UK Data Protection Regulator ICO Flexes Power to Impose Fine - Sony Fined for Data Breach


Introduction -

On 24 January 2013, the UK Information Commissioner’s Office (ICO) served Sony Computer Entertainment Europe Limited (“Sony”) with a monetary penalty of £250,000 following a serious breach of data security (the“Act”). The penalty comes following the well-publicised security breach which afflicted the Sony Play Station Network Platform. This platform is the online element of Sony’s PlayStation mobile gaming products and gaming console, allowing customers to chat and play against each other online as well as purchase games and rent films with credit cards. It was hacked in a targeted and concerted denial of service attack in 2011.

The UK’s Power to Fine -

The UK (in common with other EU member states) has implemented the European data protection directive as the cornerstone of its data protection law. A key element of that law is the requirement (principle 7 of the UK Data Protection Act 1998 or Article 17 of the EU directive 95/46) that all personal data is kept secure (the standard is using “appropriate technical and organisational measures”) by the entity controlling that data. Until relatively recently, in the UK at least, transgression of this requirement would have been enforced by service of a notice requiring changes in the organisation (an “enforcement notice”).

Please see full alert below for more information.

LOADING PDF: If there are any problems, click here to download the file.