(1) Preparation of declaration of personal information protection
In order to ensure appropriate handling of personal data, we publish such details as “compliance with relevant laws and regulations, guidelines, etc.” and “information desk for complaints and consultations” in the declaration of personal information protection (Privacy Policy), and we review such details as necessary.
(2) Development of rules, etc. for personal data handling
We stipulate such details as handling methods, supervisors/persons-in-charge and their roles for each stage of acquisition, use, storage, provision, deletion/disposal, etc. in various company rules, including “Customer Information Management Regulations.”
(3) Organization-based secure management procedures
・Installation of management supervisors, etc. for personal data;
・Establishment of secure management procedures in the Working Regulations, etc.
・Business operations in compliance with handling rules concerning secure management of personal data
・Development of means for confirming the status of personal data handling
・Development and implementation of a framework for checking and auditing the status of personal data handling
・Development of a framework for dealing with cases such as information leakage
(4) Personnel-based secure management procedures
・Conclusion of non-disclosure agreements, etc. for personal data with employees
・Clarification of roles, responsibilities, etc. of employees
・Ensuring of thorough understanding of secure management procedures among, and provision of relevant education and training to, employees.
・Confirmation of status of employees’ compliance with secure management procedures
(5) Physical secure management procedures
・Management of areas, etc. where personal data is handled
・Prevention of theft, etc. of equipment, electronic media, etc.
・Prevention of information leakage, etc. during personal conveyance/transportation of electronic media, etc.
・Deletion of personal data and disposal of equipment, electronic media, etc.
(6) Technological secure management procedures
・Identification and validation of personal data users
・Establishment of personal data management classification and access control
・Administration of personal data access authorizations
・Measures for preventing issues such as leakage of and/or damage to personal data
・Recording and analyzing of attempts to access personal data
・Recording and analyzing of operational status of information systems which handle personal data
・Monitoring and auditing of information systems which handle personal data
(7) Supervision of consigned parties
When consigning the handling of personal data externally, we ensure that parties which properly handle such data are selected. We have developed handling rules for external consignment and review them on a regular basis in order to ensure proper implementation of secure management procedures by consigned parties.
(8) Understanding of external environment
We have been carrying out secure management procedures based on good understanding of systems concerning personal information protection which are operated in countries where personal data is handled.
Please contact the information desk below for queries regarding secure management procedures.