When it lost a backup tape in South Africa that contained volumes of data on policyholders,
Zurich Insurance has openly pledged to improve its information security. The back-up tape, which also contained personal details of 1,800 third-party insurance claimants from the UK, was lost by Zurich's South African sister company during what was described as a routine transfer to a data storage facility in South Africa in August 2008. A total of 51,000 British records were resident on the tape. Zurich's UK arm wasn't informed about the problem until a year later, according to reports.
There's no evidence that the information was subsequently used in ID theft or other scams in any country, said the report.
The case was reported to UK privacy regulators, who extracted a promise from Zurich to improve its procedures or risk tougher action for any future data breaches.
In particular, Zurich Insurance plc pledged to apply encryption controls on backup records and apply "controls to monitor and promptly report potential or actual data loss activity" in future.
Zurich said: "where any future movement of back-up tapes containing personal data is required, ZIP UK will ensure that appropriate data security procedures, including the use of encryption where appropriate, are in place."
The insurer has also pledged to conduct staff training to prevent future similar breaches by improving lax backup handling procedures, as explained in a statement on the case issued by the ICO. Zurich reports that these steps were either completed or were underway.
