Initiatives for Protecting Personal Information
Japan Post Insurance recognizes the importance of information security management and promotes measures to prevent the leakage or loss of information due to inappropriate handling and the leakage of information due to unauthorized access and to secure and manage personal information of customers.
In order to enhance our information security management systems, we have appointed the Executive Officer in charge of the Compliance Control Department as Chief Information Security Officer, or the CISO, and have established an Information Security Committee led by the CISO as the committee chairman and periodically hold meetings of the Information Security Committee.
The Information Security Committee discusses matters concerning policies in relation to information security management (including matters concerning the protection of personal information) and the maintenance and operation of information security management systems. The CISO reports material matters discussed at meetings of the Information Security Committee to the Management Committee and the Audit Committee.
Moreover, we manage information security on a company-wide basis through the Information Security Control Office established under the CISO, which is charged with overall control of information security, and the System Planning Department, which is charged with the management of system security. In addition, by designating an individual responsible for information protection in each division, we maintain systems to implement information security management at each division.
1. Compliance with laws and regulations
2. Purpose of using personal information
The Company specifies the purposes of using personal information and uses this information solely for achieving these purposes.
The Company may use personal information for the following purposes.
- Underwriting, renewing and maintaining and managing various insurance policies, and making claims and benefits payments
- Notifying and providing various products and services, including those of its subsidiaries and business partners, and maintaining and managing contracts
- Providing information on and operating and managing the Company’s business, and enhancing its products and services
- Other operations related or attached to the insurance business
Specific personal information, that means personal information that includes the individual numbers, in particular, is to be used by the Company solely for purposes prescribed by laws. The Company may use specific personal information for the following purposes.
- Administrative procedures related to preparation of payment records for insurance transactions
- Administrative procedures related to tax exemption for asset formation insurance policies
3. Acquisition of personal information
The Company acquires personal information, within the scope necessary to attain the purposes listed above, using methods that are legal and proper.
4. Security measures for management of personal information
Fully recognizing that the Company acquires and uses customers’ healthcare records and individual numbers in undertaking the life insurance business, the Company implements appropriate security management measures to prevent leaks, losses or alterations of personal information it handles.
In addition, the Company properly supervises employees and outsourcing parties.
5. Provision of personal information to external parties
Except in cases where required by laws, the Company does not supply personal information to third parties without the prior consent of each individual.
In cases where two or more Group companies share the same personal information, this sharing is performed only after providing prior notice or public announcements of items required by laws.
In addition, the Company does not supply specific personal information to third parties except when required by laws.
6. Procedures for requesting disclosure of personal data
The Company responds in a sincere manner in cases where there are requests for the notification of the purpose of use or for the disclosure, correction or termination of use of personal data as prescribed by laws.
7. Points of contact for inquiries
Inquiries and requests regarding disclosure and other uses of personal data can be made to designated points of contact.
8. Continuous improvements
The Company constantly reviews and improves its management and handling methods for the protection of personal information in response to advances in information technology and shifts in social demands.