4:08 AM

(0) Comments

Zurich fined �2.3m for data loss

Addison Ray

24 August 2010 Last updated at 06:34 ET

The UK operation of Zurich Insurance has been fined �2.27m for losing personal details of 46,000 customers, the Financial Services Authority said.

It is the highest fine levied on a single firm for data security failings.

Margaret Cole, the FSAs director of enforcement and financial crime, said: Zurich UK let its customers down badly.

Stephen Lewis, chief executive of Zurich UK, said: This incident was unacceptable.

The data on policyholders, including in some cases bank account and credit card information, went missing in August 2008.

However, Zurich did not become aware of the loss until a year later, when it then began notifying customers.

The information went missing during a routine transfer to a data storage centre in South Africa.

�Start Quote

Firms across the financial sector would do well to look at the details of this case �

End Quote Margaret Cole FSA director of enforcement

The FSA said in a statement: Zurich UK failed to take reasonable care to ensure it had effective systems and controls to manage the risks relating to the security of customer data resulting from the outsourcing arrangement.

The firm also failed to ensure that it had effective systems and controls to prevent the lost data being used for financial crime.

Margaret Cole added that Zurich failed to oversee the outsourcing arrangement effectively and did not have full control over the data being processed by Zurich SA.

To make matters worse, Zurich UK was oblivious to the data loss incident until a year later.

Firms across the financial sector would do well to look at the details of this case and learn from the mistakes that Zurich UK made, she said.

Zurich said that it had no evidence the data had been misused. The firm said it had introduced new security measures, and had appointed a dedicated information security officer.

Mr Lewis said that the incident served to remind us of the need to strive continually to improve the ways in which we seek to protect customers data.

As Zurich agreed to settle at an early stage of the investigation the firms fine was reduced by 30%. Without this discount the fine would have been �3.25m.

The FSA has previously fined HSBC, Nationwide and Norwich Union for data loss.



Full Text RSS Feeds | WordPress Auto Translator
http://tinyurl.com/2f939hf
0 Responses to "Zurich fined �2.3m for data loss"

Post a Comment