The Financial Services Authority (FSA) has fined Zurich UK £2,275,000 for failing to have adequate systems and controls in place to prevent the loss of customers’ confidential information.
FSA said that the failings were noticed following the loss of 46,000 customers’ personal details, including identity details, and in some cases bank account and credit card information, details about insured assets and security arrangements.
Zurich UK outsourced the processing of some of its general insurance customer data to Zurich Insurance South Africa (Zurich SA).
In August 2008, Zurich SA lost an unencrypted back-up tape during a routine transfer to a data storage center, and Zurich UK did not learn of the incident until a year later, as there were no proper reporting lines.
FSA enforcement and financial crime director Margaret Cole said that Zurich UK let its customers down badly. It failed to oversee the outsourcing arrangement effectively and did not have full control over the data being processed by Zurich SA. To make matters worse, Zurich UK was oblivious to the data loss incident until a year later.