Zurich fined £2 million


FSA logoThe UK’s financial regulatory body, the Financial Services Authority (FSA), has fined the UK arm of Zurich Insurance £2 million for failing to prevent the loss of customer data. The fine is the highest ever levied by the FSA against an individual firm, and is the result of Zurich losing the personal information of 46,000 customers – according to the FSA investigation, the company ‘did not have adequate systems and controls in place’. Despite the fact that there is no evidence to suggest the lost data was ever used, the FSA pointed out that the information, which included identity details, banks and credit card information, could have been used maliciously against the customers.
The loss occurred two years ago after Zurich outsourced the processing of some of its general insurance data to the South African division of the company. In August 2008, during a routine transfer of information to a data storage centre, an unencrypted back-up tape was lost. As there were no proper reporting lines in place, Zurich’s UK arm did not even find out about the loss until a year later.
Nonetheless, Margaret Cole, the FSA’s director of enforcement and financial crime, commented: “Zurich UK let its customers down badly. It failed to oversee the outsourcing arrangement effectively and did not have full control over the data being processed by Zurich SA. To make matters worse, Zurich UK was oblivious to the data loss until a year later.” She added: “Firms across the financial sector would do well to look at the details of this case and learn from the mistakes that Zurich UK made.”