Sony is "unlikely" to face legal action from gamers upset over the PlayStation Network outage – but it is "probably" in breach of the Data Protection Act over the identity theft furore.
The PlayStation Network has been down since last Wednesday – preventing gamers from playing online.
According to Alex Chapman of Sheridans Solicitors, Sony's PSN terms and conditions – which all users must agree to before accessing the service – means legal complaints are unlikely to lead to compensation.
"Our applications are provided on an 'as is' basis," reads the T&Cs. "At times, applications may not be available or may be affected by faults or maintenance work, or by circumstances outside our control. No warranty is given about the quality, functionality, availability or performance of our applications or any content accessed via our applications. We reserve the right to change, suspend or withdraw all or any part of any application and to suspend your access to the application, at any time without notice."
"This is pretty self explanatory and probably protects Sony in respect of the outage," Chapman told Eurogamer.
However, users may have a cause of action through the Unfair Contract Terms Acts.
But to do so they would have to show a number of conditions, including that Sony hasn't provided the service with "reasonable care". They would also have to show some actual loss or damage. All rather unlikely.
Last night Sony addressed those who might be looking for a refund of any associated subscription fees or for any purchased content. "When the full services are restored and the length of the outage is known, we will assess the correct course of action," it said in a FAQ.
The situation intensified last night when Sony confirmed a hacker had stolen personal information and possibly even credit card details, putting millions at risk of identity theft.
It is likely that the huge security leak means Sony is in breach of the Data Protection Act 1998 - and could face claims from those impacted.
"One of the guiding principles of the Act is that personal data must be kept secure and the exposure of the data in this way would likely breach that principle," Chapman said.
The Information Commissioner has confirmed to Eurogamer that it intends to talk to Sony over the data theft.
The fact that user passwords have been "obtained", as Sony puts it, suggests Sony stored user passwords as plain text – and did not encrypt them.
"The Information Commissioner often fines companies for such breaches and affected consumers will also be entitled to bring a claim against Sony," Chapman added.
UK consumer rights group Which? says it's very unlikely that PlayStation owners will have to pick up any costs in the event that their credit cards are used for fraudulent activity.
"Unless you've been involved in the fraud or have been grossly negligent – for example, writing down your Pin and leaving it with your card – the most you can be liable for fraud on debit and credit cards is Ł50, and this is normally waived," reads an FAQ on its site.