Hackers Steal Private Data of 77 Million PlayStation Network Users from Sony Servers

As widely reported by most major news outlets, online hackers recently compromised Sony's PlayStation Network, prompting Sony to shut down the PlayStation Network. Sony later admitted that before the PlayStation Network was shut down, "external intruder(s)" were able to access names, addresses, passwords, and possibly financial data, including credit card information for up to 77 million PlayStation Network users.

Sony Didn’t Act In Accordance With Its Privacy Policy

What is of most concern is that it took Sony almost a week to inform users of the breach in security, and Sony's failure to take reasonable steps to adequately protect personal information is sure to result in not only lawsuits, but also in regulatory penalties. Sony's Privacy Policy specifically notes, "While SCA cannot guarantee that unauthorized access will never occur, rest assured that SCA takes great care in maintaining the security of your personal information and in preventing unauthorized access to it through the use of appropriate technology and internal procedures."

Privacy Policies Should Match A Company’s Actual Operations

Failure by Sony to encrypt all of its customer's personal information could be seen as violating its own Privacy Policy. It is important for companies to draft Privacy Policies that accurately reflect its actual practices. This is often where companies run into problems and open themselves up to liability. When a company fails to strictly follow its posted Privacy Policy in its day-to-day operations, its actions may be seen as deceptive trade practices leading to enforcement actions.

Thus, it is important to avoid simply borrowing language from another's Privacy Policy or a standard template. Rather, a company should disclose their actual collection and maintenance practices in a clear and concise manner.

About the Internet and eCommerce law firm:

Klemchuk LLP is an Intellectual Property (IP), Technology, Internet, and Business law firm.  The firm offers comprehensive legal services including litigation and enforcement of all forms of IP as well as registration and licensing of patents, trademarks, trade dress, and copyrights.  The firm also provides a wide range of technology, Internet, e-commerce, and business services including business planning, formation, and financing, mergers and acquisitions, business litigation, data privacy, and domain name dispute resolution. 

Klemchuk LLP hosts Culture Counts, a blog devoted to the discussion of law firm culture and corporate core values with frequent topics about positive work environment, conscious capitalism, entrepreneurial management, positive workplace culture, workplace productivity, and corporate core values.