NATIONWIDE

NATIONWIDE

Nationwide The Nationwide Building Society has been fined Ł980,000 by the City watchdog over security breaches. The fine follows the theft of a laptop from a Nationwide employee's home which contained confidential customer data. The Financial Services Authority (FSA) found security was not up to scratch after the man had put details of nearly 11 million customers on his computer. The FSA also found that the Nationwide did not start an investigation until three weeks after the theft occurred. The FSA will not reveal exactly what was on the laptop as it has still not been recovered.

The Nationwide claimed that the information on it could not have been used for identity fraud as there were no PIN numbers, passwords or account balance information on it. However, it appears the laptop may have contained names, addresses and account numbers. As a result, the building society's customers had been exposed to the risk of financial crime. The FSA's investigation showed that the building society had not known that the laptop contained any confidential customer information at all. The laptop was stolen from the home of a long-standing and trusted employee of the Nationwide who needed access to the data.

However, despite reporting the theft of the laptop promptly, he did not tell his employer what was on it and then went on holiday abroad. It was only three weeks later that he told the building society that customer information had been lost, prompting its investigation. The Nationwide then wrote to all its customers apologising for the security breach. Its chief executive, Philip Williamson, said, "I wish to emphasise that there has been no loss of money from our customers' accounts as a result of this incident." (Source: BBC News, Feb/07)

The customers, not the directors, of Nationwide will pay a Ł980,000 fine for lapses in data security. It said it "would not be fair" if the directors paid the fine. As a building society Nationwide is owned by its members, the 11million customers, so any penalty in effect comes from their money. Many are not happy that they will have to pay the penalty for their data being compromised. A Nationwide spokesman said because the society has Ł135bn in assets and reserves the fine should easily be absorbed and that mortgage or savings rates would not change as a direct result of having to pay it.

Other members have suggested that the five directors should pay the fine. Between them they earned more than Ł4m in 2005/06, about half of which was in performance-related bonuses. The Financial Services Authority said it did not have the power to fine directors directly over this breach of its principles. Other members are angry that Nationwide still refuses to confirm whose data was on the laptop that went missing or what information was involved. The Information Commissioner, the body which protects our data, let the FSA take the lead in the investigation of what was almost certainly a breach of the Data Protection rules.

Assistant Commissioner Phil Jones said that customers could not use the Data Protection Act to find out what data of theirs was on the laptop. "The obligation is to tell you what information they hold," he said, "but you and I don't have rights to require someone to tell us what data is held in what particular kit in what particular place. The Data Protection Act does not require them to go into that sort of details. However, there is nothing in the Data Protection Act that would stop them passing that information on to customers who asked them." (Source: BBC News, Feb/07)