Lax data security seen at many Japanese companies

A Japanese government report says at least 40% of companies surveyed are taking no special measures to ensure the privacy and...

A Japanese government report says at least 40% of companies surveyed are taking no special measures to ensure the privacy and security of personal data stored on computers.

Results of the survey were included in the government's annual White Paper on Information and Communications in Japan, which was published by the Ministry of Public Management, Home Affairs, Posts and Telecommunications (MPHPT). It comes after several incidents in the last year in which personal information on customers, sometimes numbering into the millions of people, has been leaked or stolen from Japanese companies.

Around 2,000 companies and 300 public organisations and educational establishments were surveyed for the report and responses were received from around 900, it said. They were asked about measures being taken at an organisational level, such as staff training on how to handle such information, and at a technical level, such as restricting employee access and encryption of data.

Only 14.4% of companies said they had appointed a person in charge of protecting personal information and 10.5% of companies said they had a privacy policy. In the area of organisational measures, 37.2% of companies said they are taking no special measures.

Only 1.1% of companies said they had a system in place to detect intrusions into databases holding personal information and 5% said they encrypted data when it was being stored or transported. Just under 42% of companies said no special technical measures were being taken.

Japan has seen a number of cases in which personal information has been leaked from major companies so far this year.

One of the biggest has involved broadband Internet provider Softbank BB, which said last February that data on 4.5 million customers, including their name, address, telephone number, e-mail address, Yahoo e-mail address or ID and broadband service application date, had been obtained by people outside of the company.

Martyn Williams writes for IDG News Service

Read more on IT risk management