Java security news is not getting any better.

The Data Protection Act offerseightcentral principlesthat any organization working in the U.K. and holding personal data must comply with. These require that such personal information must be:fairly and lawfully processed; obtained for limited purposes; adequate, relevant and not excessive; accurate and kept up to date; never kept for longer than necessary; processed in line with personal legal rights; not transferred to other countries without adequate protection; and, most relevant to this case, always kept securely.The organization's deputy commissioner and director of data protection, David Smith, said in theInformation Commissioner's findingthat, "If you are responsiblefor so many payment card details and log-in details then keeping that personal data secure has to be yourpriority. In this case that just didn't happen, and when the database wastargeted -- albeit in a determined criminal attack -- the security measures in place were simply not good enough ... There's no disguising that this is a business that should have known better. It isa company that trades on its technical expertise, and there's no doubt in my mind that they had access to both the technical knowledge and the resources to keep this information safe."The body also points to the impact the scandal has had on U.K. consumers' willingness to share their personal information online, which could of course impactU.K. e-commercemore widely. It quotesdata based on market research conducted shortly after the incidentthat said 77% of consumers had been left "more cautious" about giving their personal details to websites.The Information Commissioner's action is part of a stream of high-profile actions on organizations it deems have been too lax in protecting customer information.What's unusual here is both the sizeof the financial swipe it's made on the global brand of Sony -- more commonly, it fines public-sector bodies in the U.K., with a particular focus on cases where hospital workers lose USBs with sensitive patient data -- and also how clearly it says the company's bad security practices are to blame."The penalty we've issued today is clearly substantial, but we make no apologies for that," says Smith."The case is one of the most serious ever reported to us. It directly affected a huge number of consumers, and at the very least put them at risk of identity theft."Sony has yet to publicly react to thenews.Recent breaches have tarnished digital certificates, the Web securitytechnology.