The fine relates to an incident in 2011 when the personal information of users on the Sony PlayStation Network Platform was compromised after hackers attacked the network. An ICO investigation found that Sony had failed to ensure that the Network Platform had kept up to date with technological developments and therefore the information was vulnerable to the attack.
The ICO acknowledged that the fine was a large one, with the Deputy Commissioner and Director of Data Protection stating that:
“the penalty we’ve issued today is clearly substantial, but we make no apologies for that. The case is one of the most serious ever reported to us. It directly affected a huge number of consumers, and at the very least put them at risk of identity theft.”
Sony have completely rebuilt the platform since the incident and have issued a statement saying that the strongly disagree with the ruling and will be launching an appeal.
The fine is of interest as it highlights how seriously the ICO are taking data protection breaches. Interestingly, they found Sony in breach despite acknowledging that this was a direct result of “a determined criminal attack”.
Data protection compliance is a serious issue and one which all businesses need to consider. If you need advice on this or other online compliancy issues please do not hesitate to call our Commercial Team at Hanne & Co on 0207 228 0017 or email email@example.com
Click here for further information from the ICOs website.