The Nationwide Building Society was fined £980k by the FSA for failing to have effective systems and controls to manage its information security risks. The fine was imposed in February following the theft of a laptop from a Nationwide employee’s home in 2006. The FSA discovered that Nationwide was not aware that the laptop contained confidential customer information and did not start an investigation until three weeks after the theft.
The FSA considered that the building society did not have adequate information security procedures and controls in place, exposing its 11m customers to increased risk of financial crime. The fine sends out a clear warning to firms about the importance of having adequate internal systems and controls in place to secure information.