Japan’s My Number Data Security Compliance

Thales eSecurity can help organizations comply with data security regulations governing storage and use of Japan’s My Number data

APAC Map

Regulation

Active now

Japan My Number Compliance

Japan’s Personal Information Protection Act (PIPA) requires protection of citizens’ personal data against leakage, loss, or damage; supervision of employees handling the data; and supervision of third parties entrusted with the data.

Thales eSecurity can help organizations comply with the relevant data security regulations through:

  • data-at-rest encryption;
  • granular privileged access controls;
  • Monitoring authorized accounts to detect compromise.
Japan My Number Compliance
Regulation Summary

The data security requirements for businesses handling data associated with an individual’s Japanese “My Number” are governed primarily by Japan’s “Personal Information Protection Act (PIPA).”

These include:

  • Taking necessary and proper measures for the prevention of leakage, loss, or damage, and for other security control of personal data
  • Exercising necessary and appropriate supervision over the employees handling the data to ensure the security control of the personal data
  • Exercising necessary and appropriate supervision over any persons of organizations entrusted with the data to ensure the security control of the entrusted personal data
Vormetric Transparent Encryption

The gold standard for preventing leakage or loss of data is transparent encryption with integrated key management. Thales eSecurity adds data access controls and security intelligence to create a robust data security solution to help organizations collecting and using My Data information meet PIPA regulations.

Encryption and Key Management is critical to safeguarding data, because it ensures that if the data is breached it will be meaningless and worthless to those who retrieve it. Encryption key management’s role is essential, because if the cybercriminal has the keys, he or she has access to data in the clear. So best practice is for the organization that owns the data to maintain control of the keys. For example, if the data owner uses a cloud service provider, the data owner should retain within its own organization control of the keys. Best practice is also for the data-owning organization to encrypt the data before sending it to the cloud.

Vormetric’s Transparent Encryption with Integrated Key Management from Thales eSecurity provides strong, centrally managed, file, volume and application encryption combined with simple, centralized key management that is transparent to processes, applications and users.

Vormetric Tokenization with Dynamic Masking

The Vormetric Token Server (VTS) from Thales eSecurity is a VM download that can be deployed as a virtual appliance. It provides application-layer tokenization that uses APIs to allow communication between the application and the tokenization server. An example use case could be for protecting a credit card or driver's license number in an application running on a Web server. When the sensitive data is entered, the app will send the number to the tokenization server via a REST API. The token server creates a 'token' that replaces the original data, which is then encrypted and placed in a token vault to provide an additional layer of security. The token is then returned to the app server in place of the original credit card number or driver's license. VTS also includes dynamic data masking, which can tie in with AD or LDAP directories and serve data as clear text or partial clear text based on the user's role.

Security Intelligence

Security Intelligence is essential to knowing if the system is working and is, again, an expected best practice.

Vormetric’s Security Intelligence offering provides logs that capture access attempts to protected data, providing high value security intelligence information that can be used with a Security Information and Event Management (SIEM) solution and for threat identification and data security compliance reporting.

Other key data protection and security regulations

Philippines Data Privacy Act

GDPR Thumbnail

Regulation

Active now

The Philippines Data Privacy Act adopts international principles and standards for personal data protection and apply to the processing of personal data across both government and private sector.

Learn More

South Korea’s PIPA

GDPR Thumbnail

Regulation

Active now

One of the strictest data protection regimes in the world, it is supported by two pieces of sector specific legislation related to IT and communications networks and the use of credit information.

Learn More

Australia Privacy Act

eIDAS

Regulation

February 2018

Australia's Privacy Act establishes a mandatory requirement to notify the Privacy Commissioner and affected individuals of data breaches. It will take effect on February 22, 2018.

Learn More
Contact a Compliance Specialist Contact Us
Are you fit for GDPR Take our readiness assessment now
Read the Compliance and Regulations Solutions Handbook Read the eBook
Guarda la nostra demo interattiva Esplora
Richiedi una demo Live Richiedi
Contatta un esperto Contattaci