By using this site, you agree to our Privacy Policy and our Terms of Use. Close
noname2200 on 28 April 2011
Edit Thread
Max King of the Wild said:
noname2200 said:
steverhcp02 said:


You said Sony should have told the consumers their information may have been stolen before they knew that. That would be stupid to release that statement and then have to clarify if in fact it wasnt.

*Ahem*

Cal. Civ. Code § 1798.82

"(b) Any person or business that maintains computerized data that includes personal information that the person or business does not own shall notify the owner or licensee of the information of any breach of the security of the data immediately following discovery, if the personal information was, or is reasonably believed to have been, acquired by an unauthorized person."

"Better safe than sorry." It's a simple, common-sense principle.



And they did that.

The notification required by this section may be delayed if a law enforcement agency determines that the notification will impede a criminal investigation. The notification required by this section shall be made after the law enforcement agency determines that it will not compromise the investigation.

why didnt y9ou keep reading?

AND YOU SHOULD HAVE KEPT READING LOL!

(e) For purposes of this section, “personal information” means an individual’s first name or first initial and last name in combination with any one or more of the following data elements, when either the name or the data elements are not encrypted:

(1) Social security number.

(2) Driver’s license number or California Identification Card number.

(3) Account number, credit or debit card number, in combination with any required security code, access code, or password that would permit access to an individual’s financial account.

(4) Medical information.

(5) Health insurance information.

So basically this law doesnt pertain to the case. This doesnt consider that personal information

One week is not "immediately." Moreover, when did a law enforcement agency decide that disclosure would impede their investigation? Serious question: I honestly don't recall any such agency doing so, but if I missed it, my apologies.

As for your last point, I direct your attention to number 3. To the best of my knowledge, likely leaks include users' usernames and passwords, plus e-mail addresses, and users' credit card information may have leaked as well.

You're focusing on the fact that the credit card's security code wasn't included, which is great (no sarcasm), but the courts can take a broader view, especially since consumer laws in California are viewed in the broadest possible light in favor of the consumer. In light of how widespread the practice of reusing the same passwords is, I can assure you that several people's e-mail passwords match up with their PSN account passwords. Which is often a straight shot to accessing their financial information, due to online banking et. al.

Assuming I understand the underlying facts correctly, I'm fairly confident that the law will apply here. Now, this does not mean the plaintiff is likely to win, since proximate cause hasn't been proven and CC 1798.92 may only apply to CA residents (subsection a is restricted in that manner, a restriction which may or may not extend to subsection b). The only sticking point in my mind is the "data elements are not encrypted" portion. I believe the credit card information was encrypted on the servers, but was the rest of the information? If yes, the law does not apply. But if it's not...