Zurich Insurance fined £2.27m for data security failings

25 August 2010

The Financial Services Authority (FSA) has issued a fine of £2.27 million to Zurich Insurance for not deploying adequate systems to protect client data.

According to the regulator, the firm lost personal details belonging to 46,000 customers, including credit card data and details surrounding security arrangements.

The information was lost when a back-up tape was misplaced while being transferred to a data storage centre in August 2008.

Zurich was found guilty of failing to ensure it managed the risks surrounding the transportation of the data effectively.

Margaret Cole, the FSA’s director of enforcement and financial crime, said: "Zurich UK let its customers down badly. It failed to oversee the outsourcing arrangement effectively and did not have full control over the data being processed by Zurich SA. To make matters worse, Zurich UK was oblivious to the data loss incident until a year later.

"Firms across the financial sector would do well to look at the details of this case and learn from the mistakes that Zurich UK made."

Zurich stated that it did not believe the personal information had been misused in any way.

The firm also qualified for a 30 per cent discount on the fine due to agreeing to a settlement at an early stage.

According to the FSA, the £2.27 million is the highest figure levied on a firm for data security failings.

By Jim Ottewill

Become a bobsguide member to access the following

1. Unrestricted access to bobsguide
2. Send a proposal request
3. Insights delivered daily to your inbox
4. Career development