By Paul Lewis
BBC Radio 4's Money Box
The customers, not the directors, of Britain's biggest building society will pay a £980,000 fine for lapses in data security.
The stolen laptop contained confidential customer information
Nationwide was fined on Wednesday after a laptop was stolen from an employee's home in August.
It took three weeks before the society realised the extent and sensitivity of the customer details on the computer.
But Nationwide has told the BBC that it "would not be fair" if the directors paid the fine.
As a building society, Nationwide is owned by its members - the 11m customers - so any penalty, in effect, comes from their money.
Many are not happy that they will have to pay the penalty for their data being compromised.
Jill called BBC Radio 4's Money Box programme to say: "Because it's a mutual society, any fine will have to be picked up by the members, because there are no shareholders.
"It's a double whammy. It's bad enough to think your details may have been spread across the globe unnecessarily. But to be told as a member of a mutual society you are going to be fined, that seems a little unfortunate."
If the fine is divided equally among all Nationwide's members, the cost amounts to about 8p each.
A Nationwide spokesman said because the society had £135bn in assets and reserves, the fine should easily be absorbed and that mortgage or savings rates would not change as a direct result of having to pay it.
Other members have suggested that the five directors should pay the fine.
Between them they earned more than £4m in 2005/06, about half of which was in performance-related bonuses.
The Financial Services Authority said it did not have the power to fine directors directly over this breach of its principles.
And Nationwide told the BBC that it would "not be fair" if directors paid after they had helped build Nationwide into the large and successful society it is today.
Other members are angry that Nationwide still refuses to confirm whose data was on the laptop that went missing or what information was involved.
In December it wrote to all 11m customers to tell them that the stolen computer did not contain PINs, passwords, balances or memorable data.
But it will not deny that names, addresses, account numbers, e-mails, dates of birth and telephone numbers were on it.
The size of the fine - one the biggest in the history of the FSA and the first on a building society - indicates how seriously the regulator viewed the loss.
The Information Commissioner, the body which protects our data, let the FSA take the lead in the investigation of what was almost certainly a breach of the Data Protection rules.
Assistant Commissioner Phil Jones told Money Box: "It sends a very important wake-up call particularly to banks and others in the financial sector and to all organisations that hold personal information."
But he warned that customers could not use the Data Protection Act to find out what data of theirs was on the laptop.
"The obligation is to tell you what information they hold," he said, "but you and I don't have rights to require someone to tell us what data is held in what particular kit in what particular place.
"The Data Protection Act does not require them to go into that sort of details."
However, he confirmed the decision was up to Nationwide: "There is nothing in the Data Protection Act that would stop them passing that information on to customers who asked them."
BBC Radio 4's Money Box was broadcast on Saturday, 17 February 2007 at 1204 GMT.
The programme was repeated on Sunday, 18 February at 2102 GMT.