Contributed by Roumiana Deltcheva (August 25, 2010)
The UK's Financial Services Authority recently fined Zurich Insurance, a Swiss insurance company, the equivalent of $3.5 million for losing the sensitive, personal data of more than 46,000 customers.
There is currently no evidence that any of the data has been used illegally, but the loss of bank account and credit card information increases the possibility of identity theft and other crimes.
The data loss occurred when Zurich Insurance outsourced its data storage to its South African unit, but the group lost the backup tape containing the customer data. However, the company did not discover the data-leak prevention failure until more than one year later, which drove up the amount of the fine.
"Zurich UK let its customers down badly," Margaret Cole, the FSA's director of enforcement and financial crime, said. "To make matters worse, Zurich UK was oblivious to the data loss incident until a year later."
American regulatory organizations have also targeted financial firms in 2010 for failing to properly archive data. Most notably, the Financial Regulatory Authority fined investment bank Piper Jaffray $700,000 for failing to archive more than 4 million emails in a six-year span.
http://www.messagingarchitects.com/resources/security-compliance-news/email-security/uk-fsa-fines-zurich-insurance-for-customer-data-loss19930960.html
