Sony given official reprieve over hack

Powered by SC Magazine

Privacy Commissioner to take no further action.

Australia's Privacy Commissioner has cleared Sony of wrongdoing after finding the company's security was up to scratch when its PlayStation service was hacked in April.

Commissioner Timothy Pilgrim asked Sony for details of its security architecture to ascertain whether the hack of Sony had broken local laws, despite its infrastructure being located outside of Australia.

Some 77 million user records were compromised during the two day outage, including some 1.6 million Australian accounts.

The investigation concluded there was sufficient infrastructure in place to protect the records and cleared Sony of wrongdoing.

The finding relied on information provided by Sony Computer Entertainment Australia to the Office of the Australian Information Commissioner (OAIC), according to a source close to the matter.

Sony would have breached the Australian Privacy Act if it had inappropriately disclosed customer information to a third party, or did not adequately protect data, the OAIC said.

“The evidence showed that no personal information was disclosed to unauthorised parties; rather the information was accessed as a result of a sophisticated security cyber-attack against the network platform,” the investigation's report said.

The report assessed the hacked security infrastructure against two National Privacy Principles.

The first, 2.1, stated that personal information could only be used or disclosed “for the primary purpose for which it was collected”.

The second, 4.1, stated that organisations must “take reasonable steps” to protect personal information from “misuse and loss and from unauthorised access, modification or disclosure”.

Australia's privacy guidelines do not contain deadlines for companies to inform customers when their information had been compromised, though the office found Sony's week-long wait before it informed customers was too long.

Pilgrim said Sony's Australian chapters should have quickly notified local customers of the hack instead of waiting for the delayed notification from Europe.

“This delay may have increased the risk of a misuse of the individuals' personal information,” he said.

“The Privacy Commissioner strongly recommended that Sony review how it applies the OAIC's guide to handling personal information security breaches.”

Copyright © SC Magazine, Australia

Sony given official reprieve over hack
Top Stories
Myer CIO named retailer's new chief executive
Richard Umbers to lead data-driven retail strategy.
Empty terminals and mountains of data
Qantas CIO Luc Hennekens says no-one is safe from digital disruption.
BoQ takes $10m hit on Salesforce CRM
Regulatory hurdles end cloud pilot.
Sign up to receive iTnews email bulletins
Latest Comments
Who do you trust most to protect your private data?

   |   View results
Your bank
Your insurance company
A technology company (Google, Facebook et al)
Your telco, ISP or utility
A retailer (Coles, Woolworths et al)
A Federal Government agency (ATO, Centrelink etc)
An Australian law enforcement agency (AFP, ASIO et al)
A State Government agency (Health dept, etc)

Do you support the abolition of the Office of the Information Commissioner?

   |   View results
I support shutting down the OAIC.
I DON'T support shutting the OAIC.