-------- Original Message -------- Subject: JAPAN: Price of Personal Information Date: Thu, 04 Mar 2004 16:22:13 +0900 From: Naoki Yamamoto <naoki@private> Organization: Matatabi.com Inc. To: Declan McCullagh <declan@private> Declan, For Politech, if you like. Since Softbank confirmed the massive customer data leak last week, the value of personal information is getting a lot of attention. I hope the incident gives us a good opportunity to take another look at privacy and personal data protection in Japan. JAPAN: Price of Personal Information The Tokyo Police last week arrested three men on suspicion of trying to extort 3 billion yen (U.S. $28 million) from Softbank and seized DVD and CD disks that contain the entire Yahoo BB customer database. Yahoo BB(Broadband)is the leading DSL and IP telephone service provider in Japan, owned and operated by Softbank group companies (Softbank BB and Yahoo Japan). Softbank confirmed that information about 4.6 million customers had been stolen. Company President Masayoshi Son apologized for the breach and promised a 500-yen gift certificate to those customers whose personal data were taken. The database theft is thought to be an inside job, police said. The company and the police have analysed the access log for any suspicious access to the customer database but they so far cannot determine the source of the leak because the log was deleted after only a week until the company was first contacted by the suspects in January. Also, contrary to Softbank's initial statement last week, it has been revealed that there were thousands of temporary support persons who could look up and retrieve a large number of the customer data until sometime last year. Softbank BB announced the establishment of an advisory committee on the management of personal information yesterday. In protest, one of the Yahoo BB subscribers affected by the theft has put his personal data on Yahoo Japan Auction (operated by another Softbank group company). He is selling his name, street address, telephone number, email address, and Yahoo Japan ID. As of Thursday, there are over 300 bidders and the highest bid is 1,509,000 yen (more than U.S. $13,700). The seller describes the goods as used/leaked but in good condition, and easily duplicated due to their digital nature. He wrote that he sold his personal data because he wanted Softbank to understand the seriousness of the leak and to take steps necessary to protect personal data. The seller also said the 500-yen gift certificate is insufficient. Any proceeds from his auction, he said, will go toward the cost of suing Softbank. In a similar case, the Supreme Court awarded a judgement of 10,000 yen (U.S. $90) per person. In that instance, the Uji city resident data leak case, names, addresses, genders, and birth dates were stolen and sold on the Internet by a city contractor who built a database for the city. -- Naoki Yamamoto <naoki@private> in Yokohama, Japan Gpg Fingerprint = B2A7 2A11 C50B DCC4 83EB 9311 607A FAE9 386B F070 Public Key available from <http://www.matatabi.com/naoki_pubkey.html> _______________________________________________ Politech mailing list Archived at http://www.politechbot.com/ Moderated by Declan McCullagh (http://www.mccullagh.org/)
This archive was generated by hypermail 2b30 : Fri Mar 05 2004 - 06:31:13 PST