Across the Pond: Painful Regulation Exists as Well

Yesterday, Zurich Insurance was fined roughly $3.5 million dollars because a back-up tape containing unencrypted personal details of 46,000 policy holders went missing in transit. This is what happens when you rely on purely physical back-up to store sensitive data. The worst part is that Zurich did not even know they had lost the back-up tape for over a year! 

You cannot outsource truly sensitive data this way and expect it to be defensible. As EDD Blog Online points out: The UK "...found that the insurer had failed to take reasonable care to ensure it had effective systems and controls to manage the risks relating to the security of customer data resulting from the outsourcing arrangement." And I completely agree. Zurich, specifically their IT, Compliance, and Risk Management policies, should be reviewed to ensure that their data is kept safe. 

There are enough people out their trying to scam their way to stealing our identities (see Nigerian Scam), without insurance and credit card companies literally losing them. Let's try to act a little responsibly without having to have the government mommy us. Companies with sensitive data (which is pretty much every company) need to archive their data in-house. 

I can't believe this actually happened.