Tuesday, May 3, 2011

The Sony Disaster

It just keeps getting worse and worse for Sony. Technology and Internet lawyers have been watching closely as the Sony data breach saga plays out.

For those not familiar, the Sony Playstation network was recently hacked. The invasion resulted in the capture of consumer data for over 70 million people. Most of this information consists of email addresses and screen names. Sony has not yet admitted that credit card data has been stolen. Sony's network maintains credit card data for over 10 million users who wish to obtain content from Sony's network - such as movies and game related products.

Email addresses and screen names may not seem like a big deal, but that kind of data can be used by nefarious operators to perpetrate internet and email scams - resulting in millions in consumer financial loss.

Apparently Sony just appointed a new data security czar to prevent this in the future. With respect to the law, this will keep happening over and over again until legislators impose greater financial penalties upon companies who are hacked. In other words, there has to be a greater financial incentive for companies like Sony to take preventative measures.

Why didn't Sony have a data integrity czar and associated lieutenants in the first place? Because they didn't have too. Under current law, Sony has no real liability as long as it timely alerts its customers of the breach.

No comments: