Unencrypted backup tape lost by Data Processor.
Monetary penalty: £ 2,275,000
Reason for action
Zurich did not audit data processor (a Group company in South Africa) and relied on group policies procedures and controls rather than managing the outsourced relationship as with a normal data processor.
24 August 2010