Zurich fined £2.3m over loss of 46,000 clients' details
Zurich Financial Services' UK unit was fined £2.3m (€2.8m) for failing to prevent the loss of 46,000 customers' confidential data.
The insurer lost personal details regarding customers' identity, bank-account and credit-card information, and details of their insured assets, the Financial Services Authority (FSA) said yesterday in a statement.
The information, on a back-up tape, disappeared in South Africa while it was being transferred between data centres, the regulator said. Zurich did not learn of the mistake until a year later.
"Zurich UK let its customers down badly," FSA Enforcement Chief Margaret Cole said in the statement. "It failed to oversee the outsourcing arrangement effectively and did not have full control over the data being processed by Zurich SA."
The fine is the fourth the FSA has levied for data loss, and the largest fine against a single firm for failing to protect data. In July last year, the regulator fined three HSBC units a total of £3.2m for losing customer information in the mail. Nationwide Building Society and Norwich Union have also been fined for losing data.
A subcontractor of Zurich Insurance Company South Africa in August 2008 lost the tape, which contained personal information about Zurich Private Client, Zurich Special Risks and Zurich Business Insurance Direct policyholders, according to the FSA.
Personal data for 1,800 other people was also lost.
Zurich, part of the Swiss financial-services group named after the city where it is based, settled the case at an early stage and qualified for a 30pc discount on the fine.
No personal data was compromised, the FSA said.
Zurich appointed KPMG to investigate the loss and hired an information security officer to prevent future failures, Zurich UK chief executive officer Stephen Lewis said.
"The FSA has acknowledged that we fully cooperated with its investigation and recognised that we treated the incident with utmost seriousness," Lewis added.