Categories: Security

ICO Slaps Insurers RSA With £150,000 Fine After Data Protection ‘Failure’

The Information Commissioner’s Office (ICO) has fined the Royal & Sun Alliance Insurance  (RSA) £150,000 following the loss of the personal information of nearly 60,000 customers.

The ICO slammed RSA for its “failure” to take “adequate precautions to protect customer information,” citing the lack of encryption, security and monitoring of its equipment.

The fine relates to the theft of a hard drive from RSA’s offices in West Sussex containing the personal information of 59,592 customers, including names, addresses and bank account details such as account numbers and sort codes.

Security failings

Twenty-thousand customers also had their credit card details stored on the device, although it is believed that CVC numbers and expiry dates were not affected,

According to the investigation carried out by ICO enforcement officers, the device was stolen by either a member of staff or a contractor and RSA did not have the appropriate security measures in places to protect the information from being accessed.

Steve Eckersley, ICO Head of Enforcement said: “Customers put their trust in companies to keep their information safe, particularly financial information. When we looked at this case we discovered an organisation that simply didn’t take adequate precautions to protect customer information. Its failure to do so has caused anxiety for its customers not to mention potential fraud issues.”

“There are simple steps companies should take when using this type of equipment including using encryption, making sure the device is secure and routine monitoring of equipment. RSA did not do any of this and that’s why we’ve issued this fine.”

The ICO has certainly not been shy to dish out financial penalties over the last few months. Back in October it fined TalkTalk a record £400,000 for the security failings which resulted in its now infamous data breach, before then fining two of the UK’s biggest charities for breaching data protection regulations.

And, in an ironic twist, the organisation confirmed last week that it also investigated itself
for failing to meet British data protection laws in a number of cases over the last four years.

Quiz: Are you a privacy expert?

Sam Pudwell

Sam Pudwell joined Silicon UK as a reporter in December 2016. As well as being the resident Cloud aficionado, he covers areas such as cyber security, government IT and sports technology, with the aim of going to as many events as possible.

Recent Posts

Ericsson To Cut 1,200 Jobs in Sweden Amid ‘Challenging’ Market

Swedish telecoms giant Ericsson blamed “challenging mobile networks market” and “further volume contraction” for job…

19 mins ago

FTX’s Sam Bankman-Fried Sentenced To 25 Years In Prison For $8bn Fraud

Dramatic downfall. Sam Bankman-Fried sentenced to 25 years in prison for masterminding $8bn fraud that…

1 hour ago

Elon Musk Orders FSD Demo For Every Tesla US Sale

Fallout avoidance? Tesla buyers in the US must be shown how to use the FSD…

2 hours ago

Amazon Pumps Another $2.75 Billion Into Anthropic

Amazon completes its $4bn investment into AI firm Anthropic, after providing an additional $2.75bn in…

4 hours ago

The Sustainability of AI

While AI promises unparalleled efficiency, productivity, and innovation, questions regarding its environmental impact loom large.…

7 hours ago

Trump’s Truth Social Makes Successful Market Debut

Shares in Donald Trump’s social media company rose about 16 percent after first day of…

7 hours ago