The Data Protection Agency has filed a complaint against Sony Facua by 'hacking' the online service of the PlayStation. The agency could not prove that you can apply the Law of Protection of Information (Act) Spanish to incidents involving the company and its impact to users.
In late April 2011, Sony announced that the company closed its network of online gaming worldwide for "maintenance problems". However, later acknowledged that the global moratorium was due to infiltration of a group hacker could have compromised the security of the data of millions of passwords, purchase history, billing addresses and even credit card data .
For these reasons, in Spain FACUA-Consumers in Action denounced the Data Protection Agency (AEPD) to Sony, saying the company was responsible for "security hole in its network of online games on the PlayStation Network was a cracker accessed confidential data. "
The Spanish subsidiary of Sony claimed during the inspections of the AEPD that the incident occurred on the premises of San Diego, and Sony Spain tended not responsible or liable, because "there had not tried to access data from service users, and their business scope is limited to the sale of consoles from Sony and video game developed by companies contracted by Sony. "
Moreover, while 334,453 users had provided credit card details to Sony, the company said that these data were specifically protected, and passwords of users, which were stored encrypted using an algorithm.
NOT CLEARED THAT MAY APPLY THE LOPD
Accepting the explanations of the company, from the AEPD, have decided to close the case, in a ruling issued in April July, when not accredited that can be applied to the Spanish Data Protection Act incidents involving company Sony.
According to the law firm specialized data www.salirdeinternet.com data protection "to apply the Data Protection Act, the penalty could have been put SONY, would reach € 300,000."
In this sense, according to these experts, the AEPD "has not had an easy, neither the ICO (British Authority data protection equivalent to the AEPD) or Sony Computer Entertainment Europe have responded to requests for information during the proceedings of research. "
On the other hand, Sony Spain explained to Data Protection took the following measures to minimize the problem: speed data transfer models, which was previously planned, a new processing center with increased security measures, implementation of automated software control and configuration management, improvements in levels of protection and data encryption, improvements in the detection of intrusions, unauthorized acessos and abnormal patterns of activity, addition of new electronic walls, and the creation of the position of Chief of Security Information, reporting directly to the Chief of Security of Sony Corporation, among others.
