Press Release
2 University Plaza, Suite 414
Hackensack, NJ 07601
Phone: 201-996-1154 FAX: 201-996-1883
For Immediate Release
Press Contact:
Irene Oujo (201) 996-1154
ioujo@pandab.org
JAPAN PRIVACY RESOURCE ISSUES SPECIAL REPORT ON PERSONAL DATA LEAKAGES AND CONSUMER PRIVACY
How companies in Japan can reduce costs and regain customer trust
June 26 , 2004//Hackensack, NJ: The Japan Privacy Resource of the Center for Social and Legal Research has released a Special Report on Personal Data Leakages and Consumer Privacy. Authored by JPR director and recognized privacy expert Dr. Alan F. Westin, the Report analyzes the nature and incidence of personal data leakage by businesses in Japan and internationally, its rising cost to Japanese consumers and companies and the steps that businesses in Japan should take to reduce these costs and regain consumer trust. "Of course," says Dr. Westin, "personal data leakage is not unique to Japan, as shown by the recent theft of 92 million AOL-subscriber addresses and their disclosure to spammers. But the costs to businesses - in Japan has been much higher when compared with other countries."
The Japanese media has devoted extensive coverage to personal data leakages occurring across a range of industries, from finance and credit to travel, retail, medical and Internet. Apart from the massive and well-publicized leak of 4.5 million subscriber records by broadband Internet service provider Softbank, recent months have seen the release of 923,000 cardholder records by Cosmo Oil Company, over one million records of Sanyo Shinpan Finance customers, and 620,000 records relating to customers of the travel agency Hankyu Express International. These leakages have been attributed to a variety of causes, from hacking to inadequate database security to employee theft. Many have occurred after customer records were transferred to outside contracts for processing.
The cost of these leakages to both consumers and companies in Japan is high and rising. For example, some 370 Sanyo Shinpan customers lost a combined ¥110 million (around $990,000) paying fraudulent bills apparently generated using data lost in the leak. Even in the absence of proven harm, Japanese companies have made "apology" payments to customers after a leak, in the form of either redeemable vouchers for products and services or money orders. For example, in the wake of its massive subscriber data leak, the Softbank Corporation sent ¥500 vouchers to millions of its customers. Combined, "apology" payments have amounted to at least ¥5 billion ($51 billion) over the past two years.
Looking ahead to the April 2005 start of the Personal Information Protection Act, these costs are likely to increase as a result of data leakage lawsuits and hefty administrative fines. Already, three customers of the Softbank Corporation have filed against the company for increased compensation, and fourteen victims of a leak by the Kommy Company (owner of the Tokyo Beauty Center salon chain) have filed for damages of ¥1 million ($9,000) each. And administrative agencies such as the Ministry of Public Management, Home Affairs, Posts and Telecommunications, and the Financial Services Agency have been active in issuing orders to companies, such as Softbank, the ISP company ACCA Networks, and Citibank that have leaked customer data. These agencies will gain the ability to fine such companies up to ¥300,000 ($2,700) from April 2005.
Dr. Westin notes, "What is at stake here is the basic confidence and trust of Japanese consumers in their business community, in both the off and online environments."
To regain that confidence and trust, he suggests five essential steps businesses in Japan should take now to limit these costs and to regain customer trust. First, these companies should review and strengthen their internal data security programs. Then, they should consider outside testing and verification of their data security measures by an independent auditor. In addition, Japanese insurance companies, such as Sompo Japan Insurance, have recently introduced data leakage risk assessments and casualty insurance. Appointment of a Corporate Privacy Officer also sends a positive message to consumers and allows a company to coordinate its management of data privacy and security. Finally, a strong commitment to active, positive consumer privacy protection reduces the incidence of data leakage and, surveys have shown, gains consumer respect.
"Personal Data Leakages And Consumer Privacy: What Companies in Japan Should Do To Renew (and Deserve) Public Trust" can be downloaded free from the Japan Privacy Resource [http://www.privacyexchange.org/japan/dataleakreport.pdf]. The Japan Privacy Resource also offers a free monthly News Flash that draws on Japanese and English-language print media to gather the latest stories on data leakages, privacy litigation, new privacy laws and regulations, and other relevant material.
To obtain the monthly Japan Privacy NewsFlash by e-mail, please send your name, title, e-mail address and your organizations address to admin@privacyexchange.org. Please include "Japan NewsFlash" in the subject line of your e-mail. The information you provide will be used only for the purpose of registering you for the Japan Newsflash, and will never be sold or exchanged with any other organization without your permission.
About the Japan-U.S. Privacy and Data Protection Program
The Japan-U.S. Privacy and Data Protection Program was initiated in 1999 by the U.S. non-profit Center for Social and Legal Research (CSLR) to track and report developments in Japanese privacy and data protection. The Program is headed by internationally recognized privacy expert Dr. Alan Westin, Professor Emeritus of Public Law and government at Columbia University, author of Privacy and Freedom (1967) and Director of CSLR. The Programs advisors include Japans leading privacy expert, Professor Masao Horibe, U.S.-Asian privacy expert Russell Pipe, and Japanese business-strategy advisor Jun Sofue.
About the Center for Social & Legal Research
The Center for Social & Legal Research was organized in 1987 as a private, non-profit association of university scholars and social science researchers. Its purpose is to design, conduct and publish fieldwork-oriented studies of major social and legal issues facing the United States and other advanced industrial democracies. As it has evolved, the Center has also become a public policy think tank, studying the rising issues of consumer and employee/employer privacy and data protection issues both online and off in a new technological era.
The Center was organized by Dr. Alan F. Westin, a lawyer, political scientist and internationally recognized privacy expert and the author or editor of 26 books. Dr. Westin was joined in founding CSLR and its Privacy & American Business program by Washington lawyer and privacy expert Robert R. Belair, and by Lorrie Sherwood, Centers Executive Director.
###