According to a declaration made by the Australian Privacy Commissioner, despite Sony’s delayed response in informing consumer’s of April’s PlayStation Network security breach, it has been determined that the company has not breached the nation’s Privacy Act.
According to a media release posted by the Office of the Australian Information Commissioner, the Australian Privacy Commissioner Timothy Pilgrim found that Sony Computer Entertainment Australia did not breach the Privacy Act in its response to the major PSN security breach.
Mr Pilgrim’s investigation found that Sony had complied with the National Privacy Principles in the Privacy Act. As a result, it was decided that Sony took “reasonable steps to protect personal information, and limit the circumstances in which organisations can use and disclose personal information.”
“I found no evidence that Sony intentionally disclosed any personal information to a third party. Rather, its Network Platform was hacked into. I also found that Sony took reasonable steps to protect its customers’ personal information, including encrypting credit card information and ensuring that appropriate physical, network and communication security measures were in place,” Mr Pilgrim said.
In response to the delay between Sony learning the Network was under attack and alerting affected users, for which the company has copped immense criticism, Mr Pilgrim stated that he “would have liked to have seen Sony act more swiftly to let its customers know about this incident”, but that he was “pleased that in response to this incident, Sony has now implemented extra security measures to strengthen protections around the Network Platform.”