Measures Taken for the Security Control of Retained Personal Data

(Formulation of Basic Policy)

  • In order to ensure the appropriate handling of Personal Data, formulate a basic policy for "compliance with relevant laws and guidelines, etc." and "contact points for questions and complaints."

(Development of Disciplines on the Handling of Personal Data)

  • For each stage of acquisition, use, storage, provision, deletion, disposal, etc., formulate rules for the handling of Personal Data regarding the handling method, responsible person and person in charge, and their duties, etc.

(Systematic Safety Management Measures)

  • Appoint a person responsible for the handling of Personal Data, clarify the scope of employees who handle Personal Data and the Personal Data handled by those employees, and develop a system for reporting and communicating to the person responsible when facts or signs of violations of laws and handling regulations are identified.
  • Conduct self-inspections of the handling of personal data on a Continuity basis, and conduct audits by other departments and external parties

(Human Safety Management Measures)

  • Implement Continuity training for employees on points of concern regarding the handling of personal data
  • Matters concerning the confidentiality of personal data are included in the work rules.

(Physical Safety Management Measures)

  • In areas where Personal Data is handled, implement measures to prevent unauthorized persons from viewing the Personal Data, as well as control the entry and exit of employees and restrict the devices, etc. that employees bring into the area.
  • In addition to taking measures to prevent theft or loss of equipment, electronic media, and documents that handle personal data, measures will be taken to prevent personal data from being easily revealed when the equipment, electronic media, etc. are carried, including when they are moved within the office.

(Technical Safety Management Measures)

  • Implement access control to limit the scope of persons in charge and personal information databases, etc. to be handled
  • Introduction of a mechanism to protect information systems that handle personal data from unauthorized access from outside or from unauthorized software

(Understanding of External Environment)

  • When providing Personal Data to a third party in a foreign country, implement security control measures after understanding the system concerning the protection of Personal Information in the country where the Personal Data is stored.