As the rise of cloud services and social networking encourages users to entrust everything from files to personal data to the care of service providers, the increasingly pertinent question will be the extent to which service providers are held responsible for securing data, and held liable when that data gets hacked.
In the case of Sony Online Entertainment, the answer to the liability questions appears to be: as little as legally possible.
In the aftermath of its PlayStation Network (PSN) getting hacked in April – during which over 100 million accounts were compromised – Sony has reportedly amended its terms and conditions to include a clause under which users promise not to engage in any class-action lawsuits against Sony if future hacks occur.
Users who refuse to agree to the new T&C will be banned from PSN, reports the BBC.
Sony is already facing a class-action suit for the April hacks, which is presumably why the T&C has been amended with a waiver against further suits.
PSN users can still sue Sony as individuals, and they can opt out of the waiver by sending a letter to Sony's headquarters in the US, but they’ll still have to agree to the T&C to log on to the service.
Users and bloggers are up in arms over the policy, and it’s not hard to understand why. That kind of mentality isn’t going to fly in an age where more and more services require users to store data in the cloud. That requires a distinct level of trust between the consumer and the service provider.
That’s hard to achieve when the service provider says: “If someone steals your data from our servers, don’t blame us just because it’s our job to secure the data in the first place.”