The Information Commissioner’s Office (ICO) has reprimanded Zurich Insurance, a firm that has been embroiled in a data loss scandal since 2008.
A total of 47,000 clients were affected nearly a year and a half ago when the South African arm of Zurich Insurance misplaced a significant data storage device during a transfer between data centres.
According to the ICO, Zurich withheld the news of the breach for 12 months before admitting it and in so doing was clearly in breach of the UK Data Protection Act.
It is known that the lost data device was completely unencrypted, allowing the personal information contained to easily leak out onto the black market.
Zurich Insurance conducted an investigation internally, the findings of which unearthed a catalogue of potentially damaging deficiencies in the management of data protection at its South African headquarters.
Zurich Insurance’s Stephen Lewis met with representatives from the ICO earlier in the week to commit to improving data security, particularly when data is to be transferred physically between two locations. Mr Lewis will now have to ensure that data is properly encrypted to contain the potential threat posed by any loss.
Mr Lewis is also committing to more transparency between his firm and the regulators, ensuring that any breaches or fragility identified in its systems will be rapidly reported to the proper authorities. Training staff and informing partners will also be an important step towards safeguarding customer data.
ICO investigator Sally-Anne Poole said that inadequate data protection would not only incur the scrutiny of a business by the relevant external bodies, but would also impact the business’ status and image amongst consumers and potential customers.
Data security expert Chris McIntosh told V3 that he found the year long delay between the point at which the data was stolen and the reporting of the event to be unbelievable. He said that identifying when leaks have occurred and notifying the affected parties and appropriate regulatory bodies is essential for any firm in maintaining the trust and respect of the market.
