Many of you will have heard that Sony has recently suffered a massive data security breach with its PlayStation Network. The Network is still down and the security of over 100 million users has been compromised.

The Sony PlayStation Network allows users to play video games over the internet with anyone else subscribed to the Network, whether based here or abroad.

Although the data security breach occurred on 20^th April, the extent of the breach is still unknown. Sony has announced that it intends to re-launch the Network by the end of May.

So, what are the consequences for the users and what can other businesses learn from this?

The personal information that users might have lost includes names, addresses, dates of birth, email addresses and even credit card details. PlayStation users could suffer identity fraud and their credit cards may have been compromised. Users have been advised to look out for unusual transactions on their statements and to be wary of handing over additional personal information to organisations that might, for example, be impersonating their bank or other trusted businesses.

Investigations are ongoing as to whether Sony is actually at fault or not. However, businesses should take note that in an era when the Information Commissioner in the UK can impose fines of up to £500,000 for breaches of data protection law, they should satisfy themselves that their use and storage of personal data is compliant with data protection law.

It is also important that businesses have data security management and data security breach policies as the Information Commissioner will be very keen to have sight of such policies should there be a data breach.

For further information on data security and data protection compliance, please contact a member of Withy King’s Technology & Media team.