Japan tightens personal data protection

Next month many companies throughout Japan, including foreign companies, will have to comply with legislation that sets out new rules for handling personal data.

The Personal Information Protection Law, effective April 1, applies to any company with offices in Japan that holds personal data on 5,000 or more individuals, according to Kazuhito Masui, an attorney at Shiba International Law Offices, a major international law firm based in Tokyo.

Personal data as defined by the law includes a person’s name, address, date of birth, sex, home and/or mobile phone numbers and also a person’s e-mail address if that address is recognizably the person’s name. The 5,000 minimum includes company employees, Masui said in an interview last week.

The law states a set of obligations for companies handling personal data, and Japan’s Ministry of Economy Trade and Industry (METI) has issued a set of guidelines on how to maintain data security, he said. Companies must designate a manager called a corporate privacy officer (CPO) and other staff to be responsible for meeting the provisions, and the law also sets fines of up to