When it lost a backup tape in South Africa that contained volumes of data on policyholders, Zurich Insurance PLC, part of the Zurich Financial Services Ltd. group of companies, violated the UK Data Protection Act, according to the UK Information Commissioner’s Office (ICO). As a result, the ICO asked Stephen Lewis, the London branch manager of Zurich Insurance, to sign an agreement that ensures any future movement of backup tapes include appropriate security procedures, including the use of encryption.
Zurich Insurance has openly pledged to improve its information security. The back-up tape, which also contained personal details of 1,800 third-party insurance claimants from the UK, was lost by Zurich's South African sister company during what was described as a routine transfer to a data storage facility in South Africa in August 2008. A total of 51,000 British records were resident on the tape. Zurich's UK arm wasn't informed about the problem until a year later, according to reports.
There's no evidence that the information was subsequently used in ID theft or other scams in any country, said the report.
The case was reported to UK privacy regulators, who extracted a promise from Zurich to improve its procedures or risk tougher action for any future data breaches.
In particular, Zurich Insurance plc pledged to apply encryption controls on backup records and apply "controls to monitor and promptly report potential or actual data loss activity" in future.
Zurich said: "where any future movement of back-up tapes containing personal data is required, ZIP UK will ensure that appropriate data security procedures, including the use of encryption where appropriate, are in place."
The insurer has also pledged to conduct staff training to prevent future similar breaches by improving lax backup handling procedures, as explained in a statement on the case issued by the ICO. Zurich reports that these steps were either completed or were underway.
Register or login for access to this item and much more
All Digital Insurance content is archived after seven days.
Community members receive:
- All recent and archived articles
- Conference offers and updates
- A full menu of enewsletter options
- Web seminars, white papers, ebooks
Already have an account? Log In
Don't have an account? Register for Free Unlimited Access