FSA fines Zurich Insurance £2.3m
Share
The FSA has fined the UK branch of Zurich Insurance £2.3m for failing to have adequate systems and controls in place to prevent the loss of customers’ confidential information.
The fine is the highest levied to date on a single firm for data security failings.
The failings came to light following the loss of 46,000 customers’ personal details, including identity details, and in some cases bank account and credit card information, details about insured assets and security arrangements.
The FSA says the loss could have led to serious financial detriment for customers and even exposed them to the risk of burglary.
Zurich UK says it has seen no evidence to suggest that the personal data was compromised or misused.
Zurich UK outsourced the processing of some of its general insurance customer data to Zurich Insurance Company South Africa Limited. In August 2008, Zurich SA lost an unencrypted back-up tape during a routine transfer to a data storage centre.
As there were no proper reporting lines in place Zurich UK did not learn of the incident until a year later.
The FSA says Zurich UK failed to take reasonable care to ensure it had effective systems and controls to manage the risks relating to the security of customer data resulting from the outsourcing arrangement.
The firm also failed to ensure that it had effective systems and controls to prevent the lost data being used for financial crime.
As Zurich UK agreed to settle at an early stage of the investigation the firm qualified for a 30 per cent discount. Without this discount Zurich would have been fined £3.25m.
FSA director of enforcement and financial crime Margaret Cole says: “Zurich UK let its customers down badly. It failed to oversee the outsourcing arrangement effectively and did not have full control over the data being processed by Zurich SA. To make matters worse, Zurich UK was oblivious to the data loss incident until a year later.
“Firms across the financial sector would do well to look at the details of this case and learn from the mistakes that Zurich UK made.”
If you enjoyed this article, sign up here to receive daily email updates from Money Marketing and Follow @_moneymarketing
View results 10 per page | 20 per page
Readers' comments (15)
Anonymous | 24 Aug 2010 10:56 am
So how many pieces of fine art can you buy for £2.2m
Unsuitable or offensive? Report this comment
Incompetent Regulators Awards Team | 24 Aug 2010 11:00 am
Pot calling the kettle black.
What about the 17 or so laptops the FSA lost 2/3 years ago. Where are personal fines for the FSA staff?
Unsuitable or offensive? Report this comment
Bob Bull | 24 Aug 2010 11:28 am
As usual everything is FINE at the FSA!!!
Unsuitable or offensive? Report this comment
Anonymous | 24 Aug 2010 12:01 pm
Do as I tell you not as we have done!!!!!
Unsuitable or offensive? Report this comment
Chris Neil | 24 Aug 2010 12:26 pm
I really wish you guys would stop sniping at the FSA. They do a wonderful job, provide value for money and have taken great steps forward towards achieving their goals.
My clients are constantly telling me how more secure they feel knowing they have a strong regulator working on their behalf and think they earn every penny of their salary and bonuses.
Unsuitable or offensive? Report this comment
Juliette_msc | 24 Aug 2010 12:37 pm
The announcement of Zurich’s fine from the FSA demonstrates that any organisation that either requires users to log on, or retains customer’s confidential information should ensure that they have suitable systems in place to prevent data leakage.
Not only have Zurich been fined a large amount of money, but they have potentially damaged their reputation far beyond this charge. It is irrelevant that the information, according to Zurich, was not misused, the point is it should never have been leaked. There are services available which prevent such leakages, and industries such as banking in particular should have the appropriate precautions in place. As a Managed Security Services company (www.msc247.com), we work with a number of the UK’s leading Building Societies to ensure that their customers’ information is wholly protected.
Unsuitable or offensive? Report this comment
Anonymous | 24 Aug 2010 12:47 pm
Seriously - where does all this fine money go????
Flood relief, Homeless Children, NSpcc, RSPCA
Has anyone asked where this goes under a Freedom Of Information request?
Unsuitable or offensive? Report this comment
Anonymous | 24 Aug 2010 12:55 pm
A bank I was at a few years ago used to have One laptop a month stolen. The engineers comforted me by telling me it happens all the time. Client info was not encrypted.
Unsuitable or offensive? Report this comment
Julian Stevens | 24 Aug 2010 1:09 pm
It's for this year's £20m+ bonus pot, silly (so the FSA won't end this year £14m overdrawn with the very banks it's supposed to but manifestly fails to regulate).
Unsuitable or offensive? Report this comment
Adam Smith | 24 Aug 2010 1:14 pm
"Seriously - where does all this fine money go????" It goes to offset the next year's levy in that fee block; that's not a new thing.
Unsuitable or offensive? Report this comment