The theft of a laptop containing details of an unknown
number of Nationwide building society customers has sparked calls
from a consumer watchdog for a new law to force companies to notify
customers of data breaches.
The National Consumer Council made the call as it emerged that
Nationwide is writing to its 11 million customers with security
advice following the theft of the company laptop from an employee’s
house in August.
The NCC is concerned that the building society waited three
months before notifying customers of the data breach. A
spokesperson said, “If this had been announced at the time,
customers would have been in a better position to take action and
change passwords and Pins.”
She added, “In the UK there’s no obligation on companies to
inform customers if there’s a breach of their personal data.
“In the US, 24 out of 50 states have now signed up to breach
notification laws, which mean companies must put out a public
statement, alerting the public that their customers’ data may have
been compromised. We’re calling for the UK to implement a similar
law here.”
Nationwide has refused to confirm how many customers’ details
were on the laptop, whether the data was encrypted or whether names
and account numbers were included, citing police advice.
A spokesperson said the password-protected machine held customer
data set to be used for market research. The information did not
include customers’ passwords, Pins or account balance information
and could not be used on its own to commit identity fraud.
Comment on this article:
computer.weekly@rbi.co.uk