Japan's Personal Information Protection Act report

This report displays issues found on your site concerning Japan's Personal Information Protection Act. Many web application vulnerabilities might lead to security breaches of personal information, directly or indirectly, and might be considered as violations of the regulation.

Why it matters

This law was adopted because of the dramatic expansion in the use of Personal Information in conjunction with the development of high-level information communication in modern society. For companies doing business in Japan, this Act protects individuals' rights and welfare while preserving the usefulness of personal information.

It also explicitly states the duties of the national government and local public entities, as well as sets forth obligations to be upheld by businesses which handle Personal Information.

  • Personal Information - as used in this law means information that relates to living individuals and which can be used to identify specific individuals by name, date of birth, or other description (including that which can be easily compared with other information and thereby used to identify specific individuals).
  • Businesses Handling Personal Information - refers to a person who uses Personal Information Databases for business operations, excluding the exempt entities.
  • Principal - as used with respect to Personal Information refers to a specific individual identified by Personal Information.
  • Entities Exempted from the law: (1) Broadcasting institutions, newspapers, news agencies and other reporting organs (including individuals such as freelancers whose business is reporting) using personal information for reporting purposes. (2) Authors using personal information for the purpose of producing literary works. (3) Colleges, universities and other academic institutions using personal information for the purpose of academic studies. (4) Religious organizations using personal information for the purpose of religious activities. (5) Political organizations using personal information for the purposes of political activities.