A major insurance company has been fined a record £2.28 million for losing personal details on 46,000 policyholders, the City watchdog revealed today.
The Financial Services Authority (FSA) says the loss could have led to "serious financial detriment" for customers and even exposed them to the risk of burglary (see the ID Fraud and Stay Safe Online guides).
The fine, which has been levied on the UK branch of the company, is the highest the FSA has imposed for data security failings.
The loss occurred in August 2008, when the South African branch of the company lost an unencrypted back-up tape during a routine transfer to a data storage centre, but Zurich UK did not learn about the incident until a year later.
Margaret Cole, from the FSA, says: "Zurich UK let its customers down badly. It did not have full control over the data being processed by Zurich SA. To make matters worse, Zurich UK was oblivious to the data loss incident until a year later.
"Firms across the financial sector would do well to look at the details of this case and learn from the mistakes Zurich made."
Stephen Lewis, from Zurich, says: "This incident was unacceptable. It served to remind us of the need to strive continually to improve the ways in which we protect customers' data."
Further reading/Key links