A bill to amend part of the Act on the Protection of Personal Information was recently submitted to the Japanese Diet. The bill's main provisions will come into force within two years from the date of their promulgation. This article examines the parts of the bill which are expected to have a significant impact on ongoing business practices.
A recent high-profile theft of hard drives containing sensitive personal data has highlighted the need for Japan-based companies to ensure that their cybersecurity measures include processes for disposing of personal data that has been entrusted to them and reviewing their security controls regarding business partners who may come into contact with personal data. The case involved an employee at an IP recycling company who stole nearly 4,000 data storage devices that were destined for disposal.
In recent months, the Personal Information Protection Commission (PPC) has been proactive in publicising cases of data breaches that have had a significant social impact, together with the names of the companies, even when the PPC did not exercise its supervisory authority over the companies in question. Whether this trend will continue should be carefully monitored.
The Unfair Competition Prevention Act was recently amended to afford new legal protection to Big Data. Although this new legal protection is expected to increase data use, in order to qualify as protected data, data must be managed accordingly. Thus, all parties which use Big Data in their business should review their management systems, internal rules and agreements regarding the handling of data in order to ensure that such data can fall under the definition of protected data set out in the act.
The widely publicised amendments to the Act on the Protection of Personal Information recently came into force. In addition to changing how companies must handle personal information, the amendments reflect a significant shift in how such obligations are regulated and enforced. They also mark the establishment of the Personal Information Protection Commission, which will be the regulatory body responsible for managing and ensuring compliance with the amended act.