Data Controllers Should Review Procedures to Avoid Investigations, Fines
May 5, 2011
The UK Information Commissioner’s Office (ICO) has confirmed it is
investigating Sony due to the recent security breach that resulted in the loss
of millions of PlayStation Network users’ personal data. The ICO will determine
if action is needed on behalf of Sony’s 3 million registered UK users, and if
Sony is found guilty of breaching the Data Protection Act, it may be fined up to
£500,000.
This is a warning for data controllers to examine their procedures, and to
lessen some of the risks of failing to delete and dispose of personal data where
the purpose for holding it has expired. An ICO spokesperson said, “The ICO takes
data protection breaches extremely seriously. Any business or organisation that
is processing personal information in the UK must ensure they comply with the
law, including the need to keep data secure.”
McGuireWoods Global Data Security Team
Counseling regarding data protection, including global data breach and
privacy issues, is one of the services of McGuireWoods'
interdisciplinary
Technology & Outsourcing practice,
which provides legal services for business transactions driven by
technology. Foremost among our diverse services are IT procurement,
outsourcings, e-commerce transactions, data security, and dispute
prevention and resolution. Our clients include Fortune 100 corporations,
governmental entities, nonprofit organizations, and emerging business
enterprises spanning the industry spectrum.