Sanno Park Tower 12F (Reception) and 14F,
11-1, Nagatacho 2-chome, Chiyoda-ku,
Tokyo 100-6114, Japan

Tokyo Metro Ginza Line: G06 Tameike-sanno Station, Exit 7 (directly accessible through the second basement)

Tokyo Metro Nanboku Line: N06 Tameike-sanno Station, Exit 7 (directly accessible through the second basement)

Tokyo Metro Chiyoda Line: C07 Kokkai-gijido-mae Station, Exit 5 (3 minutes’ walk)

Tokyo Metro Marunouchi Line: M14 Kokkai-gijido-mae Station, Exit 5 (10 minutes’ walk through Chiyoda Line platform)



Hiroyasu Kageshima delivered a lecture on the Personal Information Protection Act.

Available Period: From 10:00 Thursday, September 15, 2022 through 17:00 Monday, October 17, 2022
Sign-up Deadline: Tuesday, October 04, 2022
Venue: Online

The Basics and Practical Operations to Address the Personal Information Protection Act

~ Samples of privacy policies and consent language will be distributed ~

Outline of the Seminar

The 2020 Amendment to the Personal Information Protection Act was enforced on April 1, 2022. In this seminar, the lecturer explains what companies should do, so that companies can confirm there are no omissions. Specifically, the lecturer explains which parts of privacy policies must be revised and what language should be used for such revision or for obtaining consent with respect to cross-border transfers or individual-related information, by referring to actual cases. The lecturer also examines the use of pseudonymized information in business based of specific data.


1. Tighter regulations regarding the acquisition and use of personal information

 (1) Designation of the purpose of use

 - How to describe the purpose of use to analyze information

 (2) Prohibition on inappropriate use

 - What is “inappropriate use”?

2. Safety control measures

 (1) External Environment

 (2) Obligation to report leakage, etc.

 - Relationship with suspension of use/deletion, etc.

 (3) Clauses to be included in contracts with service providers

3. Provision to a third party

 (1) Distinction between provision to a third party and outsourcing

 (2) Tighter regulations on cross-border transfers

 - How to explain the personal information protection legislation

 - Points with respect to revising the provisions of the Data Transfer Agreement (DTA)

 (3) Matters that need to be addressed when a transfer is not considered as “provision” (such as the use of PaaS)

4. Rights of the principal

 - Amendments

 - Practice of identification of the principal when responding to requests for disclosure, etc.

5. Providing “individual-linked information”

 - Cookies and “individual-linked information”

 - Acquisition of attribute information from public DMP and new regulations

 - Language for obtaining consent

6. Pseudonymized information

 - What is pseudonymized information?

 - Related regulations

 - In what situations can it be used?

 - Shared use of pseudonymized information