The Information Commissioner’s Office (ICO) has named and shamed Zurich Insurance for the loss of an unencrypted backup tape containing the financial personal information of around 46,000 policy holders by its sister company Zurich Insurance Company South Africa.
Although the data loss is though to have occurred on 11 August 2008, the sister company did not inform Zurich Insurance until more than a year later according to the ICO. The tape was lost during an apparent routine transfer to a data storage centre in South Africa.
The UK branch manager of Zurich Insurance Stephen Lewis has now signed an undertaking to improve the secure transfer of data in the future and use encryption where possible.
Commenting on the loss, ICO head of enforcement and investigations Sally-Anne Poole said that it is vital that organisatons ensure effective safeguards are in place to protect personal information. “Failure to adequately protect personal details could lead to information falling into the wrong hands and ultimately the loss of customers’ trust and confidence,” she said.
Poole urged any business that have suffered a data breach to report the incident as soon as possible. “I encourage all organisations to report any serious data security breaches to us so that the nauture of the breach or loss can be considered.”
Earlier this year the ICO warned that businesses that do not own up to data breaches will face tougher action than those that come forward of their volition. Companies that fall foul of data breach laws risk a maximum fine of £500,000 under new powers granted to the ICO in January.
Also commenting on the Zurich Insurance incident, Chris McIntosh, chief executive of data encryption specialist Stonewood said that having strict data transfer policies was vital when sending information abroad – especially to countries with a questionable security record.
“This is especially important when operating in regions such as South Africa which, unfortunately, has a reputation for data theft and fraud,” he said. “Waiting a year, as Zurich’s sister company did on this occasion is quite frankly beyond unacceptable.”
Suspended prison sentence for Craig Wright for “flagrant breach” of court order, after his false…
Cash-strapped south American country agrees to sell or discontinue its national Bitcoin wallet after signing…
Google's change will allow advertisers to track customers' digital “fingerprints”, but UK data protection watchdog…
Welcome to Silicon In Focus Podcast: Tech in 2025! Join Steven Webb, UK Chief Technology…
European Commission publishes preliminary instructions to Apple on how to open up iOS to rivals,…
San Francisco jury finds Nima Momeni guilty of second-degree murder of Cash App founder Bob…