The FSA said the £2.275m fine was the highest to date handed down to a single firm for data security failings.
Zurich UK, part of the Zurich Financial Services Group, did not have full control over the data being processed as part of an outsourcing agreement with its South African branch and was not aware of the tape’s loss until a year later, the FSA said. “Zurich UK let its customers down badly,” Margaret Cole, the FSA’s director of enforcement and financial crime, said. “Firms across the financial sector would do well to look at the details of this case and learn from the mistakes that Zurich UK made.”
The company said it had already taken measures to improve data security after it became aware of the loss, which occured in August 2008 as the tape was being transferred to a data storage centre.
Zurich Insurance UK chief executive Stephen Lewis said the loss of the back-up data tape was “unacceptable”. He added: “It served to remind us of the need to strive continually to improve the ways in which we seek to protect customers’ data.”
Lewis said KPMG had been asked to carry out a root-and-branch review of security procedures. The FSA said the fine had been reduced by 30 per cent from £3.25m after Zurich UK agreed to settle at an early stage.
FAST FACTS | DATA PROTECTION FINES
Norwich Union was fined £1.26m in 2007 for data security problems.
Three HSBC affiliated insurance companies paid a total of £3m last year for failing to protect customers’ confidential details.