AI Your Privacy

Summary of the 281st Personal Information Protection Commission Document 2 "Considerations based on the Personal Information Protection Act's so-called three-year review provisions (how to more effectively protect the rights and interests of individuals③)" (April 6, 4, Personal Information Protection Commission Secretariat)

Nat 2024-04-25 No Comments

The following is a summary of AI by Otia.AI of the 281st Personal Information Protection Commission Document 2 "Personal Information Protection Act: Considerations based on the so-called three-yearly review provisions (how to more effectively protect individual rights and interests③)". Please note that this is posted without modification as it is to introduce the capabilities of Otia.ai.

Disciplinary measures for businesses that submit opt-out notifications①

  • Current legal regulations (regulations at the time of provision)
    • As a general rule, personal information handling businesses must not provide personal data to third parties without the consent of the individual.
    • However, if certain conditions are met and a report is filed with the Personal Information Protection Commission, the information may be provided without the individual's consent.
    • The regulations were established to allow for the active distribution of personal information and to strike a balance between its protection and use.

Regulations concerning businesses that submit opt-out notifications②

  • Current legal regulations (regulations at the time of provision)
    • Opt-out notification businesses must make their name, address, and the method for stopping provision of information easily accessible to individuals.
    • "Easily accessible to the individual" refers to information being easily accessible on an ongoing basis.
    • Examples include posting it on the website or hanging it up in the office counter.

Disciplinary measures for businesses that submit opt-out notifications③

  • Current legal regulations (regulations at the time of provision)
    • If there is a risk that the recipient business may encourage illegal or improper activities, this constitutes improper use.
    • The obligation to record does not include the purpose of use of the information or the method of identifying the recipient.

Disciplinary measures for businesses that submit opt-out notifications (iv)

  • Current legal regulations (regulations at the time of acquisition)
    • Personal information handling entities must not obtain personal information by false pretenses or other illegal means.
    • When receiving personal data from a third party, you are obligated to verify how it was acquired.

Regulations concerning businesses that submit opt-out notifications (5)

  • Background of the amendment
    • Amended in 27
      • In order to prevent illegally obtained personal information from being resold to list companies, it has become mandatory to verify how the information was obtained.
    • Reiwa 2nd year amendment
      • It is now prohibited to provide illegally obtained personal data through opt-out provisions.
      • The use of personal information in a manner that facilitates illegal or improper activities is prohibited.

Disciplinary measures for businesses that submit opt-out notifications⑥

  • Emergency Plan
    • With the increase in specialized frauds, it became necessary to prevent the leaking of name lists by properly enforcing the Personal Information Protection Act.
    • Crackdowns have been stepped up on unscrupulous "list brokers" who provide lists to criminal groups.

Regulations concerning businesses that submit opt-out notifications (7)

  • Survey 1
    • Regarding how to ensure that the information to be notified is easily accessible to individuals, approximately 2% of businesses were unclear about their specific answer.
    • Approximately 2% of businesses did not provide any specifics regarding how they would verify that the business providing the personal information had acquired it through appropriate means.

Disciplinary measures for businesses that submit opt-out notifications (8)

  • Survey 2
    • Approximately 3% of businesses have not confirmed that the recipients of their information do not encourage illegal or inappropriate activities.
    • Approximately 3% of businesses do not conduct identity verification procedures on recipients of personal information.

Disciplinary measures for businesses that submit opt-out notifications (9)

  • Examples of inappropriate behavior
    • Business Planning Ltd.
      • They sold the list to scalpers and did not create records.
    • Chuo Business Services Co., Ltd.
      • They did not keep a record of the names or addresses of the recipients.
    • Free Business Co., Ltd.
      • No checks were made when the information was received, and no records were kept.

Regulations Concerning Opt-out Notification Businesses (10)

  • Examples of personal information illegally taken out
    • Case A
      • An employee of the third subcontracted company illegally copied data from the resident register and sold it to a list company.
    • Case B
      • Customer information was illegally obtained and sold to a list broker.
    • Case C
      • He illegally took customer information and sold it to a list broker.
    • Case D
      • Personal data was illegally taken and sold to a list broker.

Disciplinary measures for businesses that submit opt-out notifications (11)

  • Frequently Asked Questions
    • Isn't the very fact that the sale of name lists is permitted a problem?
    • In many cases, when you contact list providers, they refuse your request or the request to suspend service is not implemented.
Pin

Leave a comment

This site uses Akismet to reduce spam.For details of how to process comment data, please click here.