Lax data security seen at many Japanese companies

IDG News Service - A Japanese government report published yesterday says at least 40% of companies surveyed are taking no special measures to ensure the privacy and security of personal data stored on computers.
Results of the survey were included in the government's annual White Paper on Information and Communications in Japan, which was published by the Ministry of Public Management, Home Affairs, Posts and Telecommunications (MPHPT). It comes after several incidents in the past year in which personal information on customers, sometimes numbering into the millions of people, has been leaked or stolen from Japanese companies.
Around 2,000 companies and 300 public organizations and educational establishments were surveyed for the report, and responses were received from around 900. They were asked about measures being taken at an organizational level, such as staff training on how to handle such information, and at a technical level, such as restricting employee access and encryption of data.
In the area of structural and organizational measures, the largest positive response came when companies were asked if they had clarified the purpose for which the information was being used and collected. Just under a quarter of companies said that this was being or had been done. Just over one-fifth of responses, or 21%, said internal staff training had been enhanced to include instruction on handling of personal information and 16.7% of companies said they had narrowed the amount of information requested from customers.
Only 14.4% of companies said they had appointed a person in charge of protecting personal information, and 10.5% of companies said they had a privacy policy. In the area of organizational measures, 37.2% of companies said they are taking no special measures.
Asked about technical measures, the responses weren't vastly different. Just over 27% of companies said they were managing the ability of staff to use personal information, and 21.7% said they ensured physical destruction of data when PCs were disposed of. Companies that maintained a history of what information was used, and when, numbered 15.5%.
Only 1.1% of companies said they had a system in place to detect intrusions into databases holding personal information, and 5% said they encrypted data when it was being stored or transported. Just under 42% of companies said no special technical measures were being taken.

Japan has seen a number of cases in which personal information has been leaked from major companies so far this year.
One of the biggest involved broadband Internet provider Softbank BB Corp., which said last February that data on 4.5 million customers, including their names,

Reprinted with permission from

IDG.net
Story copyright 2009 International Data Group. All rights reserved.