Security News > 2004 > July > Lax data security seen at many Japanese companies

Lax data security seen at many Japanese companies
2004-07-08 10:54

http://www.computerworld.com/securitytopics/security/story/0,10801,94368,00.html By Martyn Williams JULY 07, 2004 IDG NEWS SERVICE A Japanese government report published yesterday says at least 40% of companies surveyed are taking no special measures to ensure the privacy and security of personal data stored on computers. Results of the survey were included in the government's annual White Paper on Information and Communications in Japan, which was published by the Ministry of Public Management, Home Affairs, Posts and Telecommunications (MPHPT). It comes after several incidents in the last year in which personal information on customers, sometimes numbering into the millions of people, has been leaked or stolen from Japanese companies. Around 2,000 companies and 300 public organizations and educational establishments were surveyed for the report and responses were received from around 900, it said. They were asked about measures being taken at an organizational level, such as staff training on how to handle such information, and at a technical level, such as restricting employee access and encryption of data. In the area of structural and organizational measures, the largest positive response came when companies were asked if they had clarified the purpose for which the information was being used and collected. Just under a quarter of companies said that this was being or had been done. Just over one-fifth of responses, or 21%, said internal staff training had been enhanced to include instruction on handling of personal information and 16.7% of companies said they had narrowed the amount of information requested from customers. Only 14.4% of companies said they had appointed a person in charge of protecting personal information and 10.5% of companies said they had a privacy policy. In the area of organizational measures, 37.2% of companies said they are taking no special measures. Asked about technical measures, the responses were not vastly different. Just over 27% of companies said they were managing the ability of staff to use personal information and 21.7% said they ensured physical destruction of data when PCs were disposed of. Companies that maintained a history of what information was used, and when, numbered 15.5%. Only 1.1% of companies said they had a system in place to detect intrusions into databases holding personal information and 5% said they encrypted data when it was being stored or transported. Just under 42% of companies said no special technical measures were being taken. Japan has seen a number of cases in which personal information has been leaked from major companies so far this year. One of the biggest involved broadband Internet provider Softbank BB Corp., which said last February that data on 4.5 million customers, including their names, addresses, telephone numbers, e-mail addresses and broadband service application date, had been obtained by people outside of the company. Leaks at other companies have also made local headlines this year. Cosmo Oil Co. leaked data on an estimated 2.2 million customers while tour operator Hankyu Express International Co. said data on more than 600,000 clients was leaked outside of the company. Credit card company Sanyo Shinpan Finance Co. leaked data on more than a million cardholders and fellow card-issuer Nippon Shinpan Co. said information on up to 100,000 of its clients was leaked. A poll of 159 major Japanese companies conducted by Kyodo News in April this year found that nearly one in 10 companies had experienced a leak or loss of customer personal information in the previous two years. The survey found 15 of the companies, or 9.4%, said data relating to 260,000 customers, including their names, addresses and phone numbers, was leaked. "It is likely that there will be a higher dependancy on networks and a higher possibility of leaks," said Takaaki Saeki, deputy director of the MPHPT's economic research office. "This might affect confidence therefore companies will need to take further measures to protect information." Indeed, much of the rest of the white paper highlights the broadening of Japan's network society. Broadband subscribers in Japan, who numbered around 15 million at the end of 2003, enjoy the world's cheapest Internet access, the report said, quoting a recent survey by the International Telecommunication Union (ITU). Ranked by price per 100k bps (bits per second) of bandwidth per month, Japan leads the world at 9 cents, thanks to high-speed, low-price services. Penetration of mobile Internet services is also the highest in the world at 89.5% of all mobile phone users. Just under 17 million people had third-generation (3G) mobile phones at the end of April of this year and more than 60% of mobile phones in use have a digital camera function, the report said. _________________________________________ Help InfoSec News with a donation: http://www.c4i.org/donation.html


News URL

http://www.computerworld.com/securitytopics/security/story/0,10801,94368,00.html