Fragile Protection of Our Information by Companies
“We want to apologize for leaking your personal information…” This is the email message that I received from a Japanese company the other day. A couple of days ago, the company sent out an e-newsletter containing the email addresses of all recipients. The recipients were able to see the email addresses of others. Some showed full names and company email addresses, and my name was there.
Main Causes of Personal Information Leaks
Personal customer information is leaked and stolen not only by outside criminals, but mostly by company insiders. A 2007 survey by the Japan Network Security Association found that the main cause of personal information leaks was ‘mismanagement’ (20.5% of total incidents), followed by ‘information lost or misplacement’ (20.4%), and then ‘operational mistakes’ (18.2%). Information leakage caused by worms or viruses amounted to only 8.3%.
Why is Personal Information Leaked from Inside?
Personal information has been leaked or stolen mainly because the Personal Information Protection Act is not completely understood yet. Some people are not sure about what they should do to obtain contact information from customers. Some school administrators wonder whether they should get the permission of students to create an emergency contact list or not. Ironically, government offices have had incidents of personal information being lost and even stolen. For instance, in January the Osaka City Office mistakenly uploaded personal information of citizens onto their website. In April, a tax office in Yamaguchi prefecture misplaced a CD-ROM that contained information of taxpayers. It may take time to reduce such incidents as the law only came into effect three years ago. In the meantime, outside criminal may still look to companies and offices to steal personal information.
It does not take long for companies to lose their customers’ information, but the spread of such leaked information could be endless. Following the incident I experienced, I have become more cautious about whom I give my personal information.
August 22 2008 01:06 pm | Technology and Weekly Articles
Ken on 29 Aug 2008 at 8:19 PM #
You make a great point about the law not being well understood, which creates quite a bit of confusion. It’s actually fairly short and easy to understand, and should be read by those whose positions bring them into contact with personal information.
The biggest issue with the law might be that it specifies no punishment for those who break it. Without some sort of punishment in place, there’s not much motivation for compliance. Breaking the law might certainly lead to bad PR and a loss of customers, but we’ve not yet seen any serious legal consequences attached to it.