The big thing with that piece is how it illustrates how much collateral damage a hack like that causes.
posted by NoxAeternum at 12:53 PM on November 24, 2015

I thought it pointed out the power asymmetry. You can bet that if Quentin F. Deskjockey spilled some of Sony's spreadsheets onto the DarkNet.hack, they'd be drawn and quartered by Sony's droid army of lawbots. But some guys break in and steal everybody's Social Security numbers, dates of birth, maiden names, etc. and in their great mercy Sony pays for a year of some identity-protection service? Granted, the worker bees class-actioned a few more years out of them, but I'm curious what sort of liability they really have. Presumably none, since everyone now believes in the concept of 'identity theft'.
posted by Rat Spatula at 2:01 PM on November 24, 2015

You're comparing apples and oranges there. Yes, Sony would go after a rogue employee who leaked confidential information, just like any other business. But Sony was just as much a victim of the hack as their employees were.

We need to stop seeing these sorts of hacks as victimless, or justifiable by what dirt gets uncovered.
posted by NoxAeternum at 2:08 PM on November 24, 2015 [4 favorites]

It's no contradiction to say that the Sony Corporation was a victim of the hackers, and also potentially negligent in their data security. If criminals break in to my office here at AppSoftTech.biz, and copy work products or IP from my desktop computer, then that's theft from AppSoftTech. If they take the Rolex I left laying on my desk, that's also theft, but from me, and I wouldn't hold my employer to account for it - it's my property, not theirs, and just like the gym and the restaurant and the apartment complex, they're not liable for lost or stolen items; it's my bad for leaving a $5,000 watch unattended.

But, if they break into the HR offices, and they steal my bank account information, and then they drain my bank account? I think some restitution is in order.

Now, maybe that happened - I can certainly understand Sony keeping quiet about the details - but I'm curious what the law says about it, and the article doesn't really get specific about that. Obviously, Sony felt obligated to buy a year of AllClear for everybody - presumably some of their legal team insisted?
posted by Rat Spatula at 2:28 PM on November 24, 2015 [1 favorite]

The distinction I'm trying to point out is that, unlike the Rolex, I don't have any choice about whether my personal information is stored on the company servers - it's a condition of my employment.
posted by Rat Spatula at 2:39 PM on November 24, 2015 [3 favorites]

It's no contradiction to say that the Sony Corporation was a victim of the hackers, and also potentially negligent in their data security.

The key word being potentially. If you can prove that they were recklessly insecure and weren't showing any due diligence, then yes, they would owe you restitution. But if they were showing due diligence, you'd have a hard time getting any traction in the courts.
posted by NoxAeternum at 2:45 PM on November 24, 2015

The article mentions that the stolen data included employees' medical histories. How does '[d]etailed information about highly personal medical procedures' end up with your employer in the entertainment business?
posted by moody cow at 3:26 PM on November 24, 2015 [1 favorite]

That's how Japanese corporations work. The notion of privacy when it comes to employer access to medical records is baffling to my fellow employees. Annual checkups are often paid for by the corporation and records are kept in HR files. We are encouraged to feel thankful for this largesse.
posted by Ice Cream Socialist at 3:56 PM on November 24, 2015 [1 favorite]

How does '[d]etailed information about highly personal medical procedures' end up with your employer in the entertainment business?

I think it depends on how the insurance is structured. I know of people who were shamed at a company event when the CFO said something about how everyone's premiums were going up because there was a pregnancy complication. And the complicated pregnancy was my friend, and everyone knew it.

I'm grateful I'm in an HMO in a group so large there's no reason for my employer ever to know anything.
posted by suelac at 3:57 PM on November 24, 2015 [2 favorites]

That's horrific, suelac. But even without that kind of finger-pointing, the constant thrum at most companies that "we need to be wise healthcare consumers!" and "shop around to spend our health dollars wisely" because "our usage was really up this year" is essentially just shaming. When the perky HR drone says that stuff, how are the lady in the wheelchair and the guy with the CPAP and the diabetic supposed to feel?
posted by Rat Spatula at 4:15 PM on November 24, 2015 [4 favorites]

Then again, I don't know how much separation there is between Sony Japan and its other operations, so it could be that the lack of privacy with regards to medical records that is standard here isn't something that can be found in Sony's overseas corporate culture.

In short, my speculations may be off the mark. Sony is a big place.
posted by Ice Cream Socialist at 4:17 PM on November 24, 2015

I don't remember, now, which bit of media I was consuming when I heard a commercial touting how their company sells "solutions" that unify healthcare information management to allow easy communication between doctors, pharmacies, insurers, …, and employers. And in my head I went “[record scratch] what was that last one‽” I'm completely confident they use strict controls that prevent businesses from knowing only the vaguest details about medical particulars of their employees—I don't think.
posted by traveler_ at 4:56 PM on November 24, 2015

We need to stop seeing these sorts of hacks as victimless, or justifiable by what dirt gets uncovered.

We see people stealing SSNs and personal identifying information as victimless? I think that's a pretty small "we."

If you mean the "dirt" itself that's a whole 'nother debate. If you mean people focused on the dirt and didn't really think about all the other stuff that got hacked then sure, fair enough.
posted by atoxyl at 5:16 PM on November 24, 2015 [1 favorite]

(Though the FBI publicly pinned the hack on North Korea on Dec. 19, the theory that the hack was really staged, or else aided, by a disgruntled ex-employee persisted.)

IIRC, that was because the hackers didn't mention North Korea until the media made the Interview connection.
posted by ChurchHatesTucker at 5:30 PM on November 24, 2015

"A rash of civil suits, filed by stilted ex-staffers"... er, what? That's not a typo and some Slate writer needs a dictionary.
posted by blue shadows at 11:05 PM on November 24, 2015 [1 favorite]

Ice Cream Socialist: "Then again, I don't know how much separation there is between Sony Japan and its other operations"

I remember reading somewhere after the hack that there is a huge amount of separation between Sony Japan and Sony Pictures Entertainment. Totally different rules, culture, everything.
posted by Bugbread at 4:41 AM on November 25, 2015