Royal Sun Alliance Hard Drive goes Missing and ICO imposes fine

Updated: Apr 13


The source for this article was the ICO website and it was dated in June 2017 (prior to GDPR coming in to effect).

The ICO has fined Royal and Sun Alliance Insurance PLC (RSA) £150,000 following the loss of the PII data of almost 60,000 clients.

An ICO examination took a found the robbery of a hard drive containing 59,592 clients’ names, locations and financial balance details including account numbers and sort codes. The drive held credit card details of 20,000 clients, despite the fact that CVC numbers and expiry dates were not compromised.

ICO authorization officials found that RSA did not have the suitable measures set up to ensure security by averting the robbery at its workplaces in West Sussex from occurring. The drive was stolen from organization premises either by staff or a contractual worker, the data on it was not encoded and the gadget has never been recuperated.


Steve Eckersley, ICO Head of Enforcement stated: “Customers put their trust in companies to keep their information safe, particularly financial information.

“When we looked at this case we discovered an organisation that simply didn’t take adequate precautions to protect customer information. Its failure to do so has caused anxiety for its customers not to mention potential fraud issues.”


Mr Eckersley added:

“There are simple steps companies should take when using this type of equipment including using encryption, making sure the device is secure and routine monitoring of equipment. RSA did not do any of this and that’s why we’ve issued this fine.”

Join our mailing list

© 2018 - 2020 GDPR Community Ltd

  • Facebook
  • Twitter
  • Instagram