Suddenly, I came across something that brought back a lot of memories. It was the minutes of the Information Collaboration Platform Technology Working Group meetings that had been held since the beginning of 2011.Access hereAvailable
| To consider matters related to the personal information protection mechanisms in the social security and tax number system and the national ID system (hereinafter referred to as "both systems").Personal Information Protection Working GroupTo examine technical matters common to both systems.Information Collaboration Platform Technology Working Groupwere installed respectively. In addition, in order to specifically consider the implementation framework of information protection evaluation under both systems, a Personal Information Protection Working Group will be established.Information Protection Evaluation Sub-Working Grouphas been installed. |
□ Information Collaboration Platform Technology Working Group
○ Event status
| meeting | Day and time | Agenda and handouts | Agenda |
|---|---|---|---|
| XNUMXst | 2011 January 2 | Agenda and handouts | Agenda |
| XNUMXnd | 2011 January 3 | Agenda and handouts | Agenda |
| XNUMXrd | 2011 January 3 | Agenda and handouts | Agenda |
| 4th | 2011 January 4 | Agenda and handouts | Agenda |
| XNUMXth | 2011 January 6 | Agenda and handouts | Agenda |
| 6th | 2011 January 6 | Agenda and handouts | Agenda |
| meeting | Day and time | Event information | Agenda and handouts | Minutes |
|---|---|---|---|---|
| 7th | 2011 January 7 | Event information | Agenda and handouts | Minutes |
○Interim report of the Information Collaboration Platform Technology Working Group
| meeting | Day and time | Event information | Agenda and handouts | Minutes |
|---|---|---|---|---|
| XNUMXth | 2012 January 3 | Event information | Agenda and handouts | Minutes |
The members at that time were as follows. Professor Tezuka has finally become the Chairman of the Personal Information Protection Committee.
siryou2_2Around that time, Professor Yamaguchi was saying things like, "I'd like to carry a straw mat and go to the Ministry of Internal Affairs and Communications."
#If you don't record it will disappear
"Interim Report of the Information Collaboration Platform Technology Working Group" Briefing Materials
1.First of all
This briefing document is based on the "Interim Report" (hereinafter, this document) compiled by the Information-Linking Platform Technology Working Group (hereinafter, "WG") on July 23, 7, and summarizes the status of technical considerations and major issues regarding the information-linking platform for the social security and tax number system (My Number System).
2. Background to the Establishment of the Working Group and its Role
- Purpose: In preparation for the establishment of a number system for social security and taxation, technical studies will be conducted on the construction of an electronic information processing organization (information sharing platform) for the exchange of personal information related to "numbers" in information sharing between agencies.
- background:On January 23, 1, the Government and Ruling Party Social Security Reform Review Headquarters decided on the "Basic Policy on the Number System Related to Social Security and Taxation."
- Based on this basic policy, the "Personal Information Protection Working Group" and the "Information Collaboration Platform Technology Working Group" were established under the IT Strategy Headquarters Planning Committee.
- Since its first meeting on February 23, 2, the Working Group has held discussions a total of seven times.
- The "Social Security and Tax Number Outline" (April 4th) and the "Social Security and Tax Number Main Principles" (June 28th) have been formulated, and the number bill and other related bills are scheduled to be submitted to the Diet from this fall onwards.
- The nickname for the number has been decided as "My Number."
- Book status: The contents of the working group's study are in the conceptual design phase, and further study is required for the concrete system design in the future. However, for the purpose of budget requests, etc., the current contents of the study will be published as an "interim summary."
3. Role and Basic Concept of Information-sharing Platform
- role: It is a social infrastructure for verifying information on the same individual that exists at multiple institutions, and provides the basic functions for using "numbers" in fields related to social security and taxes.
- Important considerations: Security measures, protection of personal information, operational stability, cost performance, variability, scalability, and flexibility of systems and business requirements.
- Future Outlook: In the future, we also plan to consider broader information sharing with administrative sectors other than social security and tax, as well as with private organizations.
- Information sharing definition: A system in which information on the same person managed by multiple institutions using their own "numbers" or other numbers is linked and mutually utilized.
- Access Obligations: When sharing information, the use of an information sharing platform must be made mandatory by law in order to clarify the type and reason for sharing of personal information.
- Transparency: To ensure that only approved procedures have access to the information-sharing platform and to ensure the transparency of procedures, logs of information-sharing procedures will be properly managed.
4. Numbering, number linkage and information linkage for individuals
4.1. Basic thinking (based on the spirit of the Supreme Court's constitutional ruling)
The Outline states that, based on the spirit of the Supreme Court's constitutional ruling on the Basic Resident Registration Network System (Jumin Ki Net) (March 20, 3), the following requirements must be met.
- ① Privacy protection: "Everyone has the freedom not to have personal information disclosed or published to a third party without due cause."
- Countermeasures: A law will be put in place that prohibits the content of personal information related to "numbers" from being disclosed to others without due cause, and penalties will be established for providing such information without a legitimate reason.
- ② Avoidance of centralized management of information: "There is no institution or entity that can centrally manage personal information."
- Countermeasure: Personal information to be shared is stored in the database of the information-holding institution.Distributed ManagementIn the information sharing platform, the "number" that is widely used by "private-private-public" isNot used directlyInstead, it will be used only by the information sharing platform and the information-holding institutions.Signis used so that the code cannot be guessed from the "number."
- ③ Identification of purpose of use based on laws and regulations: "Management and use are based on laws and regulations and are carried out within the scope of legitimate administrative purposes."
- Measures: The types of business that can use the "number," the types of business that can use the information sharing platform, the types of personal information provided, the sources and recipients of the information, etc.Specified in law or ministerial ordinanceand identify the scope and purpose of use.
- Check access records on My Portal: It will be possible to check the records of access to personal information related to "numbers" through the information sharing platform on My Portal.
- ④ Ensuring system security: "There is no specific risk that information may be easily leaked from the system."
- Countermeasures: When sharing informationEncryption processTake sufficient security measures for the system, such as:
- ⑤ Strengthening penalties: "Any unauthorized use or leaking of secrets is prohibited by disciplinary action or criminal punishment."
- Measures: Strengthen penalties for the unauthorized use and collection of information by government officials, etc., and take measures to prevent unauthorized use and acquisition by private businesses, etc.Establishment of direct punishment provisionsPenalties for breach of confidentiality obligations will also be strengthened.
- ⑥ Establishment of a third-party organization: "By establishing a third-party organization, etc., we have taken institutional measures to ensure the appropriate handling of personal information."
- Measures: Supervise national administrative agencies, etc.Establishment of a third-party organization with guaranteed independenceTo do.
4.2. Basic mechanism for numbering and information sharing
- Number Generation: A new number is generated that corresponds one-to-one with the resident registration code, so that it cannot be logically traced back to the resident registration code. To prevent duplicate numbering, the number is generated by a single entity.
- Number provided: The information holding institution checks the four basic pieces of information it holds (name, address, date of birth, and gender) against the four basic pieces of information in the Resident Registration Network, then receives a "number" from the number generation institution and links it to the database.
- Identifier when sharing information: In order to dispel concerns about national control and the tracking and matching of personal information, the "visible number" will not be used as a direct identifier during information sharing. Instead, it will be used only by the information sharing platform and information-holding institutions.Signis used as an identifier.
- Code assignment: The codes are assigned to information-holding institutions by the information-sharing platform after the institutions cross-check the four basic pieces of information held by them with the four basic pieces of information in the Resident Registration Network.
- Four basic information synchronization: In order to verify the authenticity of the four basic pieces of information related to the "number" and code, information-holding institutions will endeavor to synchronize the four basic pieces of information with the Resident Registration Network as frequently as necessary.
4.3. Information sharing
- Relationship between "number" and code:The information sharing infrastructure requires a system that conforms to the intent of the ruling, such as ensuring that there is no institution that can centrally manage personal information and that personal information is not disclosed without permission.
- As a method for generating codes to be used in information sharing,Reversible encryption methodとCode conversion table methodTwo options were considered.
- The following five proposals were presented as identifiers for the subjects of information exchanged between information sharing platforms and information holding institutions.Plan 1, which uses the "number" directly, has a huge impact on security and privacyThis has been seen as problematic, and the "Outline" also indicates a policy not to directly use it.
- Information sharing based on laws and regulations: The types of affairs for which information-holding institutions can request information through the information-sharing platform, the type of information to be provided, and the sources and recipients of the information will be stipulated in the Numbering Act or its Cabinet Orders and Ministerial Ordinances.
- Exceptions in the event of a disaster: "Information sharing through the information sharing platform will be possible when permission is obtained from a third-party organization for special reasons, such as responding to extremely abnormal and severe emergency disasters," but specific methods will need to be considered in the future.
- Data transmission method: The data transmission method between the referrer and the referred information holding institution is via the information sharing platform.Gateway Methodand directly between each information-holding organization.Access Token MethodThe use case analysis was insufficient, so no decision was made at this time.
- No need for individual consent: The "Outline" states that the introduction of the number system will, in principle, not require the consent of the individual, but will stipulate the scope of use by law, etc., to prevent arbitrary use and to make the use procedures clear to the public in advance. However, if the consent of the individual is required for the exchange of highly sensitive personal information, etc., this will be stated in the law, etc.
5. Access Records
- Self-information control: A system will be established on My Portal that allows individuals to check access records related to the exchange of personal information through the information sharing platform at any time.
- Log contents: It must include the date and time, subject, type of information, legal basis, etc.
- Roles: Since access records also contain personal information, appropriate roles will be assigned between the information sharing platform and the information holding institutions. Processing logs related to information sharing will be managed in a distributed manner.
- Third-party viewing and analysis: A third-party organization (a committee whose purpose is to protect personal information under the number system) will have the authority to investigate and view access records stored by the information sharing platform and information holding organizations as necessary.
6. My Portal, IC Cards, etc.
6.1. My Portal
- role: This website will serve as a gateway to access information provided to the public, contributing to the realization of a society in which citizens have control over their own information.
- function:① Function to check access records for personal information related to one's "number"
- ② Function to verify personal information related to one's "number" held by each information holding institution
- ③ Function via electronic application (one-stop service)
- ④ Notification function from government agencies, etc. (push service)
- Information management: A strict management system and security measures are required. A system will be established to prevent the accumulation of personal information of users in user folders as much as possible.
- Login Authentication: Use the electronic certificate for authentication provided by the public personal authentication service. Also use the electronic certificate for signature when registering for the first time.
- Information retention: There are two ideas to be decided: collecting and storing information in advance, and collecting information from information-holding institutions after logging in. It is also necessary to consider a function to download information before logging out.
- One-stop service: We are considering a system whereby, for a typical service, a single electronic application would be submitted and the information would be sent to and processed by all necessary information-holding agencies.
- Proxy use: We are considering allowing legal representatives and voluntary representation in cases where it is difficult for the individual to request disclosure on their own.
- Away from home: We will consider various means of verification for those who do not have a computer at home or who have difficulty connecting.
6.2. IC Cards
- Purpose of grant: Used to log in to My Portal and to verify your identity in person and online.
- Details: The "number," name, address, date of birth, gender, and photograph will be considered.
- Matters of record: Items under consideration include the "number," private keys and electronic certificates for the public personal authentication service (for signing and authentication), information related to the Resident Registration Network, and functions to comply with ordinances.
- Improvements (as outlined):Authentication purposes have been added to the public personal authentication service.
- The validity period of electronic certificates has been extended from 3 years to 5 years.
- Expanded ability for private businesses to electronically verify identities as signature verifiers.
- To ensure the authenticity of the "number," the "number" is written on the face of the IC card and recorded on the IC chip.
- issue: The cards will be issued after strict identity verification at city or town offices, and will be improved while utilizing the current Basic Resident Registration Card and public personal authentication services.
7. Numbering of Corporations
- Numbering target: National government agencies, local governments, corporations recorded in the registry of a registry office, corporations without registration established under laws and regulations, and those deemed to be corporations with the obligation to report and pay national and local taxes.
- Numbering method: Corporations etc. with registration will be numbered based on the company legal entity number, while corporations etc. without a registration will be assigned a unique number.
- Change of Corporate Number: Due to the change in the system of corporate numbers, the corporate number will not change. Numbers that have been used once will not be reused.
- notify: The corporate number will be notified to the corporation in question in writing.
- Search and browse: The Corporate Number should be made public and used widely by both the public and private sectors. The numbering agency should provide a search and viewing service for the three basic pieces of information on corporations (trade name or name, head office or main office address, and corporate number) on its website.
- Relation to company code: The Corporate Number will be positioned as the basis for the development and utilization of corporate codes (corporate identification numbers), and efforts will be made to reduce the number of official documents required for administrative procedures. Corporate codes should have the following characteristics: comprehensiveness, uniqueness, consistency, non-reusability, openness, referentiality, and non-transferability.
8. Social Security Affairs
- Characteristics of the medical and nursing care sector: In the medical and nursing care fields, there are a large number of information-holding institutions (approximately 18 medical facilities and approximately 26 nursing care service facilities and businesses), and the amount of information exchanged is huge. In addition, this includes private medical institutions, etc.Special legal measuresAt the same time, we aim to make the system more efficient in terms of load and cost.Special technical designWe will consider doing so.
- Protection of sensitive information: With regard to the handling of particularly sensitive medical information, a special legal system will be established in conjunction with the Number Act, as a special law to the Personal Information Protection Act or the Number Act, that will stipulate special measures that take into account the sensitivity and characteristics of the information.
9. Points to note and schedule for future development
- Time constraints and caution: The overall schedule is tight, but because this is a new system that connects a wide range of institutions, careful consideration is required.
- Start small and prototype: We should aim to reduce total costs by starting small from what we can do and avoiding backtracking in design and development by developing prototypes and conducting demonstration experiments.
- Cost-effective: When designing and developing the technology for a system, etc., it is necessary to take into full consideration the cost-effectiveness.
- Future schedule (target outline): From autumn 23 onwards: The numbering bill and related legislation will be submitted to the Diet as soon as possible.
- After the bill is enacted: A third-party organization will be established as soon as possible and operations will commence.
- June 26: Individuals are issued a "number" and corporations etc. are issued a "corporate number."
- From January 27: Among the fields that use numbers, the use of numbers will begin to the extent possible in the fields of social security and taxation.
- Aiming for 30: Taking into account the enforcement status of the Numbering Act to date, a review of the Numbering Act, including an expansion of its scope of use, is being considered.
- Future challenges:Promptly proceed with use case analysis and identify necessary functions and performance requirements.
- Consider building an information sharing platform based on the type of information-holding organization (national government, local government, private organization) and the type and amount of information handled.
- We will study performance targets for information sharing platforms, etc., and ensure that processing performance is sufficient for practical use.
- Extract major system components and define an IT system structure that satisfies functional requirements.
- Consider security measures and business continuity measures (backups, etc.) as non-functional requirements.
10. Conclusion
The Working Group has been making repeated studies on the construction of an information sharing infrastructure, making use of the experience and knowledge of information technology experts. At present, the analysis of the scope of information sharing and specific use cases is insufficient, and the requirements for the functionality and performance required for the information sharing infrastructure have not yet been identified. Going forward, there is a strong demand to proceed with the analysis of use cases as soon as possible and for the government to vigorously proceed with the study on the construction of an optimal system.