- En
- Jp
Personal Information
With the revision of the Personal Information Protection Act of 2017, all businesses, including small and medium-sized enterprises, are subject to the Personal Information Protection Act. While the general public's awareness of personal information is increasing, the contents of the Personal Information Protection Act are very difficult; so many companies may be having trouble dealing with it. If you violate the Personal Information Protection Law, you will be subject to risks such as penalties and damages. However, the real risk of a violation of the Personal Information Protection Law will be perceived as a company that violates the Personal Information Protection Law, and the brand value of the company will be lost. The decline in corporate image and the loss of social credibility may significantly damage corporate profits in the future.
In order to comply with the Personal Information Protection Law, it is important to accurately understand the rules for handling personal information. The rules for handling personal information include (1) rules for acquisition and use, (2) rules for storage, (3) rules for provision, and (4) rules for responding to disclosure requests. However, for each rule, there are many exceptions to the principle, such as "the principle is like this, but not exceptionally in such a case," and expert advice is essential to understand what kind of measures should be taken.
In addition to the handling of personal information in Japan, when acquiring personal information from overseas, it is necessary to pay attention to regulations related to personal information outside Japan. The GDPR, which is stipulated in the EU, is a major overseas regulation related to personal information protection, but in other countries regulations related to personal information are also carried out in each country or state, and if business activities extend to overseas, compliance with Japan's personal information protection law alone may not be sufficient.
In recent years, advances in technology have also complicated the risks companies face, such as cyber attacks and information leaks. The personal information that a company should protect must be properly managed and protected not only for the employees employed by the company but also for the personal information obtained in the course of business, and if there is a consignee, the management status of the consignee must also be of interest. In order to do so, it is necessary to focus not only on the introduction of the system, but also on the awareness of employees who handle information and the management status of outsourcing companies. In order to prevent scandals related to personal information, it will be important to improve information literacy throughout the company, and it will also be necessary to cooperate with outsourcing companies.
At ALG, we have extensive experience and track record in the laws and guidelines related to personal information. We can provide consistent legal support for the establishment of an internal system in accordance with the Personal Information Protection Act, such as the creation of a privacy policy and terms of use, the development of internal rules, and information literacy training, as well as for dealing with emergency problems such as information leakage.
The main services provided by ALG in connection with personal information are as follows.
- Preparation of various regulations concerning the handling of personal information
- Preparation of documents concerning utilization of personal information such as privacy policy and terms of use
- Legal advice on the use of personal information
- Internal training and seminars on the handling of personal information
- Response in case of trouble
- etc.
Please feel free to contact us if you have any questions other than those listed above.
Contact