Host: SHOJIHOMU Co., Ltd.
Available period: Thursday, May 26, 2022, 10:00 – Tuesday, July 26, 2022, 17:00 (Sign-up deadline: Tuesday, July 19, 2022, 17:00)
Venue: Webinar
Learn in Three Hours: The Basics and Practical Operations to Address the Personal Information Protection Act
The Personal Information Protection Act sets forth rules that are relevant not only to B2C companies but also B2B companies when they conduct business. Even if personal information is not the subject of the business, the Act should be observed in terms of relationships with employees and business partners. In addition, the utilization of company-held data in business has been increasing, particularly, in recent years, and personal information must come to mind first when thinking of such data.
This lecture aims at helping the listeners grasp the points for observing the rules under the Personal Information Protection Act and for making the most of personal information as data. For that purpose, the lecturer first explains the basic core ideas and then explains the actual measures to take in situations assumed by the Act so that the listeners can understand how to respond to such situations.
Along with the changes in values and technologies in this globalized society, rules surrounding the data called “personal information” continue to develop. Through this lecture, please learn the basics of the Act that enable you to keep up with future changes.
Main topics:
I. What is the Personal Information Protection Act?
1. To begin with, what are the rules for? ~ Protect individuals’ rights and interests while considering the usefulness of information ~
2. Essential keywords ~ “Personal information” and “personal data” ~
3. Differences from so-called “privacy”
4. What is the Personal Information Protection Commission?
5. Relationship with international rules, and distinctiveness of Japanese rules
6. Rules that should be observed together with the Personal Information Protection Act
II. Points to be checked situation by situation
1. “Acquisition”
– Specification and notification, etc., of the purpose of use ~ Placing advertisements by analyzing browsing history ~
– Change of the purpose of use ~ Is it possible to subsequently add direct mail as a purpose? ~
– Inappropriate acquisition ~ Is it unlawful to obtain information for which the information provider has not obtained consent? ~
2. “Use”
– Prohibition of use for other purposes
– Prohibition of inappropriate use ~ What is the risk of facilitating wrongful acts? ~
3. “Saving/management”
– Safety control measures ~ Cases where it is necessary to study foreign personal information protection legislation ~
– Supervision of outsourced companies ~ Points to be checked in the provisions of the service contract ~
– Actions to take in the event of leakage ~ Situations that require notification to the principals ~
4. “Provision”
– Provision to a third party ~ Is consent necessary for sharing information internally? ~
– Outsourcing ~ Basis of the distinction between outsourcing (which does not require consent) and provision to a third party (which requires consent)
– Shared use ~ Is it okay to share personal data obtained in the past? ~
– Provision to a third party in a foreign country ~ What to state on the screen when requesting consent ~
5. Exercise of rights by a principal
– Items of retained personal data to be disclosed
~ Use of cloud services and posting the privacy policy ~
– Request for disclosure ~ How to respond to a principal’s request to disclose all of his/her personal information ~
– Request for suspension of use, etc.
~ How to respond to a principal’s request to delete all of his/her personal information ~
6. Company rules and privacy policy
– Personal information handling regulations – Privacy policy
