UK Data Protection Regulator ICO Flexes Power to Impose Fine - Sony Fined for Data Breach


Introduction -

On 24 January 2013, the UK Information Commissioner’s Office (ICO) served Sony Computer Entertainment Europe Limited (“Sony”) with a monetary penalty of £250,000 following a serious breach of data security (the“Act”). The penalty comes following the well-publicised security breach which afflicted the Sony Play Station Network Platform. This platform is the online element of Sony’s PlayStation mobile gaming products and gaming console, allowing customers to chat and play against each other online as well as purchase games and rent films with credit cards. It was hacked in a targeted and concerted denial of service attack in 2011.

The UK’s Power to Fine -

The UK (in common with other EU member states) has implemented the European data protection directive as the cornerstone of its data protection law. A key element of that law is the requirement (principle 7 of the UK Data Protection Act 1998 or Article 17 of the EU directive 95/46) that all personal data is kept secure (the standard is using “appropriate technical and organisational measures”) by the entity controlling that data. Until relatively recently, in the UK at least, transgression of this requirement would have been enforced by service of a notice requiring changes in the organisation (an “enforcement notice”).

Please see full alert below for more information.

LOADING PDF: If there are any problems, click here to download the file.

DISCLAIMER: Because of the generality of this update, the information provided herein may not be applicable in all situations and should not be acted upon without specific legal advice based on particular situations.

© Dechert LLP | Attorney Advertising

Written by:


Dechert LLP on:

Readers' Choice 2017
Reporters on Deadline

"My best business intelligence, in one easy email…"

Your first step to building a free, personalized, morning email brief covering pertinent authors and topics on JD Supra:

Sign up to create your digest using LinkedIn*

*By using the service, you signify your acceptance of JD Supra's Privacy Policy.

Already signed up? Log in here

*With LinkedIn, you don't need to create a separate login to manage your free JD Supra account, and we can make suggestions based on your needs and interests. We will not post anything on LinkedIn in your name. Or, sign up using your email address.