Regulation with teeth - now all we need is full disclosure
By silicon.com
Published: 14 February 2007 16:55 GMT
When it comes to regulatory fines, especially those issued to companies for information abuse, one often feels disappointed. Time and time again, it seems, the policing fails to pack much of a punch.
Not today. It is easy to dismiss £1m as 'pocket change' in this era of mega-bonuses, lottery fortunes and soaring corporate profits. But you can bet that those that run the Nationwide won't see it that way.
Last year, an unencrypted laptop was stolen from the building society during a burglary at an employee's house. Nationwide then waited three weeks to start an investigation into the theft.
All this didn't bode well for the security of customers' details. The Information Commissioner was informed and the Financial Services Authority (FSA) investigated.
Some 11 million UK Nationwide customers - including several members of the silicon.com team - were sent letters about ways and means for better security.
Then today the FSA handed down a £980,000 fine, reduced from a potential £1.4m.
The level of publicity such a high fine will attract will probably hurt Nationwide more than the financial hit. But there are two other points to note here.
Firstly, as a mutual building society, it could be argued the fine hits members a second time - when interest rates go up or down (on borrowings or savings) by, say, a thousandth of a percentage point because of the cost incurred. Though that's a stretch and hard to quantify, even if true.
Secondly, it shows the UK should have full disclosure laws, as seen in California for example. While Nationwide has cooperated with the FSA, others may wait until they're backed into a corner to reveal details of any breaches. When an organisation suffers a breech and knows about it, it should be obliged to come forward. Let your customers, staff and shareholders know what the risks are - that's the message.
Last year this publication fought long and hard to name the e-tailer that had divulged credit card details of shoppers, meaning credit card companies had to reissue thousands of cards.
But the company in question held tight. It called our bluff.
Wouldn't it look worse if the truth were now to come to light?
Work individually and with other incident response team members as necessary to assess, report and recover from incidents Assess technology ...
You will ensure that the Compliance Programme is executed in a timely manner, that adequate reporting and escalation of issues takes place and that ...
Essential skills & experience: * CISSP or similar security certification, * 3+ years experience as a System Engineer with expert knowledge of two or ...
Agenda Setters 2009
Welcome to the ninth annual Agenda Setters poll – silicon.com's list of the top 50 most influential individuals in the technology and IT industries, from techies and CIOs to entrepreneurs and business leaders. Find out more in our latest special report.
Stories from the web...
Copyright © 2008 CBS Interactive Limited. All rights reserved. Top of page
Digg
Slashdot
Del.icio.us
Stumble
Reddit
RSS Feeds
Nick Beecham and Belinda Doshi
Offshoring stymied by new VAT rules?
Financial services firms must prepare now for 2010 legal changes
Tim Ferguson
On a new Voyager, tackling fraud and the intellectual challenge
Interview: Nationwide IT director, Peter Stafford
Nick Heath
David Lister on smart grids and why he left RBS
Interview: National Grid CIO
Andy Jones
Why banks will push ahead with offshoring
Comment: Even if they don't want to
Catherine Stagg-Macey
Legacy IT holding back insurers
Comment: Economic crisis means finance giants must step lively
Julian Goldsmith
The City fund manager with no IT department
Q&A: How asset management is embracing the cloud...