---

Get familiar with
Japan’s privacy policy

On April 1, sweeping legislation regarding personal privacy went into effect in Japan. Called the Personal Information Protection Act, the legislation was developed after a number of events regarding the loss of personal information in the high-tech sector. Among the most high profile was the case involving Yahoo BB, the broadband Internet service provider arm of the popular search engine. In this case, the personal information of 4.5 million customers was leaked.

The law that went into effect provides stiff penalties for violators -- up to six months in prison for executives of firms that breach the rules. Any firm that provides online services to consumers in Japan needs to understand this legislation.

The Japan law is unlike similar U.S. privacy legislation in its approach. In the United States, the law varies from industry to industry. There are privacy laws for financial institutions and different laws for health care providers. There are even different laws for video rental stores. Furthermore, state law affects privacy.

"In the U.S., we have a 'sectoral' approach to privacy legislation," says Mike Hintze, senior attorney for legal and corporate affairs at Microsoft. "Japan, by contrast, has followed the approach taken in Europe, Australia, South Korea, Hong Kong and others by adopting a comprehensive privacy law that applies to all personal information."

The legal changes in Japan haven't stopped the string of high-profile incidents, though. In April, Japanese police arrested a 41-year-old employee of NTT DoCoMo on suspicion of stealing the personal data of about 25,000 users.

Stealing the data almost seems like it would have been an impossible mission. The man was one of only 254 NTT DoCoMo employees with access to the room. Everyone who enters or leaves the room must pass an iris biometric test and is recorded on one of six video cameras. Glass walls surround the room and security IDs and passwords are necessary to operate the computers.

The room was designed to keep the bad guys out, though, not prevent authorized employees from stealing data. Thus, despite these security measures, he was able to download the user data onto a portable memory device.

Given the attention that personal privacy is getting in Japan, it is important that every business entity in Hawaii with a Japanese-language Web site review the new legislation. The law firm of Proskauer Rose has made an English translation of critical elements of the Personal Information Protection Act and it can be found on its Web site at www.proskauer.com/hc_images/JapanPersonalInformationProtectionAct.pdf