Followingthefinerecently imposedon Sony Computer Entertainment Europeforoneofthemost serious security breaches the ICO had seen, Lawyer Monthly takes a look at the issues raised when attempting to ensure compliance with the Data Protection Act. To this end, we speak to Bridget Treacy, Managing Partner of Hunton & Williams’ London office. 

I leadtheUK PrivacyandInformationManagement practice and my practice focuses on all aspects of privacy and information governance for multinational companies, including big data and analytics, cloud computing, cross-border data transfers, behavioural targeting and data breach. My teamformspartofthe Global Privacyand Data Security practice.

The full facts of the Sony fine are not in the public domain (the ICO’s penalty notice is heavily redacted) but the fine sends a clear message that organisations must be proactive about data security. This includes updating security measures to reflect the nature of the data processed, and any known vulnerabilities. The greater an organisation’s technological expertise, the better the security should be. The Sony fine also serves as a reminder to data controllers that they remain responsible for data processed on their behalf, even where the processing is carried out by another company in the same group.