The Information Commissioner’s Office (ICO) has found Zurich Insurance plc in breach of the Data Protection Act after it lost an unencrypted back-up tape containing financial personal information belonging to 46,000 policy holders of Zurich Private Client, Zurich Special Risk and Zurich Business Client, which are all part of Zurich Insurance plc.
The back-up tape, which also included personal details of 1,800 third parties, was lost by a sister company, Zurich Insurance Company South Africa, during a routine transfer to a data storage centre in South Africa. The data loss occurred on 11 August 2008 although the sister company did not inform Zurich Insurance plc until over a year later. Subsequent internal investigations revealed failings in the management of security procedures involving data tapes in South Africa.
Sally-anne Poole, Head of Enforcement & Investigations at the ICO, said: “It is vital that organisations ensure effective safeguards are in place to protect personal information. Failure to adequately protect personal details could lead to information falling into the wrong hands and ultimately the loss of customers’ trust and confidence…”