Personal Information Protection Principles

[Note]
  • *
    Please note that this document is an unofficial translation and was prepared for reference purpose only. The original release is in Japanese.

SoftBank Corp. and WILLCOM OKINAWA, Inc. (hereafter collectively called “SoftBank”) works for implementation of the following matters to ensure full compliance with “Act on the Protection of Personal Information” (Act No. 57 of May 30, 2003) , “Act on the Use of Numbers to Identify a Specific Individual in the Administrative Procedure” (Act No. 27 of May 31, 2013), “Guideline concerning Protection of Personal Information in Telecommunications Business”, “Guidelines for proper handling of Specific Personal Information (for private entities)”, “Personal Information Protection Management Systems – Requirements” (JISQ15001) and others to protect personal information.

1. Strengthened employees' training

Provide all of SoftBank employees and temporary staffers who handle personal data with training at least once a year as well as create learning materials on personal data handling to distribute to all of SoftBank employees and temporary staffers.

2. Development of company rules concerning personal data handling

Ensure that tough stance of SoftBank against leakage of personal data is fully communicated in SoftBank as well as develop company rules concerning personal data handling to present a clear policy for handling of personal data.

3. Placement and enhanced functions of “chief privacy officer”

Build up a structure with visible roles to comply with laws and guidelines, develop relevant company rules, build up an audit structure and oversee the handling of personal data as well as place “chief privacy officer” to appoint information security manager as such officer.

4. Implementation of appropriate measures for information security

Implement necessary and appropriate measures to administer access to personal data, limit taking-out of personal data and prevent unauthorized access from outside with intent to prevent personal data from being leaked, lost or damaged and safely control personal data.

5. Outsourced operations

  • (1)
    Outsource, in some cases, all or part of its personal data handling operations in sales of various services, response to customers' inquiries, facility maintenance, tariff-related works, marketing tasks and other related works.
  • (2)
    Fully examine the eligibility of outsourcing agents when concluding outsourcing agreements. Further, set out safety management measures, confidentiality, terms of subcontract and proper handling of personal data in such outsourcing agreements and oversee SoftBank's outsourcing agents in an appropriate manner by regularly monitoring outsourced operations.
    In addition, SoftBank complies with article 4 of the telecommunication business law concerning the secrecy of communication and other relevant regulations when providing third parties including outsourcing agents with telecommunication subscribers' information for those outsourced operations.
  • (3)
    Use personal data provided by an outsourcer in association with the acceptance of outsourced operations to the extent necessary for the purpose of the agreement with such outsourcer.

6. Setup/Enhancement of audit structure

Set up an audit structure which enables SoftBank to internally audit whether personal data is properly protected.
Further, study the implementation procedures for an access log-based audit because it is considered to be effective to detect a person who leaks personal data as early as possible and to prevent possible leaks from occurring with such restraining effects.

7. Proper acquisition, use, provision and announcement of personal information

Upon acquiring personal information, SoftBank legally and fairly obtains personal information by means of application forms, web site or verbal explanation upon clarifying the purpose of use of such personal information. Upon using and providing personal data, and upon announcing retained personal data, SoftBank properly performs the act by considering details and a scale of business.

8. Continuous improvement of personal information protection-related activities

Continuously attempt to review/improve the activities stated in paragraph 1 through 7 above.

9. Revision

SoftBank may revise all or a part of the present “Personal Information Protection Principles”. In the event of a material change, SoftBank announces it on its official web site in an easily comprehensible manner.

Coverage of “Personal Information Protection Principles”

“Personal information”, “personal data” and “retained personal data” in “Personal Information Protection Principles” means those words that are defined in the Act on the Protection of Personal Information, and the target doesn't matter whether it is the customer of SoftBank, employees of business partners or of SoftBank. “Personal Information Protection Principles” applies, unless otherwise stated in each paragraph, to all personal information acquired by SoftBank, and to all personal data managed by SoftBank.

Supplementary provisions

  • This Personal Information Protection Principles shall be enforced from April 1, 2005.
  • Revised on October 1, 2006
  • Revised on December 25, 2006
  • Revised on June 25, 2007
  • Revised on April 1, 2008
  • Revised on April 1, 2010
  • Revised on August 5, 2011
  • Revised on April 1, 2015
  • Revised on July 1, 2015
  • Revised on October 23, 2015
  • Revised on May 30, 2017

Ken Miyauchi
President & CEO
SoftBank Corp.