The recent case of Zurich Insurance receiving a £2.275 million fine for loss of personal data highlights the risks involved in managing data transfer, particularly between countries, when outsourcing IT services. The loss of almost 50’000 individuals financial personal data occurred during a ‘routine transfer’ by a third party to a data storage centre in another country. Zurich did not become aware of the loss until a year later. The heavy fine by the FSA follows previous action by the ICO in March 2010 and has attracted huge media attention. As more institutions move towards an outsourcing model for information systems, safeguarding against data protection breaches during transfer is vital. Clearly outlining information security in contracts with third parties and regular audits for compliance can limit the risks involved. For further information see http://www.scmagazineuk.com/zurich-insurances-fsa-fine-should-act-as-a-warning-on-the-importance-of-protecting-sensitive-information/article/177482/.