Australian insurers losing client data come under scrutiny from both the prudential and corporate regulators, and risk losing their licences, insuranceNEWS.com.au has found.

Last week the UK Financial Services Authority fined Zurich Insurance UK £2.275 million ($3.97 million) for losing the personal details of 46,000 general insurance customers [see INTERNATIONAL].

But an Australian insurer in the same situation would lose more than money, because the loss of client data would breach its financial services licence conditions.

The company would be in breach of Section 912A of the Corporations Act 2001, which requires the licensee to “provide financial services covered by the licence and to carry out supervisory arrangement”.

The licensee is also required to have adequate risk management systems to cover situations such as the loss of data under the Act.

If client data was lost, the insurer would also be in breach of the Insurance Contracts Act 1984, which would require them to notify clients of any changes to their cover.

Earlier this year the Australian Prudential Regulation Authority (APRA) issued a “prudent practice” guide on the management of information, which addressed areas such as effective monitoring processes and robust security reporting. 

It said APRA envisages that a regulated institution “would establish a clear allocation of responsibility for regular monitoring, with appropriate processes and tools in place to manage the volume of monitoring required, thereby reducing the risk of an incident going undetected”. 

Industry sources told insuranceNEWS.com.au APRA and the Australian Securities and Investments Commission would work closely together on any data breaches and there are protocols to keep each regulatory authority informed of incidents as they occur.