Sony did not break Australia’s Privacy Act during the PlayStation Network cyber attack, ruled Australia's Privacy Commissioner Timothy Pilgrim. Pilgrim’s report, released today, said that the Commission found "no evidence that Sony intentionally disclosed any personal information to a third party." Pilgrim said that he was satisfied that Sony Australia took reasonable steps to protect its customers’ personal information, including encrypting credit card information and ensuring appropriate security measures were in place.
The attacks on Sony’s various online services which took place earlier this year saw hackers get away with around 77 million customers’ (worldwide) personal information including passwords, names, addresses and credit card details. Pilgrim added the he "would [have] liked to have seen Sony act more swiftly to let its customers know about this incident" but was pleased with their efforts to increase security measures on PlayStation Network.
Meanwhile, the UK Information Commissioner’s Office has told Develop that it is still investigating the PSN breach. The regulatory group is trying to figure out if Sony was complacent in protecting its customers’ data. A report of the ICO findings will be published before 2012, an ICO spokesperson said.