Host: Business Research Institute
Date: Tuesday, July 19, 2022, 13:30-17:00
Venue: Seminar room at Business Research Institute/Online
Reworking of Internal Systems/Rules and Practical Measures Concerning Information Management
Reworking of Internal Systems/Rules and Practical Measures Concerning Information Management ~ The lecture covers the establishment of internal rules and points of employee education based on laws, corporate legal responsibilities, guidelines, etc. concerning information security ~
About the Seminar
Leakage of trade secrets and personal information, which are the source of companies’ competitiveness, does not seem to end, and the frequency of cyberattacks aimed at specific companies, such as ransomware, is running rampant. It is a pressing task for many companies to rework their internal systems/rules concerning information management.
In this seminar, the lecturer clarifies the laws concerning information security that have been amended or revised in response to recent events and corporate legal responsibilities that may be imposed under the said laws. The lecturer also explains in a practical manner (based on various guidelines, etc. drawn up pursuant to the relevant laws) about systems and rules that should be examined to minimize the risk of information leakage, and presents sample company regulations and points of employee education.
Contents
1. Recent trends surrounding cases of information leakage and the necessity to rework existing information management systems
(1) Leakage of trade secrets ~ Smuggling of manufacturing technology, research data, customer information, etc.
(2) Leakage of personal information ~ Mismanagement, erroneous operation/cyber-attacks, data leakage from systems
(3) Cyberattacks ~ Ransomware, targeted e-mail attacks
(4) Legal obligations regarding information management that we can learn from judicial precedents
2. Laws, guidelines and practical measures for preventing the leakage of personal information
(1) Essential points on “safety control measures” under the Personal Information Protection Act ~ based on the Guidelines and Q&A
– Specific safety control measures (acknowledging organizational, personal, physical, technical or external environments) and the approach that should be taken
– Practical matters to note in the supervision of outsourced companies (provisions concerning further subcontracting, compensation for damages upon leakage)
(2) Company regulations (samples) and practical measures based on the Act and the Guidelines
3. Laws, guidelines, handbooks and practical measures for the protection of trade secrets
(1) Double checking the Unfair Competition Protection Act ~ Three requirements for being treated as trade secrets and penal provisions
(2) Points on the “Unfair Competition Prevention Act”
(3) Practical information management based on the “Guidelines for the Management of Trade Secrets”
– Specific examples of secret management measures (print media, electronic media, no use of any media, etc.)
– Measures for “employees, etc.,” “retirees, etc.,” “business connections” and “outsiders” described in the Handbook
(4) Company regulations (samples) and practical measures
– Tips for formulating “information management rules”
– Validity of non-competition clauses after retirement (regulations that are highly likely to be considered valid/invalid)
4. Realistic actions against cyberattacks and internal misconduct
(1) Responses based on “Cybersecurity Management Guidelines”
(2) A system to prevent internal misconduct
(3) Points for creating a system based on the “Secret Information Protection Handbook”
(4) Rules for responding to incidents
5. Establishment and integration of internal rules for information management
(1) How to integrate separately stipulated regulations for trade secrets and those for personal information
(2) Points on practical operations for stocktaking information assets
6. Review of systems and rules concerning information management, and points on employee education
(1) Review of systems and rules concerning information management
– Intensified monitoring and review and preparation of a written pledge and confidentiality agreement
– Company rules for using personal cellular phones/smart phones for business purposes (BYOD rules), etc.
– Regulations for addressing information leakage
(2) Points on effective employee education
– Raise management and employee awareness (enlightenment through consideration of actual cases and the amount of damages incurred by companies, punishment imposed on employees and class actions) – Providing systematic and ongoing education and training for enhancing awareness and preparing training tools, curricula and manuals