The Information Commissioners Office (ICO) yesterday handed down a quarter of a million pound penalty to Sony following a breach of the Data Protection Act in 2011. The firm were accused of insecurely storing customer data after the Sony PlayStation Network Platform was hacked in April of that year allowing criminals to get away with customers personal details including names, addresses, email addresses, dates of birth and account passwords. In fact, everything a scammer needs to steal your identity.
Apart from the fact that £250,000 is chump change to Sony and the fine should be seen more as a signal than a deterrent, it does raise the question as to the safety of the customer data your business holds. These days pretty much all of it is in digital format and if you do hold customer data you need to be registered with the ICO and abide by their rules. Anyone with an e-commerce site should really be looking closely at this to determine if they could be at risk of a breach of the rules.
To find out if you or your business should be registered and to find out how to look after personal details of you clients you can visit the ICO website. Our advice is to do it now as ignorance is no defence and the fine meted out to Sony could just as easily be landed on any firm in the UK.