UK ICO: We Make No Apologies for Fining Sony

The agency says the PlayStation Network breach could have been prevented

By on January 24th, 2013 12:13 GMT

Back in October 2012, a Southern District of California judge dismissed a class-action lawsuit filed against Sony as a result of the PlayStation Network hack. However, the UK’s Information Commissioner’s Office (ICO) has issued a considerable fine, accusing the company of failing to keep customer information secure.

Sony disagrees with the £250,000 ($395,000/€297,000) fine and says it will file an appeal. However, David Smith, deputy commissioner and director of data protection at the ICO, explains that the company deserves it.

“The penalty we’ve issued today is clearly substantial, but we make no apologies for that. The case is one of the most serious ever reported to us. It directly affected a huge number of consumers, and at the very least put them at risk of identity theft,” Smith said.

“If there’s any bright side to this it’s that a PR Week poll shortly after the breach found the case had left 77 per cent of consumers more cautious about giving their personal details to other websites. Companies certainly need to get their act together but we all need to be careful about who we disclose our personal information to.”

Last year, the judge who dismissed the class-action lawsuit against Sony argued that the organization’s Privacy Policy clearly stated that there was no such thing as perfect security.

In addition, he noted that the breach was a case of “criminal intrusion,” in which the company was not involved in any way.

Now, Sony representatives highlight the fact that cyberattacks are “a real and growing aspect of 21st century life.”

However, the ICO’s own investigation found that the attack could have been prevented if software had been updated and proper security mechanisms had been set in place.

David Smith, ICO deputy commissioner and director of data protection, explains the reason for which Sony has been fined:

Comments