John Oates reports:
Zurich Insurance must pay an enormous £2.3m fine for losing thousands of British people’s personal data.
The fine was imposed not by the Information Commissioner’s Office but by the Financial Services Authority.
Zurich Insurance lost 46,000 customer records including some bank details when a tape back-up went missing between two sites in South Africa. Even worse, it took a year for Zurich UK to hear about the loss.
The FSA said it found no evidence that the data had been misused or compromised, but it was clear that Zurich had no effective data protection systems in place or systems to manage the risks to “the security of customer data resulting from the outsourcing arrangement”.
The FSA said it had knocked a third off the fine because Zurich agreed to pay at an early stage – the company would have had to pay £3.25m instead of £2.275m.
Read more in The Register.