Sony Face £500k Fine and US Senator Over PSN Hacking AND Sued – Update

The prolonged difficulties with Sony’s PlayStation Network has been headline news across the world and all forms of media over the past week. However, their woes are currently set to increase on both sides of the Atlantic. In the UK, if they have held any customer data in any dataservers in Great Britain. Sony have made clear that they are outside of blame or litigation should any problems occur with the PSN, which is outlined in their Terms and Conditions. This clause may not be enough to cover them from a hefty £500k fine.

For any data stored in the UK, that data is governed by all UK law and must therefore comply with the Data Protection Act (DPA), after speaking with Edge, the Information Commissioners Office (ICO) have stated:

“While we are unable to say where the data is being stored at present, if it was in the UK, this clause would not free them from their obligations under the UK Data Protection Act. If we found a breach, one of the actions we could take would be to issue an undertaking, which is an agreement between the ICO and the company that if they are handling personal information they have to bring about set improvements in order for them to be compliant with the act. If the company is not compliant with the act within a certain time limit, further action would be taken and we might consider an enforcement notice or issue a monetary penalty.

For serious breaches of the act, we can issue a monetary penalty up to £500,000.”

Now whilst this figure pales in comparison to the fines the EU have placed on Microsoft in the past, it’s still a damaging issue for Sony who has suffered poor press over the illegal intrusion into their network.

In addition to this, Senator Richard Blumenthal in the USA has written to Sony Computer Entertainment outlining his concerns and frustrations at how the company has handled this problem. In a seemingly scathing letter to the company, he has stated:

Although the breach occurred nearly a week ago, Sony has not notified customers of the intrusion, or provided information that is vital to allowing individuals to protect themselves from identity theft, such as informing users whether their personal or financial information may have been compromised. Nor has Sony specified how it intends to protect these consumers.

His full letter is available on his website, available here. Whilst Blumenthal’s concerns have no impact on the UK operation of Sony, it’s yes another reaction to this ongoing situation.

Update
In addition to all of the above, it’s now come to light that Sony in the USA are now being sued by a user of the PlayStation Network for failure to protect his details. In addition to his own suit, he’s planning on doing this as a class action suit. In the USA, a group of individuals may sue a person or company with a single solicitor or “lawyer” for the same case, normally for a fairly significant sum. The complaint logged in San Francisco states:

Consumers and merchants have been exposed to what is one of the largest compromise of Internet security and the greatest potential for credit-card fraud to ever occur in United States history,

Naturally the claimant has forgotten that there are more PlayStations in Europe than in the USA. Regardless, the suit has now been filed an Plaintiff Kristopher Johns, of Birmingham, Alabama, seeks to represent all affected users in a class-action suit.

He asked for reimbursement for losses from credit-card data theft, payment for credit monitoring for all plaintiffs, refunds for defective services and PlayStations and unspecified punitive damages.

For those who wish to follow this case, it’s Johns v. Sony Computer Entertainment America LLC, 11-02063, U.S. District Court, Northern District of California (San Francisco).

Source: Edge and GI.biz and Business Week