The Financial Services Authority (FSA) has fined Zurich Insurance £2,275,000 after a back-up tape containing unencrypted personal details on 46,000 policy holders went missing in transit. The FSA said Zurich had inadequate systems and controls in place.
The fine is the highest levied to date on a single firm for data security failings, according to the UK regulator.
Zurich UK outsourced the processing of some of its general insurance customer data to Zurich Insurance Company South Africa Limited (Zurich SA). The FSA reported that in August 2008, an unencrypted back-up tape was lost during a routine transfer from a data centre in South Africa to a third party data storage facility.
The tape was lost by a subcontractor engaged by Zurich SA. The FSA found that the subcontractor had been engaged without Zurich UK's written consent.
The missing tape included identity details and in some cases bank account and credit card information. Zurich UK did not learn of the incident until a year later.
The FSA said the loss could have led to serious financial detriment for customers and exposed them to the risk of burglary. It found that the insurer had failed to take reasonable care to ensure it had effective systems and controls to manage the risks relating to the security of customer data resulting from the outsourcing arrangement. The firm also failed to ensure that it had effective systems and controls to prevent the lost data being used for financial crime.
To Continue Reading: Click Here
------------------------------------------
Source: out-law.com
Subscribe to:
Post Comments (Atom)
0 comments:
Post a Comment