Measures for safe management of personal information

Measures taken for safe management of personal data

Formulation of a basic policy

To ensure appropriate handling of personal data, the Company has established and published the Privacy Policy as a basic policy on matters such as compliance with applicable laws, regulations, guidelines, and other provisions and contact points for questions and complaints.

Establishing and maintaining rules on handling of personal data

Based on Privacy Mark certification requirements, the Company has developed a privacy management system and has established and maintains personal information management rules and other rules and standards.

Organizational safe management measures

In addition to appointing a Chief Privacy Officer as the individual responsible for personal data, the Company clearly specifies the employees responsible for handling personal data and the scope of personal data handled by such employees. The Company has established and maintains structures for reporting and communicating to the individuals responsible any violations of laws, rules, or standards or signs of potential violations thereof.

In addition to periodic self-inspections, the Company implements audits by the sections in charge of information security regarding the state of handling of personal data. In addition, the Company has earned Privacy Mark certification and undergoes periodic reviews of the propriety of its handling of personal data.

Personnel safe management measures

The Company provides all employees (including employees of partner companies and officers) with regular training on the handling of personal data both upon initial hiring and annually thereafter. The Company Rules of Employment contain provisions governing the confidentiality of personal data.

Physical safe management measures

In addition to controlling the entry and exit of employees to and from areas where personal data is handled and implementing restrictions on the devices permitted in such areas, the Company implements measures to prevent access to personal data by unauthorized individuals.

Together with measures to prevent incidents such as the theft or loss of devices, digital media, and documents used in handling personal data, the Company takes measures to ensure that personal data is not readily identifiable when such devices and digital media are transported, even when they are moved within business facilities.

Technical safe management measures

The Company implements access controls to restrict the scopes of personal information databases and individuals in charge of handling such databases. The Company has adopted systems to protect information systems used to handle personal data from unauthorized external access or unauthorized software.

Review of external conditions related to personal data collected

The Company implements safe management measures after reviewing systems related to the protection of personal information in the United States of America, where it stores personal data.

Click the URL link below to see explanatory materials and survey results from the Personal Information Protection Commission regarding systems in individual countries.