[ISN] Lax data security seen at many Japanese companies

From: InfoSec News (isn@private)
Date: Thu Jul 08 2004 - 03:54:36 PDT


By Martyn Williams
JULY 07, 2004 

A Japanese government report published yesterday says at least 40% of
companies surveyed are taking no special measures to ensure the
privacy and security of personal data stored on computers.

Results of the survey were included in the government's annual White
Paper on Information and Communications in Japan, which was published
by the Ministry of Public Management, Home Affairs, Posts and
Telecommunications (MPHPT). It comes after several incidents in the
last year in which personal information on customers, sometimes
numbering into the millions of people, has been leaked or stolen from
Japanese companies.

Around 2,000 companies and 300 public organizations and educational
establishments were surveyed for the report and responses were
received from around 900, it said. They were asked about measures
being taken at an organizational level, such as staff training on how
to handle such information, and at a technical level, such as
restricting employee access and encryption of data.

In the area of structural and organizational measures, the largest
positive response came when companies were asked if they had clarified
the purpose for which the information was being used and collected.  
Just under a quarter of companies said that this was being or had been
done. Just over one-fifth of responses, or 21%, said internal staff
training had been enhanced to include instruction on handling of
personal information and 16.7% of companies said they had narrowed the
amount of information requested from customers.

Only 14.4% of companies said they had appointed a person in charge of
protecting personal information and 10.5% of companies said they had a
privacy policy. In the area of organizational measures, 37.2% of
companies said they are taking no special measures.

Asked about technical measures, the responses were not vastly
different. Just over 27% of companies said they were managing the
ability of staff to use personal information and 21.7% said they
ensured physical destruction of data when PCs were disposed of.  
Companies that maintained a history of what information was used, and
when, numbered 15.5%.

Only 1.1% of companies said they had a system in place to detect
intrusions into databases holding personal information and 5% said
they encrypted data when it was being stored or transported. Just
under 42% of companies said no special technical measures were being

Japan has seen a number of cases in which personal information has
been leaked from major companies so far this year.

One of the biggest involved broadband Internet provider Softbank BB
Corp., which said last February that data on 4.5 million customers,
including their names, addresses, telephone numbers, e-mail addresses
and broadband service application date, had been obtained by people
outside of the company.

Leaks at other companies have also made local headlines this year.  
Cosmo Oil Co. leaked data on an estimated 2.2 million customers while
tour operator Hankyu Express International Co. said data on more than
600,000 clients was leaked outside of the company. Credit card company
Sanyo Shinpan Finance Co. leaked data on more than a million
cardholders and fellow card-issuer Nippon Shinpan Co. said information
on up to 100,000 of its clients was leaked.

A poll of 159 major Japanese companies conducted by Kyodo News in
April this year found that nearly one in 10 companies had experienced
a leak or loss of customer personal information in the previous two
years. The survey found 15 of the companies, or 9.4%, said data
relating to 260,000 customers, including their names, addresses and
phone numbers, was leaked.

"It is likely that there will be a higher dependancy on networks and a
higher possibility of leaks," said Takaaki Saeki, deputy director of
the MPHPT's economic research office. "This might affect confidence
therefore companies will need to take further measures to protect

Indeed, much of the rest of the white paper highlights the broadening
of Japan's network society.

Broadband subscribers in Japan, who numbered around 15 million at the
end of 2003, enjoy the world's cheapest Internet access, the report
said, quoting a recent survey by the International Telecommunication
Union (ITU). Ranked by price per 100k bps (bits per second) of
bandwidth per month, Japan leads the world at 9 cents, thanks to
high-speed, low-price services.

Penetration of mobile Internet services is also the highest in the
world at 89.5% of all mobile phone users. Just under 17 million people
had third-generation (3G) mobile phones at the end of April of this
year and more than 60% of mobile phones in use have a digital camera
function, the report said.

Help InfoSec News with a donation: http://www.c4i.org/donation.html

This archive was generated by hypermail 2.1.3 : Thu Jul 08 2004 - 06:57:44 PDT