FSA deelt recordboete uit ivm ontbreken beveiliging
Financial Services Authority (UK) deelt recordboete van £2,275,000 uit aan Zurich Insurance vanwege onvoldoende beveiliging. Zurich Insurance (althans een zusterbedrijf in Zuid Afrika aan wie de verwerking was uitbesteed) verloor een niet-gecodeerde back-up tape met gegevens van 46.000 polishouders. Doordat adequate 'reporting' ontbrak vernam Zurich Insurance pas een jaar na dato van het incident. Met dank aan Louwrens Phoelich, Allen & Overy.
The Financial Services Authority (FSA) has fined the UK branch of Zurich Insurance Plc (Zurich UK) £2,275,000 for failing to have adequate systems and controls in place to prevent the loss of customers’ confidential information. The fine is the highest levied to date on a single firm for data security failings. The failings came to light following the loss of 46,000 customers’ personal details, including identity details, and in some cases bank account and credit card information, details about insured assets and security arrangements. The loss could have led to serious financial detriment for customers and even exposed them to the risk of burglary. Zurich UK has seen no evidence to suggest that the personal data was compromised or misused. Zurich UK outsourced the processing of some of its general insurance customer data to Zurich Insurance Company South Africa Limited (Zurich SA). In August 2008, Zurich SA lost an unencrypted back-up tape during a routine transfer to a data storage centre. As there were no proper reporting lines in place Zurich UK did not learn of the incident until a year later.