The Australian Privacy Commissioner has declared that Sony Australia broke no privacy laws in its handling of the PSN breach earlier this year.
Although the Commissioner made clear that Sony should have communicated the extent of the breach to its customers more quickly, the legal investigation into culpability for the data loss has concluded that the loss occurred as a: "result of a sophisticated security cyber attack on the Network Platform's systems."
The office, which only has jurisdiction over Sony's Australian branch, also pointed out that the information itself was actually held by a different division of the company in California, reports Gamasutra.
The office judged Sony Australia to have responded to the crisis with due diligence in order to protect any further theft of its customers' information.
"The Privacy Commissioner was also satisfied with how the incident was dealt with following the breach in terms of the extra security measures that have been implemented to help protect personal information," reads the commissioners report.
However, some criticism was reserved for the speed with which Sony informed customers about the security breach.
"Given his concerns over the period that elapsed before Sony notified its customers, the Privacy Commissioner strongly recommended that Sony review how it applies the OIAC's Guide to handling personal information security breaches."