One week is not "immediately." Moreover, when did a law enforcement agency decide that disclosure would impede their investigation? Serious question: I honestly don't recall any such agency doing so, but if I missed it, my apologies.

As for your last point, I direct your attention to number 3. To the best of my knowledge, likely leaks include users' usernames and passwords, plus e-mail addresses, and users' credit card information may have leaked as well.

You're focusing on the fact that the credit card's security code wasn't included, which is great (no sarcasm), but the courts can take a broader view, especially since consumer laws in California are viewed in the broadest possible light in favor of the consumer. In light of how widespread the practice of reusing the same passwords is, I can assure you that several people's e-mail passwords match up with their PSN account passwords. Which is often a straight shot to accessing their financial information, due to online banking et. al.

Assuming I understand the underlying facts correctly, I'm fairly confident that the law will apply here. Now, this does not mean the plaintiff is likely to win, since proximate cause hasn't been proven and CC 1798.92 may only apply to CA residents (subsection a is restricted in that manner, a restriction which may or may not extend to subsection b). The only sticking point in my mind is the "data elements are not encrypted" portion. I believe the credit card information was encrypted on the servers, but was the rest of the information? If yes, the law does not apply. But if it's not...

in order of this to be considered "personal info" the name and one of the 5 in the list need to be presented without being encrypted. the credit card info was encrypted so this is not  considered personal info. Also, sony included a 3rd party to come in to investigate what occured AND has been working with the FBI and englands officials

They already lied, claiming that the downtime was for maintenance only. They sat on the fact that a breach might have happened for days, then eventually came out to say the breach MIGHT have happened.They were certain a breach might have happened initially, that's why they took PSN down. They could have said something initially to save face, but they didn't. Why? Because they didn't want their stocks to plumet, which is just what happened when they fially brought the news out. Now, do you mean to tell me that you don't think the stock price would have plummeted even further if that "Data MIGHT have been breached" quote was actually "Data HAS been breached"?

Sony have put a spin on this, and are hoping for the best, that the data stolen does not get maliciously used.

Again, I'm excluding the credit card information; the scenario I posted does not depend on that credit card information at all, and I only raised it to explain why it's not the focus. But the rest of the data were not encrypted.

http://gamrfeed.vgchartz.com/story/85847/sony-credit-card-info-was-encrypted-personal-info-was-not/

"The bad news is your personal information such as your name, address and birthday are NOT encrypted."

Presumably, your e-mail address and PSN password are also not encrypted, unless those are for some reason put under the credit card data table. Per Sony:

http://blog.us.playstation.com/2011/04/27/qa-1-for-playstation-network-and-qriocity-services/

"The entire credit card table was encrypted and we have no evidence that credit card data was taken. The personal data table, which is a separate data set, was not encrypted."

Finally, the last sentence has no bearing I can see on whether this law applies. It is of course commendable that they are investigating what's happened, and I wish them the best of luck in finding and prosecuting the perpetrators. However, this statute requires immediate notice to consumers, yet a week passed before such notice was given. I ask again: do you know that this delay was at the behest of a law enforcement agency?

But it needs to be a combination of the name and credit card and both need to be not encrypted in order for this to apply. It states in the law any public information is not considered personal information. That would mean name and address... PSN ID and password dont need to be encrypted as that cant be used to gain account information

By the way Xbox Live was hacked in 2007.

what is the difference between this and that. i mean of course there are security issues related to this, and apparently the level of encryption on the PSN is not as strong.

but i mean, Sony seems to have blown this way out of proportion, compared to that hack?? since nothing illigeal has been commited yet. can someone comment on this??

As MAx King of the Wild has pointed out, the information in question is not considered personal information in regard to your detective work anyway. I had no idea of the civil law you posted, but its still irrelavent based on the criteria anyway.

The fact of the matter remains, hackers gained access to the PSN. This community is so warped that rather than be disgusted with the hackers we follow allegience to branded videogame consoles.

Yeah im pissed it happened, im pissed Sony had to take down the PSN and force me to not watch hulu or netflix or play online but im intelligent enough to understand the real criminals are the hackers. This isnt negligence because if it were then this would have happened much sooner.

What solution do i want? I want Sony to make sure it doesnt happen again. Thats what theyre doing. Im not looking for a free handout for a service thats free being comprimised by hackers and blaming Sony because its easier.

I get how its easy to blame the big corperations but its childish and a never ending circle. The hackers are to blame, Sony is trying to make improvements. As an adult, mature consumer im angry about the situation and i blame the hackers and im glad Sony is working to make sure it doesnt happen again.

It actually doesn't need to be your credit card number; the law is broader than that, as it includes account numbers as well. And the public information part is only for things that you can get by request "from federal, state, or local government records," something which definitely does not include your personal e-mail address, which is the part I'm focusing on.

After all, according to Sony itself the unecrypted information included "name, address (city, state, zip), country, email address, birthdate, PlayStation Network/Qriocity password ...

The underlined portions are the key since, as I said, people routinely recycle the same passwords. Sony knows this, since it also warned "Additionally, if you use your PlayStation Network or Qriocity user name or password for other unrelated services or accounts, we strongly recommend that you change them, as well."

The issue is not whether your PSN account can be used to gain your financial information (which for many people it can, due to shared passwords and online banking), but whether the link is proximate enough for your PSN account to thus qualify as an "account number." I admit that I'm less confident now than I was earlier, but I can see a better lawyer than I linking the two sufficiently enough to qualify. This is doubly true since the statute's preamble speaks of how the law is intended to protect consumers' online privacy, and address the concern that private information leaks too easily.

No it doesn't?  Go back and re-read what he posted and why he's bolded parts of it.  Also, you know.  The links i sent you.

Find me a single person that's absolving the hackers of blame. You won't be able to. But while you're upset that you can't play videogames online for a week, millions of others are pissed off that they entrusted their personal information, including credit card info, to Sony, only to see it lost due to what is apparently gross negligence. They're equally upset that they were not told about a very real threat to their finances for over a week, for reasons that are currently unknown.

In essence, you're upset because your friend can't come out to play for a week, while others are pissed off that they entrusted your friend with their credit card and personal info, only to have him leave his front door wide open for whomever to waltz in and help themselves. It doesn't help that this happened over a week ago, with nary a word from said friend.

As someone who recently has only posted in threads about Sony and their security situation, and only in Sony's defense, you probably feel differently than most people do. That's fine, I guess. But the affected folks have a right to be upset. Or perhaps you'd like to tell them otherwise, and that their being angry at the loss of their private info is "warped"?