For companies, compliance should not be
merely a matter of observing the minimum requisite laws.
The idea behind it is not the passive one of simply refraining
from legal violations in order to avoid fines and other
penalties. It must be fully understood as encompassing
ethics, morals, and business rules as well as laws, and
taken as a subject for positive-minded action in accordance
with these dictates.
In our view, proactive steps that go beyond the letter
of the law help to deepen the company's credibility among
customers, shareholders, employees, suppliers, and all
other parties with a stake in it.
We regard our acquisition of the Privacy Mark certification
for protection of personal information as a significant
step in this direction.
Policy on protection of personal information
As a software developer of medium standing, we carry
out (mainly core) software development and system construction
on consignment from clients. We are keenly aware that
protection of both client and in-house personal information
is a key agendum bearing on the safety of life, health,
and assets. In line with this awareness, we regard protection
of personal rights and interests, and response to the
trust placed in us by our clients, as matters of paramount
importance. We shall therefore strictly observe the
stipulations of the Personal Information Protection
Law and other pertinent laws and regulations (including
ordinances, cabinet orders, ministerial orders, guidelines,
circulars, judicial precedents, and theories), and properly
handle all personal information.
1. Purpose of use
We shall collect, use, and provide personal information
(on our employees, the employees of our partners, and
on clients) only within the scope required for our business,
hiring, and personnel management.
2. Proper acquisition
We shall limit the acquisition of personal information
to the scope required for attainment of the aforementioned
purpose, and apply proper means in it.
3. Provision to third parties
We shall rigorously manage personal information as strictly
confidential, and shall not provide it to any third
parties, whether directly or indirectly, unless we have
received the permission of the person in question in
advance or are required to do so by laws or regulations.
4. Management of safety
We shall establish proper information security and take
both necessary and suitable measures to assure it. We
shall lay down internal rules for each stage of related
activity (e.g., acquisition and use), see that all employees
know them, and periodically provide instruction in them.
For our clients and suppliers, we shall clearly define
obligations and responsibilities in contracts, and otherwise
take proper supervisory steps to see that personal information
is safely managed. In addition, we shall strive to prevent
improprieties such as illegitimate access, omission,
destruction, falsification, and leakage, and take corrective
measures as necessary.
5. Continuous improvement
We regularly review and continuously improve our compliance
program for protection of personal information.
6. Education
We shall notify all regular and contracted employees
of this policy, strive to educate and enlighten them
about its implications, and endeavor to deepen awareness
of the need to protect personal information.
7. Review
We shall conduct reviews concerning protection of personal information (including this policy) every year and swiftly make revisions as necessary.
1 April 2005 (revised 25 January 2006)
Hiroyasu Ishida
President, Bip Systems
Administrative Division 03-3464-1061
|
