Security Management Measures
- (1)Formulation of Basic Policy
We will formulate basic policies regarding, for example, “compliance with related laws, regulations, and guidelines, etc.” and a “point of contact for handling questions and complaints” in order to ensure the appropriate handling of personal data.
- (2)Development of Rules for the Handling of Personal Data
We will formulate personal data handling regulations regarding the method of handling, person responsible or person in charge, and the duties, etc. thereof at each stage of acquisition or input, use or processing, retention or saving, transfer or transmission, deletion or destruction, and responses to leakage incidents, etc.
- (3)Organizational Security Management Measures
Together with establishing a person responsible for the handling of personal data, we will clearly specify the employees who handle personal data and the scope of personal data handled by those employees, and develop a system for reporting and communication to the person responsible in the event there is awareness of the fact or an indication of a violation of laws or the handling regulations.
- (4)Human Security Management Measures
We will conduct regular training for employees regarding matters to be conscious of regarding the handling of personal data.
- (5)Physical Security Management Measures
In areas where personal data is handled, we will control the physical access of employees and restrict devices, etc. that can be brought in, and also take measures to prevent unauthorized persons from viewing personal data.
We will take measures to prevent the theft or loss, etc. of devices, electronic media, and documents, etc. that handle personal data, and also take measures so that personal data is not easily revealed if those devices or electronic media, etc. are transported, including being moved within the office.
When destroying personal data, we will carry out deletion that cannot be easily restored or the physical destruction of media on which data is stated or recorded.
- (6)Technical Security Management Measures
If information systems (including personal computers and other devices) are used to handle personal data (including the case of sending and receiving, etc. it externally through the Internet, etc.), we will carry out appropriate access control in order to limit the scope of the persons in charge and the personal information database, etc. that is being handled.
We will certify that an employee using an information system that handles personal data is a person with proper authority based on the results of identification.
We will introduce and appropriately operate a structure for protecting information systems that handle personal data from unauthorized external access or unauthorized software.
We will implement and appropriately operate measures to prevent the leakage, etc. of personal data in connection with the use of information systems.
- (7)Understanding of the External Environment
The Company implements security management measures based on our understanding of the systems for the protection of personal information in the countries in which we handle personal data.