Insurer slapped with record £2.275m fine for leak as Insurance Times reveals second mistake

Zurich is facing fresh embarrassment after it emerged that the insurer sent renewal documents to the wrong clients – in the same week as it was slapped with a £2.275m FSA fine for losing customer data.

Last year, Zurich admitted it had lost an unencrypted back-up data tape containing personal details of up to 46,000 general insurance customers.

In a separate incident, Insurance Times has learnt that renewal packs containing confidential personal information of policyholders were sent to the wrong customers from Zurich’s document processing centre in Wootton Bassett on a single day in July.

More than 200 documents were sent out in a batch of 30 envelopes to brokers’ clients. Zurich sent letters to 15 brokers and their clients to explain the error and has now sent the correct documents.

A Zurich spokesman confirmed the incident, which has been reported to the FSA as part of the normal ongoing process. An internal investigation put it down to manual error, which has now been corrected, the spokesman said.

The FSA fine against Zurich’s UK insurance business is the biggest ever fine issued to a single firm for losing confidential data.

Details of the lost tape incident, which occurred in 2008 during a routine transfer to a data storage centre in South Africa, only emerged one year later.

The FSA said Zurich UK had failed to ensure it had effective systems and controls to manage the risks relating to the security of customer data resulting from its outsourcing arrangement with Zurich Insurance Company South Africa, and to prevent the lost data being used for financial crime.

“Firms across the financial sector would do well to look at the details of this case and learn from the mistakes that Zurich UK made,” FSA director of enforcement and financial crime Margaret Cole said.

Zurich UK chief executive Stephen Lewis said the incident was “unacceptable” and served as a reminder of the need to continually improve the ways in which the company protects customers' data.

Zurich’s fine was reduced from £3.25m after it agreed to settle at an early stage in the investigation.