The FSA have issued the largest fine in their history. Zurich Insurance were fined £2.275 million after the loss of a data tape in 2008, whilst moving the tape to a new location in South Africa. Zurich did not learn that the tape had been lost until a year after that date. The data held included the personal details of over 46,000 UK customers and many more in South Africa. The tape was never recovered, although it does not appear to have been stolen.

Zurich Insurance had outsourced their data storage security to a South African firm but they had failed to create proper incident reporting lines and, as such, it took over a year for the information concerning the loss to reach them. Zurich informed the FSA immediately upon discovering the loss and, in a further admission of culpability, they agreed to settle at an early stage of the investigation.

The data held contained the personal details of clients’ homes and motor insurance, also including bank account and credit card information, security details for property, and insured assets and valuables. Zurich have been keen to stress that there is still no evidence that the tape was stolen; it remains lost, but there is no evidence of foul play or that the information contained has been compromised.

Stephen Lewis, the chief executive of ZIP UK (Zurich Insurance PLC), said: “This incident was unacceptable. Supported by KPMG, we commissioned a comprehensive review of our data security systems and procedures and have taken a number of steps designed to enhance those procedures”. At the time, Zurich also set up a response centre to discuss the information with clients and to inform them in detail of what information was contained about them.

The FSA made it clear that had they not admitted guilt and been co-operative at such an early stage, the fine would have been much higher. The FSA administers a 30% discount for agreeing to settle at an early stage and without this the fine would have reached £3.25 million. Previous fines for data loss have been given to HSBC, Nationwide, and Norwich Union.

Margaret Cole, the FSA’s director of enforcement and financial crime, said: “Zurich UK let its customers down badly. It failed to oversee the outsourcing arrangement effectively and did not have full control over the data being processed by Zurich SA”. She continued to say that “firms across the financial sector would do well to look at the details of this case and learn from the mistakes that Zurich UK made”.

Since the incident, Zurich has updated its security measures and will administer continuous checks. The FSA is due to be closed down in the near future as part of cuts made by the new coalition government. Its responsibilities will be passed to the Bank of England.


Similar Posts:

Share