In relation to the "number"/My Number system (it is regrettable that many media outlets still refer to it as a "common number"), we hear voices from various organizations saying things like, "Allow the number to be used by the private sector!" and "Let us obtain the four pieces of information (name, date of birth, gender, and address)!"
Originally, I believe that data is valuable when it is put to use, so I understand the sentiment, but I also feel that simply saying it won't do much.
Has the groundwork been laid for "utilizing the private sector" been completed?
That's what I want to say.
Tuesday, May 2011, 5, Keio University Mita Campus East Building 24FGIE Symposium held on "Considering the Common Number System and National ID System"But as you mentioned, how do you ensure that the companies that receive this information handle it properly?
Of course, it may be okay for large companies that are members of a certain economic organization, but that's not all Japanese companies are. For example, if only large companies listed on the First Section of the Tokyo Stock Exchange were allowed to obtain it, we have to say that it lacks fairness. There are many small companies that handle information more carefully than large companies. (On the other hand, there are also many large companies that do not do well.) In that case, a system is needed to review and guarantee that the company handles information properly.
This kind of framework that guarantees trust is calledTrust FrameworkIt's called.
Typical conditions that a trust framework should have include:
- There are clearly written and published screening criteria (organizational stability, information handling standards, etc.).
- There must be an organization that certifies the people and organizations that inspect.
- There is a person or organization that will review the application.
- The person or organization being reviewed exists.
- The results of the review will be made public.
If we are to call for the private sector to use "numbers," we must first start by establishing such a trust framework.
Just saying "please" won't get you anywhere.
First of all, the private sector should take action to establish such a trust framework and demonstrate that information can be handled safely within it.[*1]
[*1] When talking about safety, we tend to only emphasize the security aspect, but it goes without saying that if the privacy aspect is not properly addressed as well, it cannot be called safe. When designing a system or business, you should always consider "security considerations" and "privacy considerations."