Protecting Customer
Information

Protecting Customer Information Protecting Customer Information

We rigorously manage and monitor security to safeguard customer information from leaks and cyberattacks and to provide our customers secure products and services.

Protecting personal information

SoftBank gives significant consideration to human rights with the handling of personal information in accordance with the Act on the Protection of Personal Information and other legal frameworks in Japan. We are a corporate member of an accredited personal information protection organization (Japan Data Communications Association) and adhere to the Personal Information Protection Guidelines for telecommunications businesses, taking the lead in protecting customer privacy.

Governance

The CISO, which is composed of members appointed by the Board of Directors, takes the role of the personal information protection officer to implement the Personal Information Protection Management System - Requirements (JISQ15001). When the personal information protection officer receives a request regarding personal information from an administrative authority, the officer is responsible for confirming the validity of the request. In accordance with laws and regulations, we obtain the consent of the individual concerned before providing the person’s information to a third party.

Personal Information
Protection Management System

In order to prevent personal information-related human rights violations, SoftBank follows the Personal Information Protection Management System, limiting the acquisition, use and provision of human rights-related information, and carrying out regular risk assessments regarding the appropriate use of such.

When a risk is detected, we take appropriate action and follow up by monitoring and making constant improvements to minimize the risk. If a human rights violation occurs in relation to personal information, we promptly investigate and implement necessary corrective actions. If a human rights violation occurs in relation to personal information as a result of providing that personal information to a third party, we take necessary measures, including, but not limited to, setting up a point of contact to offer remediation to the individual concerned.

Reports

In fiscal 2020, there were no leaks of personal information, use of personal information for other purposes (secondary purposes), complaints, or other legal violations reported to authorities or other parties. In the event of any legal violations, such as leaks of personal information, we will post an announcement on our website.

Rigorous
information management

Rigorous information management

SoftBank has established five-tiered security areas ranging from level 1 to 5 in our facilities, applying strict controls in accordance with each level. Levels 3 and above are considered “high-security areas.” Significantly important data, such as personal information and telecommunications secrets, are exclusively handled in these areas.

For example, in the Customer Support Center, which is designated as a high-security area, we strictly control security under the rules specifically designed for these areas, authorizing entry and exit to the facilities by security guards and passes, and keeping prohibited items from being brought in to the facilities.

Additionally, our operations fully adhere to ISO27001, the international standard for information security management systems. We undergo an external audit twice a year based on ISO27001 to confirm that our information security management is appropriately run, including compliance with our Privacy Policy.

[Note]
  • *
    Click here for more information on the scope of registration.

Security monitoring

  • Security monitoring Security monitoring

To protect our customers’ information and the equipment used to provide telecommunication services, security analysts are monitoring security at our Security Operation Center (SOC) 24 hours a day, 365 days a year.
As measures against cyberattacks, we monitor DoS attacks on our telecommunications service equipment and infiltration into devices connected to our equipment, detect malware infections of our employees’ computers and their access to unauthorized websites, and watch for attacks that could exploit vulnerabilities in our in-house systems. We also deter employees from stealing information and using unauthorized devices.

Protecting usage
environment of customers

We make a variety of efforts to provide our customers with comfortable experiences in their use of our mobile phone, smartphone and Internet services.

Security measures

We provide a variety of security measures to protect our customers from potential risks, such as viruses, spyware, and one-click fraud.

Viruses

Smart Security powered by McAfee® protects customers’ smartphones from being damaged by viruses. This service detects viruses that can infiltrate smartphones through installed applications, e-mail attachments, and microSD memory cards.

One-click fraud

SagiWall/Internet SagiWall detects dangerous websites, such as the ones designed for one-click fraud schemes, when customers use the Internet. This service constantly monitors websites being browsed and displays a warning screen when a user attempts to access a suspected dangerous website.

Security protection

BB Security is a service for the users of the “SoftBank Hikari” and “SoftBank Air” home Internet services that constantly maintains the latest security environment for their smartphones and computers.

Sniffing/Hacking

Security Checker protects customers’ smartphones when they are connected to a telecommunications network, such as through public WiFi, by keeping their important data and detecting risks such as sniffing and wiretapping.

Spam mail

To protect against malicious e-mails such as spam and fake bills unexpectedly sent to mobile phones or smartphones, we automatically examine the content of these e-mails based on our accumulated database of spam and provide our customers with spam filters that block the receipt of these kinds of e-mails. We have also set up a reporting center where our customers can report any spam e-mails they have received by simply forwarding them. When it is confirmed that they were sent from a SoftBank registered address, we may take strict measures against the address owner, including suspension or cancellation of our service.

Unauthorized access

There are increasing cases of malicious third parties gaining unauthorized access to personal information, such as bank account numbers, credit card numbers, and login IDs and passwords, after customer devices are infected with viruses or they access URLs in the bodies of e-mails. We are strengthening security to protect our customers' personal information by preventing stolen information from being used for unauthorized access to My SoftBank and My Y!mobile member sites, where they can manage their accounts.

Passcode

Customers can change their settings in such a way that the passcode they specified when signing the contract is required for logging into My SoftBank or My Y!mobile.

One-Time password

When a customer uses a payment option called SoftBank/Y!mobile Matomete Shiharai , SMS (e-mail) is sent to his/her phone with an authorization code. This code is valid for one time only, and is only known to the registered user.

Unauthorized access

In order to prevent unauthorized access, such as identity impersonation, when a customer attempts to use some options available on My SoftBank or My Y!mobile membership sites, we may send a SMS or e-mail to confirm his/her status in the of usage of our services.

Supporting corporate
customers’ security

SoftBank provides various security services tailored to the environments of our corporate customers.