On 24 January 2013, the UK Information Commissioner’s Office (ICO) served Sony Computer Entertainment Europe Limited (“Sony”) with a monetary penalty of £250,000 following a serious breach of data security (the“Act”). The penalty comes following the well-publicised security breach which afflicted the Sony Play Station Network Platform. This platform is the online element of Sony’s PlayStation mobile gaming products and gaming console, allowing customers to chat and play against each other online as well as purchase games and rent films with credit cards. It was hacked in a targeted and concerted denial of service attack in 2011.
The UK’s Power to Fine -
The UK (in common with other EU member states) has implemented the European data protection directive as the cornerstone of its data protection law. A key element of that law is the requirement (principle 7 of the UK Data Protection Act 1998 or Article 17 of the EU directive 95/46) that all personal data is kept secure (the standard is using “appropriate technical and organisational measures”) by the entity controlling that data. Until relatively recently, in the UK at least, transgression of this requirement would have been enforced by service of a notice requiring changes in the organisation (an “enforcement notice”).
Please see full alert below for more information.
Firefox recommends the PDF Plugin for Mac OS X for viewing PDF documents in your browser.
We can also show you Legal Updates using the Google Viewer; however, you will need to be logged into Google Docs to view them.
Please choose one of the above to proceed!
LOADING PDF: If there are any problems, click here to download the file.
Topics: Compliance, Data Breach, Data Protection, European Commission, ICO, Penalties, Play Station, Sony, UK Data Protection Act, Video Games
Published In: General Business Updates, Consumer Protection Updates, International Trade Updates, Privacy Updates, Science, Computers & Technology Updates