Categories: Security

ICO Slaps Insurers RSA With £150,000 Fine After Data Protection ‘Failure’

The Information Commissioner’s Office (ICO) has fined the Royal & Sun Alliance Insurance  (RSA) £150,000 following the loss of the personal information of nearly 60,000 customers.

The ICO slammed RSA for its “failure” to take “adequate precautions to protect customer information,” citing the lack of encryption, security and monitoring of its equipment.

The fine relates to the theft of a hard drive from RSA’s offices in West Sussex containing the personal information of 59,592 customers, including names, addresses and bank account details such as account numbers and sort codes.

Security failings

Twenty-thousand customers also had their credit card details stored on the device, although it is believed that CVC numbers and expiry dates were not affected,

According to the investigation carried out by ICO enforcement officers, the device was stolen by either a member of staff or a contractor and RSA did not have the appropriate security measures in places to protect the information from being accessed.

Steve Eckersley, ICO Head of Enforcement said: “Customers put their trust in companies to keep their information safe, particularly financial information. When we looked at this case we discovered an organisation that simply didn’t take adequate precautions to protect customer information. Its failure to do so has caused anxiety for its customers not to mention potential fraud issues.”

“There are simple steps companies should take when using this type of equipment including using encryption, making sure the device is secure and routine monitoring of equipment. RSA did not do any of this and that’s why we’ve issued this fine.”

The ICO has certainly not been shy to dish out financial penalties over the last few months. Back in October it fined TalkTalk a record £400,000 for the security failings which resulted in its now infamous data breach, before then fining two of the UK’s biggest charities for breaching data protection regulations.

And, in an ironic twist, the organisation confirmed last week that it also investigated itself
for failing to meet British data protection laws in a number of cases over the last four years.

Quiz: Are you a privacy expert?

Sam Pudwell

Sam Pudwell joined Silicon UK as a reporter in December 2016. As well as being the resident Cloud aficionado, he covers areas such as cyber security, government IT and sports technology, with the aim of going to as many events as possible.

Recent Posts

Norway Hit By DDoS Cyber Attacks From Pro Russian Group

Norwegian national security agency warns pro-Russian group has targetted private and public institutions in Norway…

50 mins ago

Google Tells Staff They Can Relocate After Roe v Wade Ending

After US Supreme Court last week removed women's reproduction rights, Google tells staff they can…

2 hours ago

Taiwan Developing Own Digital Currency – Report

Central bank of Taiwan confirms it is still working on its digital currency, but has…

3 hours ago

Tesla Cuts 200 Autopilot Jobs, Closes San Mateo Office – Report

More restructuring at Tesla with hundreds of bob losses and California office closure, where staff…

5 hours ago

US FCC Commissioner Urges Apple, Google To Remove TikTok

Fresh worry for TikTok, after FCC Commissioner writes to Apple and Google about removing the…

5 hours ago

Airbnb Permanently Bans Parties, With Few Exceptions

Victory for irate neighbours? Airbnb confirms its temporary Covid ban on parties in its listings…

6 hours ago