March 10, 2021 Measures (Administrative Guidance) against Rakuten Mobile, Inc. for Thorough Protection of Personal Information and Secrecy of Communications

Today, the Ministry of Internal Affairs and Communications (MIC) gave administrative guidance in writing to Rakuten Mobile, Inc. (headed by YAMADA Yoshihisa, Representative Director and President) regarding the leakage of personal information and secrecy of communications that it caused. In the administrative guidance, MIC instructed Rakuten Mobile, Inc. to thoroughly protect the confidentiality of personal information and the secrecy of communication, to promptly take measures including recurrence prevention measures, and to report the result of the implementation thereof.

1. Background

According to a report from Rakuten Mobile, Inc., on its service named Rakuten Link application, Rakuten Mobile found a case of personal information leakage (Case 1) in October 2020, and a case of personal information and secrecy of communications leakage (Case 2) in November 2020, respectively. Rakuten Mobile investigated the causes and considered recurrence prevention measures, and submitted a final report on both cases on February 16, 2021.
In Case 1, the information (registered name, profile image, and contact information) registered by users who already canceled the line subscription was viewable on the said application to new line subscribers who were given the same numbers.
In Case 2, other users’ information (sending and receiving call history, registered name, profile image, phonebook, chat history) was viewable to users who newly started using the said application while the system was being rebooted for maintenance for the functional enhancement of the said application.

2. Details of the Measures

In both cases, Rakuten Mobile, Inc. violated the security control action obligation stipulated in Article 20 of the Act on the Protection of Personal Information (Act No. 57 of 2003) and Article 11 of the Guidelines for Protection of Personal Information in Telecommunications Business (MIC Notice No. 152 of 2017). Furthermore, it is recognized that the leakage of the secrecy of communications stipulated in Article 4, Paragraph 1 of the Telecommunications Business Act (Act No. 86 of 1984) occurred in Case 2. Therefore, today, MIC gave this administrative guidance in writing to Rakuten Mobile to drastically review its system, business management, security control measures, supervision of contractors, training for its employees, contractors, etc., and to strive to prevent a recurrence.
MIC will continue striving for necessary guidance and supervision to ensure the proper handling of personal information held by telecommunications carriers.

Contact

For further information about this press release, please fill in the inquiry form and submit it to MIC on the website
https://www.soumu.go.jp/common/english_opinions.html

International Policy Division, Global Strategy Bureau, MIC

TEL: +81 3 5253 5920

FAX: +81 3 5253 5924