Measures to be Taken pertaining to Thorough Proper Management of Personal Information for NTT Docomo, Inc., KDDI Corporation and Softbank Mobile Corp. (Administrative guidance)

1.Outline of cases

  According to the reports from NTT Docomo, Inc., KDDI Corporation and Softbank Mobile Corp. (hereinafter “three mobile-phone carriers”), employees of their trustees leaked illegally-obtained personal information on customers managed by the respective companies using customer information management system terminals and provided third parties with said personal information in each trustee.
 

2.Content of measures

  These cases violate the obligation of security control measures and the obligation of supervision as prescribed in the Act on the Protection of Personal Information (Act No.57 of 2003) and the Guidelines for the Protection of Personal Information in the Telecommunications Business (MIC Notice No.695 of 2004). Therefore, on November 9, 2012, the MIC requested the three mobile-phone carriers in writing to commit to preventing reoccurrence by thoroughly reviewing state of security control measures for the handling of personal information, state of supervision and audit of trustees such as agents, and state of trainings provided to employees of trustees, etc.
  The MIC will continue to provide necessary instruction and supervision in order to ensure the proper handling of personal information held by telecommunications carriers.