Confession is good for the soul, but bad for the reputation

Those accused of a crime who plead guilty can expect a reduced sentence. Likewise, companies admitting to a data security breach or data loss get a reduced fine. In the case of Zurich Insurance, settling a Financial Services Authority investigation early took 30 per cent off the potential fine, saving itself nearly £1 million.

What this latest case of insecure handling of personal data throws into sharp relief is the issue of deterrence versus incentive. The level of FSA fine in this case was eye-watering enough at £2.275 million or nearly £50 for every record involved. Given the relatively low margins on general insurance products, that could be enough to turn every one of the accounts involved loss-making.

Those customers would argue that they have been put at risk by the insurer – ironically, given the nature of the product involved – and the consequences could have been much more severe. Fifty pounds is what ten credit card records might fetch on the black market, with a fraudster likely to net thousands of pounds if this data were to have been found and put to improper use.

So is the scale of the penalty enough to encourage others to review their data security and processes? Gaps in these are what let Zurich down, with the year during which it remained unaware of the data loss probably the most telling aspect of this incident. How many other major data controllers in the financial services sector could themselves be in breach of FSA rules on data without knowing about it?

With the Information Commissioner yet to use his enhanced powers against anybody, data users across all sectors might be driven by fear of fines to tighten up their own processes. After all, that is the point of regulation and enforcement. The ICO has shown a softer side by talking up the need to report breaches and losses early to mitigate penalties later – like a priest giving an easier penance for a quick confession.

The question is whether companies will see these discounts as an incentive to admit problems. Or will the reputational damage that arises from the publicity in such cases be a bigger concern? After all, as long as the brand remains an asset on the balance sheet and the database does not, it is clear which will be handled with the most care.

Latest from Marketing Week

PLEASE SIGN IN OR REGISTER. IT'S FREE, QUICK AND EASY!

Access Marketing Week’s wealth of insight, analysis and inspiration that will help you develop as a marketer and leader.

Register and receive the best content from the only title 100% dedicated to serving marketers' needs.

We’ll ask you just a few questions about what you do and where you work, so we can make Marketing Week more relevant to you.

Register now

THE BEST CONTENT

Our award winning editorial team and columnists will ask the biggest questions about the biggest issues on everything from strategy through to execution to help you navigate the fast moving modern marketing landscape.

THE BIGGEST ISSUES

From the opportunities and challenges of emerging technology to the need for greater effectiveness, from the challenge of measurement to building a marketing team fit for the future, we will be your guide.

PERSONAL AND PROFESSIONAL DEVELOPMENT

Information, inspiration and advice from the marketing world and beyond that will help you develop as a marketer and as a leader.

Dedicated to developing your skills and helping you achieve marketing excellence. Find guidance on leadership, professional development and the latest industry jobs.

Having problems?

Contact us on +44 (0)20 7292 3711 or email subscriptions@marketingweek.com

If you are looking for our Jobs site, please click here