Data watchdog needs to give business clear guidelines on data security & compliance, says Pinsent Masons

24 Jan 2013 | 05:12 pm | 1 min. read

Marc Dautlich, data protection law specialist at Pinsent Masons, comments on Sony's £250,000 fine by Britain’s data watchdog over a cyber attack breach that compromised the personal information of millions of PlayStation users. The Information Commissioner's Office (ICO) issued the penalty after it found the attack on the Sony PlayStation Network in April 2011 could have been prevented:

"Organisations need to be given guidance on what technical measures can be said to constitute an appropriate standard of security for the purposes of compliance with the Data Protection Act (DPA).

"The Sony appeal could be extremely interesting as it may provide an insight into what the ICO considers to be an appropriate standard of security that organisations have to have in place, particularly as it is a case involving a company in the private sector.

"Organisations are increasingly subject to malicious attacks and clarity from the ICO is needed about just how good security needs to be to meet the requirements of the DPA.

"This is an important issue at the moment, but it will come even more into focus if all organisations are mandatorily obliged to report data breach incidents as would be the case if proposed reforms to EU data protection laws are introduced as currently drafted.

"In our experience it is also very often the case that security incidents go hand-in-hand with a finding that organisations are holding too much personal data. This case should highlight the need for firms to concentrate on their retention policies and give the issue sufficient attention."

-Ends-

Notes to Editors:

Under the Data Protection Act (DPA) organisations must take "appropriate technical and organisational measures ... against unauthorised or unlawful processing of personal data and against accidental loss or destruction of, or damage to, personal data".

The Act also requires organisations to ensure that the personal data they hold is "adequate, relevant and not excessive in relation to the purpose or purposes for which they are processed".

For further information please contact:
Arti Mohan, PR Advisor
Tel: 020 7418 7106
Email: [email protected]

Latest press releases

Show me all press releases

Best Lawyers Germany 2020: 23 Pinsent Masons' partners ranked

Handeslblatt and Best Lawyers recognised 23 partners of multi-national law firm Pinsent Masons as Best Lawyers in Germany 2020.

Pinsent Masons hires real estate regulatory and investment partner in Germany

Multinational law firm Pinsent Masons has hired real estate funds regulatory and investment specialist Dorothee Atwell into its Frankfurt office

Advised Diamond Transmission Partners Walney Extension Limited

Multinational law firm Pinsent Masons has advised Diamond Transmission Partners Walney Extension Limited on the £447m acquisition and financing of the transmission assets relating to the 659MW Walney Extension offshore windfarm from Walney Extension Limited.

People who viewed this press release also viewed

Show me all press releases

Best Lawyers Germany 2020: 23 Pinsent Masons' partners ranked

Handeslblatt and Best Lawyers recognised 23 partners of multi-national law firm Pinsent Masons as Best Lawyers in Germany 2020.

Information and data privacy law partner hired in London

Multinational law firm Pinsent Masons has hired partner Jonathan Kirsop as a key addition to its leading data privacy and information law offering.

Dispute Resolution Group appoints partners in Munich

Multinational law firm Pinsent Masons has appointed partners Johanna Weißbach and Christian Schmidt as litigation partners in their Dispute Resolution Group in Munich, where they will both focus on clients within the Financial Services and Advanced Manufacturing & Technology sectors.

For all media enquiries, including arranging an interview with one of our spokespeople, please contact the press office on

+44 (0)20 7418 8199 or 

Location contacts