Unencrypted backup tape lost by Data Processor.
Monetary penalty: £ 2,275,000
Reason for action
Zurich did not audit data processor (a Group company in South Africa) and relied on group policies procedures and controls rather than managing the outsourced relationship as with a normal data processor.
24 August 2010
View the press release relating to Zurich Insurance on the FSA website
View PDF of the Zurich Insurance Final Notice (via FSA website)
View PDF of the Zurich Insurance Final Notice (Breachwatch archive)