Decision could set precedent for other countries; UK ICO still investigating
Sony did not breach Australia’s Privacy Act during the PlayStation Network cyber attack, privacy commissioner Timothy Pilgrim has found.
Pilgrim’s report, released today, found “no evidence that Sony intentionally disclosed any personal information to a third party”.
He said he was satisfied that Sony Australia took reasonable steps to protect its customers’ personal information, by encrypting credit card information and ensuring appropriate security measures were in place.
The investigation, which is also being conducted by other countries around the world including the UK and US, came after concern Australians’ personal information may have been compromised.
Hackers are alleged to have stolen around 77 million customers’ personal information including passwords, names, addresses and credit card details possibly stolen.
Pilgrim added that despite his findings he “would liked to have seen Sony act more swiftly to let its customers know about this incident” but is “pleased” with their response by increasing security measures on the PSN.
Countries around the world such as the UK and US are currently investigating the hacking scandal to see if Sony had sufficiently protected its customers’ information and these findings may set a precedent of what to expect.
The PSN cyber attack occurred between the 17th and 19th of April and the network was out of full service for 43 days.
Despite the hacking scandal, Sony CEO Howard Stringer recently said the PSN has recovered well and following its welcome back package, and the network has grown by more than three million users since April.
Today the UK Information Commissioner’s Office told Develop it is still investigating the PSN breach.
The regulatory group is trying to ascertain whether Sony was complacent in protecting its customers’ data.
A report of the ICO findings will be published before 2012, an ICO spokesperson said.