 |
|
| CURRENT SECTION :: News | UK's most visited IT Contractor Site - 250k unique visitors March 2008 |
|
 |
New meaning has been given to Nationwide’s ‘proud to be different’ mantra as it has become the first institution in the UK to be fined for lapses in data security. The country’s largest building society incurred a penalty of almost £1million for putting its 11million customers at a heightened risk from fraud. The penalty for failing to have ‘effective systems and controls’ in place to manage information security was issued yesterday by the Financial Services Authority. In a statement, the regulator said Nationwide’s willingness to settle at an early stage of the probe means it only has to pay £980,000 – not the initial fine of £1.4million. The FSA said the failings of the building society were exposed following the theft of a laptop from the home of one of the company’s employees. Although the computer was security protected and didn’t contain customers PINS or passwords, Nationwide failed to launch an investigation until three weeks after the theft. Critics say such a lacklustre approach, on top of an absence of adequate data security controls, threatens to blacken the name of the entire UK banking sector. But in a response yesterday, Nationwide said the incident was an anomaly, despite it ushering in new procedures to safeguard customers’ personal information. “We have extensive security procedures in place, but in this isolated incident our systems of control were found wanting,” said chief executive Philip Williamson. “We have made changes to fill the gap and improve our procedures further. To set people's minds at rest I wish to emphasise that there has been no loss of money from our customers' accounts as a result of this incident.” But despite acknowledging Nationwide has responded responsibly, to include a full review of all its security procedures, the FSA said it had breached customer trust. Margaret Cole, director of enforcement, said: “Nationwide's customers were entitled to rely upon it to take reasonable steps to make sure their personal information was secure. "Firms' internal controls are fundamental in ensuring customers' details remain as secure as they can be and, as technology evolves, firms must keep their systems and controls up-to-date to prevent lapses in security.” The message was echoed yesterday by the Deputy Assistant Information Commissioner, David Smith. He told Channel 4 News it was unfair to suggest the UK banking sector was “cavalier” in its approach to information security, based on one lapse at one building society. But he stressed that any organisation runs a “real risk” of exposing their customers to fraud, if it is “careless” with people’s personal information. Since the laptop was stolen, Nationwide has increased security around customer accounts, and reiterated its policy of reimbursement for any of its customers who fall victim to fraud. Feb 15, 2007 Email this article Printer friendly page Previous Page
|
|
   |
||||||||||||||||||||||||
| All content © Contractor UK Limited | http://www.contractoruk.com/lists/?p=subscribe&id=1[Register for News Letter] | [Privacy Statement] | [Terms of Use] | [Top of Page] |