James Delahunty
5 Oct 2011 18:11
Sony did not breach country's Privacy Act, according to office of the Australian Privacy Commissioner.
The PlayStation-maker should have moved quicker to notify Australian users of its PlayStation Network (PSN) services following a widely-publicized hack in April that exposed personal information of millions of gamers, but it did not technically break the law.
The announcement follows an investigation that was launched shortly after the incident, with the Privacy Commissioner questioning whether Sony Australia violated the Privacy Act, which regulates how firms transfer customer information to third parties.
The leak was the "result of a sophisticated security cyber attack on the Network Platform's systems," the Commissioner's Office said, determining that Sony Australia was not guilty of violating the law. Additionally, Sony Australia held no personal information relating to the incident, as it was stored in a data center in San Diego.
The Commissioner's Office did criticize the seven day delay between the firm becoming aware of the incident, and when it reported it to customers.
"Given his concerns over the period that elapsed before Sony notified its customers, the Privacy Commissioner strongly recommended that Sony review how it applies the OIAC's Guide to handling personal information security breaches," it said.