. The data loss occurred in August 2008, when the South African branch of the company lost an unencrypted back-up tape during a routine transfer to a data storage centre, but Zurich UK did not learn about the incident until a year later. The disc contained personal information on general insurance customers, including details of their identity and in some cases bank account and credit card information. It also had details about the assets people had insured, and the security arrangements they had in place. The FSA said the loss of the disc could have led to serious financial detriment for customers, as well as exposing them to the risk of being burgled. But Zurich UK stressed it had seen no evidence that suggested the personal data on the disc had been compromised or misused. The regulator said Zurich had failed to ensure customer data was secure, following its outsourcing arrangement with the South African arm of the company, which processed some general insurance data on its behalf. It added that the firm also failed to have controls in place to prevent the lost data being used for financial crime. Margaret Cole, the FSA's director of enforcement and financial crime, said: "Zurich UK let its customers down badly. "It failed to oversee the outsourcing arrangement effectively and did not have full control over the data being processed by Zurich SA. To make matters worse, Zurich UK was oblivious to the data loss incident until a year later." She said Zurich would have been fined pounds 3.25m for the incident if it had not agreed to settle at an early stage and qualified for the FSA's 30% discount. Zurich said it regretted the concern the incident had caused its customers, who were told of the loss in October last year. Stephen Lewis, chief executive of Zurich UK, said: "This incident was unacceptable. It served to remind us of the need to strive continually to improve the ways in which we seek to protect customers' data." The group had appointed KPMG to review its data security systems, and had taken a number of steps to improve them, he said. "We are appointing a dedicated information security officer to provide ongoing assurance that appropriate measures are in place and that they will continue to be effective. "We believe our customers can be confident that we are doing everything we can to keep their data secure and protected. The FSA has acknowledged that we fully cooperated with its investigation and recognised that we treated the incident with utmost seriousness and have demonstrated a commitment to take the necessary steps to ensure the ongoing security of our customer data." The FSA has previously fined Nationwide pounds 980,000 for data security failings after a laptop containing customer details was stolen from an employee's home. Three HSBC firms were fined between pounds 700,000 and pounds 1.6m each for not properly protecting customers' personal details, while Norwich Union was fined pounds 1.26m for similar failings which led to a number of customers being the victims of fraud. Zurich - which is still headquartered in Switzerland where it was founded in 1872 - has nine offices across the UK, with one in Cardiff.
|Printer friendly Cite/link Email Feedback|
|Publication:||Western Mail (Cardiff, Wales)|
|Date:||Aug 25, 2010|
|Previous Article:||Taverns' trading up.|
|Next Article:||Tool hire centre to be sold to equity firm.|