Zurich Insurance fined £2.3m over customers’ data loss
Written by Ct R. Hamith   
Monday, 18 April 2011 07:19

Zurich Insurance says its loss of customer information was “unacceptable” The UK operation of Zurich Insurance has been fined £2.3m by the Financial Services Authority (FSA) for losing personal details of 46,000 customers.

It is the highest fine levied on a single firm for data security failings.

Margaret Cole, the FSA’s director of enforcement and financial crime, said: “Zurich UK let its customers down badly.”


Stephen Lewis, chief executive of Zurich UK, said: “This incident was unacceptable.”

The data on policyholders, including in some cases bank account and credit card information, went missing in August 2008.

However, Zurich did not become aware of the loss until a year later, when it began notifying customers.


The information went missing during a routine transfer to a data storage centre in South Africa.


The FSA said in a statement: “Zurich UK failed to take reasonable care to ensure it had effective systems and controls to manage the risks relating to the security of customer data resulting from the outsourcing arrangement.”

“The firm also failed to ensure that it had effective systems and controls to prevent the lost data being used for financial crime.”

Margaret Cole added that Zurich “failed to oversee the outsourcing arrangement effectively and did not have full control over the data being processed by Zurich SA.”

To make matters worse, Zurich UK was oblivious to the data loss incident until a year later.”

“Firms across the financial sector would do well to look at the details of this case and learn form the mistakes that Zurich UK made,” she said.

Zurich said that it had no evidence the data had been misused. The firm said it had introduced new security measures, and appointed a dedicated information security officer.

Mr Lewis said that the incident “served to remind us of the need to strive continually to improve the ways in which we seek to protect customers’ data.”

As Zurich agreed to settle at an early stage of the investigation the firm’s fine was reduced by 30%. Without this discount the fine would have been £3.25m.


Experts said the size of the fine sends a signal that the authorities will crack down hard on data loss.

Rupert Casey, partner at Macfarlanes law firm, said companies and organizations had previously failed to take data loss seriously.

“That stemmed from the fact that data protection law never had any bite to it. That has all changed.”

“What this fine should do is drive the issue up the agenda,” he said.

“Better encryption of data, password protection, and measures to ensure large files cannot be downloaded to devices like memory sticks must all improved”, he said.

The FSA has previously fined HSBC, nationwide and Norwich Union for data loss.

Aug 25, 2010 – Posted in Consumer & Safety Tip, Insurance News

Last Updated ( Thursday, 21 April 2011 07:02 )

Did You Know

arrow Identity theft is the top consumer complaint in the USA according to the Federal Trade Commission.

arrow US consumers reported fraud loss totalling more than $1.1 billion in 2006.

arrow Credit card fraud (25%) was the most common form of reported identity theft in the US in 2006.

arrow More than 100 000 people are affected by identity theft each year in the UK

arrow According to Privacy Rights Clearinghouse, more than 350 data loss incidents involving more than 140 million records have occurred since February 2005

arrow Organisations are obliged by law to take take adequate steps to ensure the proper disposal of data

You are here  :