Hiroyasu Kageshima delivered a lecture titled “Reworking of Internal Systems/Rules and Practical Measures Concerning Information Management.”

The outline of the lecture is as follows:

Host: Business Research Institute

Date: Wednesday, November 17, 2021, 13:30 – 17:00

Venue: Seminar room at Business Research Institute or Online

Lecturer: Hiroyasu Kageshima

Reworking of Internal Systems/Rules and Practical Measures Concerning Information Management

~ The lecture covers the establishment of internal rules and points of employee education based on laws, corporate legal responsibilities, guidelines, etc. concerning information security ~

Leakage of trade secrets and personal information, which are the source of companies’ competitiveness, does not seem to end, and the frequency of cyber-attacks aimed at specific companies is running rampant.  It is a pressing task for many companies to rework their internal systems/rules concerning information management.

In this seminar, the lecturer clarifies the laws concerning information security that have been amended or revised in response to recent events and corporate legal responsibilities that may be imposed under the said laws.

The lecturer also explains in a practical manner (based on various guidelines, etc. drawn up pursuant to the relevant laws) about systems and rules that should be examined to minimize the risk of information leakage, and presents sample company regulations and points of employee education.

1. Recent trends surrounding cases of information leakage and the necessity to rework existing information management systems
(1) Leakage of trade secrets ~ Smuggling of manufacturing technology, research data, customer information, etc.
(2) Leakage of personal information ~ Mismanagement, erroneous operation/cyber-attacks, data leakage from systems
(3) Cyber-attacks ~ Targeted email attacks, rampant indiscriminate attacks
(4) Legal obligations regarding information management that we can learn from judicial precedents
2. Laws, guidelines, handbooks and practical measures for the protection of trade secrets
(1) Double checking the Unfair Competition Protection Act ~ Three requirements for being treated as trade secrets and penal provisions
(2) Points on the “Unfair Competition Prevention Act”
(3) Practical information management based on the “Guidelines for the Management of Trade Secrets” and the “Secret Information Protection Handbook”
　- Specific examples of secret management measures (print media, electronic media, no use of any media, etc.)
　- Measures for “employees, etc.,” “retirees, etc.,” “business connections” and “outsiders” described in the Handbook
(4) Company regulations (samples) and practical measures based on the Act, the Guidelines and the Handbook
　- Identification of information assets as the basis for company regulations, the method for such identification, the establishment of an internal organization system, and the dissemination thereof to employees
　- How to organize various regulations such as “confidential information management regulations,” “document management regulations” and “personal information handling regulations”
　- Validity of non-competition clauses after retirement (regulations that are highly likely to be considered valid/invalid)
3. Laws, guidelines and practical measures for preventing the leakage of personal information
(1) Essential points on “safety control measures” under the Personal Information Protection Act ~ based on the Guidelines and Q&A
　- Specific safety control measures (organizational, personal, physical or technical) and the approach that should be taken
　- Practical matters to note in the supervision of outsourced companies (provisions concerning further subcontracting, compensation for damages upon leakage)
(2) Company regulations (samples) and practical measures based on the Act and the Guidelines
4. Realistic actions against cyber-attacks
(1) Responses based on “Cybersecurity Management Guidelines”
(2) Practical matters to note based on actual incidents
5. Establishment and integration of internal rules for information management
(1) How to integrate separately stipulated regulations for trade secrets and those for personal information
(2) Points on practical operations for stocktaking information assets
6. Review of systems and rules concerning information management, and points on employee education
(1) Review of systems and rules concerning information management
　- Intensified monitoring and review and preparation of a written pledge and confidentiality agreement
　- Company rules for using personal cellular phones/smart phones for business purposes (BYOD rules), etc.
　- Regulations for addressing information leakage
(2) Points on effective employee education
　- Raise management and employee awareness (enlightenment through consideration of actual cases and the amount of damages incurred by companies, punishment imposed on employees and class actions)
　- Providing systematic and ongoing education and training for enhancing awareness and preparing training tools, curricula and manuals