ICO Investigates Sony for Security Breach – Data Controllers Should Review Procedures to Avoid Investigations, Fines

Data Controllers Should Review Procedures to Avoid Investigations, Fines

May 5, 2011

The UK Information Commissioner’s Office (ICO) has confirmed it is investigating Sony due to the recent security breach that resulted in the loss of millions of PlayStation Network users’ personal data. The ICO will determine if action is needed on behalf of Sony’s 3 million registered UK users, and if Sony is found guilty of breaching the Data Protection Act, it may be fined up to £500,000.

This is a warning for data controllers to examine their procedures, and to lessen some of the risks of failing to delete and dispose of personal data where the purpose for holding it has expired. An ICO spokesperson said, “The ICO takes data protection breaches extremely seriously. Any business or organisation that is processing personal information in the UK must ensure they comply with the law, including the need to keep data secure.”

McGuireWoods Global Data Security Team

Counseling regarding data protection, including global data breach and privacy issues, is one of the services of McGuireWoods’ interdisciplinary Technology & Outsourcing practice, which provides legal services for business transactions driven by technology. Foremost among our diverse services are IT procurement, outsourcings, e-commerce transactions, data security, and dispute prevention and resolution. Our clients include Fortune 100 corporations, governmental entities, nonprofit organizations, and emerging business enterprises spanning the industry spectrum.