Personal Information Protection Principles
- *Please note that this document is an unofficial translation and was prepared for reference purpose only. The original release is in Japanese.
SoftBank Corp. and WILLCOM OKINAWA, Inc. (hereafter collectively called “SoftBank”) works for implementation of the following matters to ensure full compliance with “Act on the Protection of Personal Information”, “Act on the Use of Numbers to Identify a Specific Individual in the Administrative Procedure”, “Guideline concerning Protection of Personal Information in Telecommunications Business”, “Guidelines for proper handling of Specific Personal Information (for private entities)”, “Personal Information Protection Management Systems – Requirements” (JISQ15001) and others to protect personal information.
1. Strengthened employees' training
Provide all of SoftBank employees and temporary staffers who handle personal data with training at least once a year as well as create learning materials on personal data handling to distribute to all of SoftBank employees and temporary staffers.
2. Establishment of internal rules
for the handling of personal data
We will establish internal regulations regarding the handling of personal data and clearly state our policy regarding the handling of personal data. In addition, we will ensure that everyone in the company is aware of our strict stance against leaks of personal data and in the event of a leak, we will take appropriate measures, including disciplinary action, based on the employment regulations.
3. Placement and enhanced functions
of “chief privacy officer”
Build up a structure with visible roles to comply with laws and guidelines, develop relevant company rules, build up an audit structure and oversee the handling of personal data as well as place “chief privacy officer” to appoint CISO as such officer.
4. Implementation of appropriate
information security measures
In order to prevent leakage, loss, or damage of personal data and for other safe management of personal data, we will take necessary and appropriate measures such as managing access to personal data, restricting the removal of personal data and taking other measures to prevent unauthorized access from outside. In addition, personal data will be retained for the necessary period of time to achieve the purpose of use (including the time period required by law).
5. Outsourced operations
- (1)Outsource, in some cases, all or part of its personal data handling operations in sales of various services, response to customers' inquiries, facility maintenance, tariff-related works, marketing tasks and other related works.
- (2)Fully examine the eligibility of outsourcing agents when concluding outsourcing agreements. Further, set out safety management measures, confidentiality, terms of subcontract and proper handling of personal data in such outsourcing agreements and oversee SoftBank's outsourcing agents in an appropriate manner by regularly monitoring outsourced operations.
In addition, SoftBank complies with article 4 of the telecommunication business law concerning the secrecy of communication and other relevant regulations when providing third parties including outsourcing agents with telecommunication subscribers' information for those outsourced operations.
- (3)Use personal data provided by an outsourcer in association with the acceptance of outsourced operations to the extent necessary for the purpose of the agreement with such outsourcer.
6. Setup/Enhancement of audit structure
Set up an audit structure which enables SoftBank to internally audit whether personal data is properly protected.
Further, study the implementation procedures for an access log-based audit because it is considered to be effective to detect a person who leaks personal data as early as possible and to prevent possible leaks from occurring with such restraining effects.
7. Proper acquisition, use, provision
and announcement of personal information
Upon acquiring personal information, SoftBank legally and fairly obtains personal information by means of application forms, web site or verbal explanation upon clarifying the purpose of use of such personal information. Upon using and providing personal data, and upon announcing retained personal data, SoftBank properly performs the act by considering details and a scale of business.
If SoftBank receives personal information from a third party, SoftBank complies with the laws regarding the protection of personal information, respects the philosophy of personal information protection of the provider, Will be handled according to the conditions stipulated in the contract concluded between the two.
8. Continuous improvement of personal information
Continuously attempt to review/improve the activities stated in paragraph 1 through 7 above.
SoftBank may revise all or a part of the present “Personal Information Protection Principles”. In the event of a material change, SoftBank announces it on its official web site in an easily comprehensible manner.
“Personal Information Protection Principles”
“Personal information”, “personal data” and “retained personal data” in “Personal Information Protection Principles” means those words that are defined in the Act on the Protection of Personal Information, and the target doesn't matter whether it is the customer of SoftBank, employees of business partners or of SoftBank. “Personal Information Protection Principles” applies, unless otherwise stated in each paragraph, to all personal information acquired by SoftBank, and to all personal data managed by SoftBank.
- This Personal Information Protection Principles shall be enforced from April 1, 2005.
- Revised on June 9, 2021
- Please click here (Japanese) to find the previous revised rules.
President & CEO