View more on these topics

Zurich Insurance hit with highest fine for data security failings

The Financial Services Authority has fined the UK branch of Zurich Insurance £2.275m, the highest ever levied for security failings, for failing to have adequate systems and controls in place to prevent the loss of customers’ confidential information.

The failings came to light following the loss of 46,000 customers’ personal details, including identity details, and in some cases bank account and credit card information, details about insured assets and security arrangements.

The loss could have led to serious financial detriment for customers and even exposed them to the risk of burglary.

Zurich UK has seen no evidence to suggest that the personal data was compromised or misused.

The insurer outsourced the processing of some of its general insurance customer data to Zurich Insurance Company South Africa Limited. In August 2008, Zurich SA lost an unencrypted back-up tape during a routine transfer to a data storage centre. As there were no proper reporting lines in place Zurich UK did not learn of the incident until a year later.

The FSA says Zurich UK failed to take reasonable care to ensure it had effective systems and controls to manage the risks relating to the security of customer data resulting from the outsourcing arrangement.

The firm also failed to ensure that it had effective systems and controls to prevent the lost data being used for financial crime.  

Margaret Cole, director of enforcement and financial crime at the FSA, says: “Zurich UK let its customers down badly. It failed to oversee the outsourcing arrangement effectively and did not have full control over the data being processed by Zurich SA. To make matters worse, Zurich UK was oblivious to the data loss incident until a year later.

“Firms across the financial sector would do well to look at the details of this case and learn from the mistakes that Zurich UK made.”

As Zurich UK agreed to settle at an early stage of the investigation the firm qualified for a 30% discount, without this discount the firm would have been fined £3.25m.


MPC in wait-and-see mode over base rate but Sentance rebels for third time

Minutes from the Monetary Policy Committee’s August meeting show rate rebel Andrew Sentance once again voted for a 0.25% rise. It is the third month in a row that Sentance has voted to increase the base rate but all other members voted for no change, including new member Martin Weale who boosted the MPC’s membership […]


Specialist firms are a safe pair of hands

One of the evolutionary steps that has changed the business-to-business part of the market has been the decision by specialist service providers to diversify. Packagers and other providers to the intermediary market have morphed into providing debt management, secured loans, payment protection insurance claims and protection products, as well as their core propositions. This ability […]

'Feeling the Squeeze'

Royal London carried out a UK wide survey with 2,500 consumers age 35-44 over the summer. The survey found that over a third, 34 per cent, said their finances felt Squeezed and so were struggling to meet day-to-day expenses, despite 87 per cent being aware that they need to save more. However, the survey did […]


News and expert analysis straight to your inbox

Sign up
  • Post a comment
  • Sid Siddiqui 24th August 2010 at 12:59 pm

    Well done FSA, I wish other agencies such as Information Commissioner could learn something from you.I am the victim of fraud but NO action taken despite all the proofs.

  • David Bartleet 24th August 2010 at 11:31 am

    Glad to see that the FSA are now taking loss of client Data seriously. Shame nothing happened when the Uk Govt lost all the Data on people claiming benefits.
    One the one hand this really would have been a case of “Robbing Peter to pay Paul” and on the other hand is it a case of “Do as I say not as I do?”