The theft of a laptop containing details of an unknown number of Nationwide building society customers has sparked calls from a consumer watchdog for a new law to force companies to notify customers of data breaches.
The National Consumer Council made the call as it emerged that Nationwide is writing to its 11 million customers with security advice following the theft of the company laptop from an employee’s house in August.
The NCC is concerned that the building society waited three months before notifying customers of the data breach. A spokesperson said, “If this had been announced at the time, customers would have been in a better position to take action and change passwords and Pins.”
She added, “In the UK there’s no obligation on companies to inform customers if there’s a breach of their personal data.
“In the US, 24 out of 50 states have now signed up to breach notification laws, which mean companies must put out a public statement, alerting the public that their customers’ data may have been compromised. We’re calling for the UK to implement a similar law here.”
Nationwide has refused to confirm how many customers’ details were on the laptop, whether the data was encrypted or whether names and account numbers were included, citing police advice.
A spokesperson said the password-protected machine held customer data set to be used for market research. The information did not include customers’ passwords, Pins or account balance information and could not be used on its own to commit identity fraud.
Comment on this article: [email protected]