I was forwarded an article today from the BBC news website – Zurich Insurance fined £2.3m over customers’ data loss . It’s a fairly standard article about a financial institution being fined for losing customer data.
What really struck me though was a comment in the article from the FSA – “Firms across the financial sector would do well to look at the details of this case and learn from the mistakes that Zurich UK made…“. That’s true. But what concerns me is the real focus on fincos with this stuff. There are so many other companies now holding our private data – and in many cases they are holding more than the financial institutions do.
Shouldn’t we be maturing this argument now to extend beyond financial institutions? There should a duty of care for any company holding my data. Financials can lead the way – but we need to hold other companies accountable as well.