Other Citywire websites
Stay connected:

View the article online at http://citywire.co.uk/new-model-adviser/article/a425667

FSA fines Zurich record £2.2 million for data breach

by Iain Martin on Aug 24, 2010 at 10:55

FSA fines Zurich record £2.2 million for data breach

The Financial Services Authority has fined Zurich Insurance £2.27 million for the loss of computer back-up tapes containing the details of 46,000 policy holders.

Zurich failed to have the systems in place to prevent the loss of confidential information from clients including bank and credit card details, according to the FSA.

The unencrypted back-up tape was lost when Zurich UK outsourced the processing of information from its general insurance customers to its South African arm. Zurich South Africa lost the tapes during a routine transfer to a data storage centre but Zurich UK did not learn about the loss until a year later.

‘Zurich UK let its customers down badly. It failed to oversee the outsourcing arrangement effectively and did not have full control over the data being processed by Zurich SA,’ said Margaret Cole (pictured), FSA director of enforcement. ‘To make matters worse, Zurich UK was oblivious to the data loss incident until a year later.’

Zurich agreed to settle at an early stage of the investigation which led to its fine being cut from £3.25 million. The FSA noted that this was the largest fine levied against a single firm for data security filings.

Zurich informed customers that it had lost this information in October 2009 and has commissioned KPMG to review its procedures. ‘This incident was unacceptable,’ said Stephen Lewis, chief executive of Zurich Insurance. ‘We believe our customers can be confident that we are doing everything we can to keep their data secure and protected.’

12 comments so far. Why not have your say?

micky mouse

Aug 24, 2010 at 11:15

Pot calling the kettle black.

What about the 17 or so laptops the FSA lost 2/3 years ago. Where are personal fines for the FSA staff?


report this

Alison Jackson

Aug 24, 2010 at 11:17

..... and can anyone tell me exactly what will happen to this £2,27million - i.e. who will benefit from it, or does it just fall into the coffers of the FSA?

report this


Aug 24, 2010 at 11:52

This is the first time l've ever agreed with a mouse, but Mickey has it!!! What happened to the FSA staff who lost their lap tops, (if anything)? Who fines the FSA?? lf the FSA were fined, would they recover the money from the likes of Zurich who would thus in effect be fined twice?? Why haven't AIFA asked these questions??

The FSA are obviously above the law and can do what they like.

report this


Aug 24, 2010 at 11:54

Bonuses all round lads and lasses - throw another IFA on the fire!

report this

Anonymous 1 needed this 'off the record'

Aug 24, 2010 at 12:05

The money will be used to create another FSA department with another level of misguided overpaid sixth formers to come up with more hoops for us to jump through..

report this


Aug 24, 2010 at 12:09

It was the policholders that were at risk so shouldn't any fine levied be paid to them? The FSA are a regulatory body not a profit making business (although apparently not). If the ombudsman, for example, finds in favour of a client the client receives redress, the ombudsman doesn't take a fat payment for its staff bonus.

report this

Phil Castle

Aug 24, 2010 at 12:16

At least it's not a mutual they are fining this time. Nationwide got similar treatment with a stolen laptop and the fine was completely illogical as the people whose data had been lost would have been members of the mutual and hence were hit with a double whappy of last data anbd a fine which coudl affect their interests.....

Fining a company in these circumstances, where the company has shareholders is completely meaningless too unless the individual responsibile is sanctioned in some way. That does not mean fining the individual £2.27 million, but making sure an appropriate financial penalty is imposed (loss of bonus) and it is duly noted who was responsible and marking their employment record accordingley.

Unfortunately, the FSA appears to have no experience of imposing personal responsinility itself on it's own staff and in fact seems to prefer rewards for failure......

report this

Stuart Faires

Aug 24, 2010 at 12:34

who calculates the fines imposed by the FSA and why are the public not told what happens to the money once paid over-it`s time the FSA were compelled to be fully accountable

report this

Simon Kershaw

Aug 24, 2010 at 12:40


report this

Derek Wood

Aug 24, 2010 at 13:00

Alison J - in general, fines are returned to authorised firms, as an offset against fees. As a result, most fees have been reduced by 7.5% for 2010/11 (some by more). More info in PS10/07 (p.97/8 & Annex 4).

report this

Dave Greenhill

Aug 24, 2010 at 15:51

Why does everything refer to the corporate entity?

Why do the individuals involved not get named?

I do not say that as an advocate of a "name and shame" culture, but more of a "name and penalise individually" culture.

Most contributors will either be running or will have run their own business. We all know that the buck stops right there and it is our livlihoods and our chequebooks that are at risk.

But jobs in government departments seem to come with anonymity and freedom from blame and freedom from paying retribution for abject failure.

Is it any wonder that we suffer from empty vessels making a lot of noise, imposing systems that don't work and generally not caring one bit about the effects of their actions and edicts on what happens outside of their own proteced ivory tower?

Whatever happened to government by the people, for the people? Or are we back to Animal Farm?

Everyone in an industry is equal, but some people (the regulators) are more equal than others!

The solution? Any fines should be levied on the regulator i.e. the last person to inspect the firm in default.

Why not?

When it comes to money laundering, a wee boy or girl who processes business is supposed to be trained to be "au fait" with the regulations and can be imprisoned for failure to act appropriately - as can the adviser.

But the civil servant/inspector who completely misses the banking crisis???

report this

Anonymous 2 needed this 'off the record'

Aug 31, 2010 at 12:54

I don't work for the FSA so no apologist for their actions, but bank account and credit card details for 46,000 people seems a lot to me, so the fine should be substantial

report this

leave a comment

Please sign in here or register here to comment. It is free to register and only takes a minute or two.

News sponsored by:

Opportunities emerge as production moves back home

As the UK coalition government strives to rebalance the national economy, so called 'reshoring' looks set to play an increasingly important role in economic recovery.

Today's top headlines

A spotlight on Alastair Mundy

Alastair Mundy met Citywire's Daniel Grote at the London Stock Exchange Studios for a detailed interview about the Investec Cautious Managed fund.

More about this article:

Look up the shares

    Register or Sign in to receive email alerts for items in your favourites whenever we write about them


Sorry, this link is not
quite ready yet