Sony's data loss didn't breach Privacy Act

Sony Computer Entertainment (SCE) Australia wasn't on the wrong side of the law when it experienced a massive data breach due to a cyber attack earlier this year, according to Australian Privacy Commissioner Timothy Pilgrim.

The commissioner had decided to investigate April's Sony PlayStation Network (PSN) breach, which saw hackers gain access to over 70 million customer records. SCE Australia told the Commissioner that each individual's name, address (city, state, postal code), country, email address, date of birth, online ID, PSN/Qriocity password and possibly credit card data could have been accessed during the attack.

Principles set out in the Privacy Act require organizations to take reasonable steps to protect personal information and ensure that they only use or disclose personal information for the purpose that it was collected.

Read more of "Sony's data loss didn't breach Privacy Act" at ZDNet Australia.