We use cookies to give you the best experience on our website. If you continue without changing your settings we’ll assume you are happy with this. You can find out more about how we use cookies and how to change your settings here.
 
Home | Contact Us | Search

Trade News

 

 

 

 


 

 

 

 

 

 
RSS Feed

Insurance giant slapped with record fine for losing personal details of policy holders

27 August 2010

 

The UK branch of Zurich Insurance Plc has been given the highest fine levied to date on a single firm for data security failings.

The insurance giant has been fined £2,275,000 by the FSA for failing to have adequate systems and controls in place to prevent the loss of customers' confidential information.

The failings came to light following the loss of 46,000 customers' personal details, including identity details, and in some cases bank account and credit card information, details about insured assets and security arrangements.

The regulator stated the loss could have led to serious financial detriment for customers and even exposed them to the risk of burglary.

Zurich UK insisted that it has seen no evidence to suggest that the personal data was compromised or misused.

Zurich UK outsourced the processing of some of its general insurance customer data to Zurich Insurance Company South Africa Limited (Zurich SA). In August 2008, Zurich SA lost an unencrypted back-up tape during a routine transfer to a data storage centre.

As there were no proper reporting lines in place Zurich UK did not learn of the incident until a year later.

Zurich UK apparently "failed to take reasonable care to ensure it had effective systems and controls to manage the risks relating to the security of customer data resulting from the outsourcing arrangement".

The firm also failed to ensure that it had effective systems and controls to prevent the lost data being used for financial crime. 

Margaret Cole, the FSA's director of enforcement and financial crime, commented: "Zurich UK let its customers down badly. It failed to oversee the outsourcing arrangement effectively and did not have full control over the data being processed by Zurich SA. To make matters worse, Zurich UK was oblivious to the data loss incident until a year later.

"Firms across the financial sector would do well to look at the details of this case and learn from the mistakes that Zurich UK made."

As Zurich UK agreed to settle at an early stage of the investigation the firm qualified for a 30 per cent discount. Without this discount the firm would have been fined £3.25 million.




©2013 Dragonfly Finance
THIS WEBSITE IS STRICTLY FOR PROFESSIONAL INTERMEDIARIES ONLY.
Legal Stuff | Contact Us
Member of the Association of Short Term Lenders (ASTL)         Patron of the National Association of Commercial Finance Brokers (NACFB)         Official Association of Bridging Professionals (AOBP)
Dragonfly Property Finance is the trading name of Bridgeco Ltd (Reg No 6629989), Fern Trading Ltd (Reg No 06447318) and Rednel Ltd (Reg No 7531926)
Registered Office: 20 Old Bailey London EC4M 7AN. Registered in England and Wales.
Rednel Ltd is authorised and regulated by the Financial Conduct Authority