Tag Archives: FSA

Data loss costs Zurich Insurance £2.27 million in FSA fines

The Financial Services Authority (FSA) has imposed fines of nearly £2.3 million against the UK arm of Zurich Insurance over a serious data loss incident in which 46,000 of its customers had their details exposed.

The fine is a new record and the FSA’s Margaret Cole said that it was appropriate because Zurich had failed in its responsibility for the protection of private data, protection that its UK customers had a right to expect.

Zurich’s UK CEO Stephen Lewis admitted that the data loss, which took place two years ago this month, was not acceptable. Included in the data that went missing back in August 2008 were financial details relating to Zurich customers, including account numbers and payment card information.

It took the insurance firm 12 months to detect the loss and it was only then that it was able to inform affected customers. This delay added to the controversy surrounding the original data loss and may have contributed to the scale of the record fine.

The data was lost in South Africa as storage drives were being transferred between centres as part of standard procedures.

The FSA criticised Zurich in a statement, saying that it had not ensured the protection of customer data with policies and data management systems and had been lax in its use of third party firms to manage data, consequently underestimating the risks.

The South African branch of Zurich’s operation was deemed to have lacked the necessary controls to ensure that data belonging to UK customers was properly protected against loss and subsequent use in fraud, Cole said.

At this time, Zurich has been adamant that the lost data has never been exploited by criminals, adding that improvements to data protection policy and a security executive had been put in place to help prevent any repeat of the incident.

Zurich had originally been facing fines of 3.25 million, but by choosing to accept the FSA’s rulings it saw a 30 per cent reduction in this total.

Retention Policies are expensive – Not with Online Backup

Mathias Thurman recently wrote an article about how having to buy new tapes was costing his company $40,000 each month, because he wasn’t be law allowed to re-use any tapes under 7 years old.  This huge expenditure for new tapes is not uncommon among many companies, and the cost of storing and transporting these tapes often results in companies simply being unable to meet with the law set in place resulting in severe fines and penalties issues by watchdogs and authorities.  However this large figure can be significantly reduced with online data backup from Backup Technology and Asigra.

Asigra has developed automatic retention policies that can be customised by the user, to fit in with their own company data retention policies and also those enforced by the FSA and industry governing bodies.  This allows companies to store all the appropriate data in Backup Technology’s highly secure, geographically separate data centres in Manchester and London, for the total amount of time needed, moving any data older than a certain period into a lower availability vault saving the client even more money in storage costs.  Automatic deletion of all data once it has reached its retention life span also helps to keep data backup storage costs down, and administrative costs and time expenses down.

Asigra can also help I.T. administrators stay on top of more complex retention policies that are being put in place by governing bodies, for example within the FSA regulations there are many different retention policies that apply to different types of data, such as employee records, different sets of accounts.  These variations in retention policies can easily be applied to separate data sets, giving the I.T. administrator yet more control over their protected data.

Utilising reliable disk to disk storage, extraordinary power of the BluArc infrastructure and technological capabilities of the Asigra software, BTL has helped both household names and SME’s alike to save money on the data retention polices they are being forced to put in place.

HSBC Fined £3,000,000 for Data Breaches

With security of data being so important in today’s world one would expect every organisation to be taking the uppermost care when it comes to storing data. It may therefore come as a surprise to hear that one of the world’s leading organisations has been found guilty of data loss on more than one account and it hasn’t gone unpunished.

If today’s economic climate isn’t applying enough pressure to HSBC then The Financial Services Authority most definitely is. The FSA has fined HSBC £3m for failing to properly look after its customers’ information and private business data. HSBC’s failure to follow procedure has led to at least two losses of customer data emphasising the fact that no organisation is too big to avoid scrutiny. 
 
In this specific instance the FSA investigated the bank and found unencrypted customer details on open shelves and unlocked cabinets breaching storage requirements. Customer details were also sent via the post or couriers to third parties, and staff were not trained in dealing with the risks associated with identity theft.

With technical advancements made in recent years there are multiple organisations that specialise in the storage of data in an encrypted format. Therefore with these many solutions available on the market today surely there is no excuse for any sized organisation not to be highly efficient in data storage and recovery, especially if financial penalties are in place. 

The investigations into HSBC’s data losses and poor practices have been identified over a period of years.
In April 2007 HSBC Actuaries lost details on 1,917 pension scheme members. In July HSBC Actuaries, along with two other subsidiaries, were warned by HSBC Group Insurance’s compliance department to sort out data security. But in February 2008 HSBC Life sent an unencrypted CD through the post containing details of 180,000 customers. The CD was lost.

HSBC Life UK Limited (HSBC Life) was fined £1,610,000, HSBC Actuaries and Consultants Limited (HSBC Actuaries) was fined £875,000 and HSBC Insurance Brokers Limited (HSBC Insurance Brokers) was fined £700,000.

Margaret Cole, director of enforcement at the FSA, said: “These breaches are very disappointing. All three firms failed their customers by being careless with personal details which could have ended up in the hands of criminals. It is also worrying that increasing awareness around the importance of keeping personal information safe and the dangers of fraud did not prompt the firms to do more to protect their customers’ details.”

This makes us wonder what other organisations are using for data storage, are they using improper practices with customer and business data? How many other organisations are passing under the radar by implementing inadequate data storage procedures?

Our Customers

  • ATOS
  • Age UK
  • Alliance Pharma
  • Liverpool Football Club
  • CSC
  • Centrica
  • Citizens Advice
  • City of London
  • Fujitsu
  • Government Offices
  • HCL
  • LK Bennett
  • Lambretta Clothing
  • Leicester City
  • Lloyds Register
  • Logica
  • Meadowvale
  • National Farmers Union
  • Network Rail
  • PKR

Sales question? Need support? Start a chat session with one of our experts!

For support, call the 24-hour hotline:

UK: 0800 999 3600
US: 800-220-7013

Or, if you've been given a screen sharing code:

Existing customer?

Click below to login to our secure enterprise Portal and view the real-time status of your data protection.

Login to Portal