Turns Out Sony Didn't Break the Law When Somebody Else Hacked Them

The law can be a strange beast sometimes. Take Sony and Australia, for example: earlier this year, when the PlayStation Network was hacked into, an investigation was launched targeting Sony, to see whether the company had broken Australian law.

Australia's Privacy Act mandates that all bodies holding confidential information must take "reasonable steps" to ensure that information is stored in a safe and secure location. So when 1,560,791 Australian PSN accounts were hacked into as part of the April attacks, the country's Privacy Commission were forced to act.

That investigation wound up today, Privacy Commissioner Timothy Pilgrim announcing that Sony had been found to be in total compliance with the act, saying "Sony took reasonable steps to protect its customers' personal information, including encrypting credit card information and ensuring that appropriate physical, network and communication security measures were in place".

As a technicality (I hope it's just that and this wasn't a serious investigation, seeing as it would have been my taxpayer money funding it), Pilgrim could also reveal that the Commission had found "no evidence that Sony intentionally disclosed any personal information to a third party".

"Rather, its Network Platform was hacked into."

Phew. Glad we got that cleared up.

Sony did not breach Australian privacy law, says Privacy Commissioner Timothy Pilgrim [The Australian]


You can contact Luke Plunkett, the author of this post, at plunkett@kotaku.com. You can also find him on Twitter, Facebook, and lurking around our #tips page.