We use cookies on this website. By using this site, you agree that we may store and access cookies on your device Read More Got it!
logo
  • Home
  • Products
    • Secure Drive Wiping SoftwareSecurely Erase Data From HDDs & SSDs in PC, Mac & Server
    • Bulk Drive Erasure Over Network Erase Loose Drives, PC, Laptop & Servers Over A Network
    • Mobile Wiping & Diagnostics Software Erase & Diagnose iOS® & Android® Simultaneously
    • File Eraser SoftwarePermanently wipe files and folders, and erase traces of apps & Internet activity.
  • Solutions
    • Enterprise & SMBWipe hard drives, laptops, desktops, Mac® devices, mobile phones & rackmount storage.
    • Managed Service Provider & SIGlobally trusted data wiping & diagnostic solutions to augment your managed services competences
    • Government Attain Compliance by Securely Erasing Data on HDDs & SSDs in PC, Mac, Laptops, Servers & Mobile Devices.
    • ITAD & Refurbisher Bulk erase loose drives, laptops, desktops, Mac devices, rackmount storage & mobile devices with centralized control.
    • Individual & Home User Safeguard invasion of privacy at the time of disposing old PC, laptop & mobile phone
  • Resources
    • CertificationsBitRaser - Tested & certified by multiple International Bodies
    • Reports & Certficates Tamper proof erasure reports & certificates to help meet audit trails
    • Data Erasure StandardsGlobal erasure standards that help you comply to international laws & regulations
    • Technical Articles Series of articles to help understand data erasure & diagnostics
    • Product FactsheetExplore in-depth details of the features, benefits..
    • Deployment Get instructions on using BitRaser for wiping PC..
    • Case Studies Read Our Customer Case Studies Illustrating The Real-World Usage In Diverse Business Scenarios.
    • Frequently Asked Questions (FAQs) Our Top FAQs That Will Help You Get Answers To Your Questions.
    • Blog Gain Latest Insights Into Data Erasure, Data Protection, Privacy And Regulations.
  • Partners
  • Products

    CASE STUDIES

    The best way to know about our solution is to read our customer case studies illustrating the real-world usage in diverse business scenarios.

    Read All Case Studies

    • Secure Drive Wiping Software
      Securely Erase Data From HDDs & SSDs in PC, Mac & Server
    • Bulk Drive Erasure Over Network
      Erase Loose Drives, PC, Laptop & Servers Over A Network
    • Mobile Wiping & Diagnostics Software
      Erase & Diagnose iOS® & Android® Simultaneously
    • File Erasure Software
      Permanently Wipe Files & Folders, Erase Traces Of Apps & Internet Activity
  • Solutions

    BITRASER® DATA ERASURE SOFTWARE

    Efficient, Easy & Permanent Wiping Of Sensitive Data Across Storage Devices. Guaranteed Data Privacy.

    Learn More

    • Enterprise & SMB
      Wipe Hard Drives, Laptops, Desktops, Mac® Devices, Mobile Phones & Rackmount Storage.
    • Managed Service Provider & SI
      Globally Trusted Data Wiping & Diagnostic Solutions To Augment Your Managed Service Competences.
    • Government

      Attain Compliance by Securely Erasing Data on HDDs & SSDs in PC, Mac, Laptops, Servers & Mobile Devices.

    • ITAD & Refurbisher
      Bulk Erase Loose Drives, Laptops, Desktops, Mac Devices, Rackmount Storage & Mobile Devices.
    • Individual & Home User
      Safeguard Invasion Of Privacy At The Time Of Disposing Old PC, Laptop & Mobile Phone.
  • Resources
    • Product Certifications
      BitRaser - Tested & certified by multiple International Bodies
    • Sample Reports & Certificates
      Tamper proof erasure reports & certificates to help meet audit trails
    • Data Erasure Standards
      Global erasure standards that help you comply to international laws & regulations
    • Technical Articles
      Series of articles to help understand data erasure & diagnostics
    • Product Factsheets
      Explore in-depth details of the features, benefits and specifications of our variants.
    • Deployment
      Get Instructions On using BitRaser for wiping PC, Mac, hard drives, mobile devices & files.
    • Case Studies
      Read our customer case studies illustrating the real-world usage in diverse business scenarios.
    • Frequently Asked Questions (FAQs)
      Our Top FAQs That Will Help You Get Answers To Your Questions.
    • Blog
      Gain latest insights into data erasure, data protection, privacy and regulations.
  • Partners
  • +1-844-775-0101
  • Submit Enquiry

Japan's APPI Act - An Insight

  • author image

    Written By Pravin Mehta linkdin

  • calender

    Updated on April 22, 2021

  • clock

    Min Reading 3 Min

Data privacy and compliance concerns are rising on an exponential level. Enterprises as well as government agencies have become extra cautious while dealing with data- it’s security concerns, its collection, sharing and usage, in order to prevent any material, financial, penal and/or reputational damages. Data protection and processing come under various international and federal statutes. Japan’s APPI is one such law whose compliance by an organization would mean that such an entity has a stringent privacy policy adhering to all cybersecurity measures and physical safeguards that are necessary to protect the PII (Personally Identifiable Information) & other sensitive data of an individual.

The Act on the Protection of Personal information (APPI) is the JAPANESE DATA PROTECTION LAW that became a statute in 2003. It is deemed as Asia’s first data protection law. The act saw extensive reforms in 2015 to meet the existing data protection trends as Japan was grappling with a series of high profile data breaches. The law is like the EU’s GDPR in few respects. It covers entities beyond Japan’s national borders as long as they provide goods and services to Japan.

The Amended Act on the Protection of Personal Information (‘Amended APPI’)

When major data breaches and cybercrimes started rocking the world, different countries came up with stringent data protection laws. This made Japan’s existing APPI inadequate to deal with modern-day cybercrimes. Hence, the Amended Act on the Protection of Personal Information had to be introduced in 2017. The Personal Information Protection Commission (PPC) was established as the authority for data protection in Japan.

Read Complete Infographic
Close Infographic

Data Protected Under APPI

The amended APPI mentions two types of data as protected by the law, namely “Personally Identifiable Information (PII)” and information under the “Special Care Required” category.

a) Personally Identifiable Information

PII refers to all kinds of data that helps in identifying a unique individual. Items covered in this category include, but are not limited to:

  • Name
  • Address
  • Date of Birth
  • Email Address
  • Biometric Data
  • Numeric details such as Driving License Number or Passport Number that may identify a person

b) Special Care Required Information

This category covers personal information that may cause discrimination among individuals. Information covered under this category include, but is not limited to:

  • Racial/Ethnic Identification
  • Religious Beliefs
  • Medical History
  • Marital Status
  • Criminal Record/s

Companies need to secure the data owner’s permission before transferring any of this data to any third party inside or outside Japan.

Amendments Proposed By the PPC In 2019

The PPC proposed a series of amendments again in 2019, which are laid out as under:

a) Extending the rights of data subjects to suspend or delete data even if a company has not misuse it.

b) Extending the APPI to also cover data that will be deleted within six months.

c) Allowing data subjects to demand the release of acquired data by digital means.

d) Making companies responsible to report data breaches to the PPC and the data subjects. Such breaches would include improper use of collected data beyond the stated purpose.

e) Starting an accreditation system to promote responsible data handling and voluntary reporting by companies.

f) Stricter penalties

On March 10, 2020, the Japanese Cabinet has approved the PPC’s proposal to amend the APPI. The amendment is scheduled to come into force in June 2020.

Key Revisions under Amended APPI

1. Applicable to All Private Entities

The law in its amended version is applicable to all businesses that handle personal data of individuals in Japan. However, the APPI applies only to private business operators. Japan has other laws to cover government agencies and undertakings.

2. No Minimum Limit on Database Size

Before the amendment, APPI applied only to business operators who had 5,000 or more individual databases. Any company with such a database (at least for a day in the previous six months) would be covered under APPI. The amended version has removed this restriction. Now APPI regulations are applicable to all businesses that handle personal information, irrespective of the size of the database.

3. Covers All Private Suppliers

The APPI covers all private suppliers of goods and services to Japan. It applies to companies located within the Japanese territory, as also those located outside. The law is like the EU’s GDPR in this respect. It covers entities beyond Japan’s national borders as long as they provide goods and services to Japan.

APPI Compliance – Key Requirements for Businesses

Companies in the purview of APPI must have an implementable privacy policy. The privacy policy must outline the purpose of possessing the data. All businesses must take adequate measures to ensure the security of online data and to develop mechanisms in place for handling data subjects’ requests.

1. Data Transfer Regulations

The APPI has strict provisions against transferring data within Japan. To transfer data to third parties inside Japan, prior consent of the data subject is necessary. The company must inform the data subjects of their intention so that those who want to opt out can do so.

The norms for transferring data outside Japan are even more stringent. Such transfers can happen only under the following conditions:

  • The receiving country practices data protection measures that match Japanese data protection standards.
  • The company transferring data must sign a contractual agreement with the overseas third party. The contract must obligate the third party to maintain an adequate level of data protection matching Japan’s standards.
  • Data subjects must give prior consent.

2. Anonymized Data

Companies are free to use anonymized data for statistical analysis without the express permission of data subjects. However, all markers that can identify any individual must be stripped first.

The company transferring such data is responsible for the anonymization. The company also has to ensure that the third party receiving the data is aware of the data being anonymized. Further, the company needs to make a public announcement of the data transfer.

3. Rights of Data Subjects

The APPI grants the right to data subjects to ask the purpose for which a company requires their data.

Individuals can ask for access to their personal information to correct or suspend it. Companies are also liable to provide information on where to lodge a complaint if a data subject wants to do so.

Data subjects have the right to suspend their data or demand companies to delete their personal information. These rights accrue if the data has been used for purposes beyond the declared purpose or if the data subject’s consent was secured through fraudulent or unfair means.

Penalties under APPI

The PPC contacts a company on receipt of a complaint and advises the business operator to correct the violation. If the company does not comply, then the PPC issues an administrative order. Individuals can also take a company to court if it fails to respond to APPI-based requests within two weeks.

Failure to comply with APPI regulations can result in financial penalties of up to JPY 100 million, which roughly translates to an approximate of around US$ 900,000. The penalty could also include imprisonment for up to a year.

Exemptions under APPI

  • Companies do not need prior permission of data subjects (who had already consented for such data collection) to transfer data to external service providers for data processing. However, the processing can only be for the purpose for which the data was collected.
  •  Prior permission is not necessary for the release of data due to legal requirements, or for matters concerning national security.

Erasure Technology for Data Anonymization

Anonymization of individual’s data is one of the key requirements of organizations to attain compliance with APPI. Data anonymization requires stripping of all markers that can identify an individual. Simple deletion of such markers or identifiers cannot ensure failsafe anonymization, as the deleted information can still be extracted and pieced together to surface individuals’ identities. Data erasure technology can facilitate a guaranteed solution for anonymization in line with APPI mandates.

Specialized data erasure software tools such as BitRaser can wipe clean sensitive and confidential information to help businesses fulfill the anonymization needs and thereby attain compliance with APPI and other global standard data protection regulations. BitRaser generates tamper-proof reports and certificate of erasure to serve as audit trails for meeting the regulatory compliance.

End-Note: APPI Amendment Strengthens Data Privacy & Compliance

Compliance with data protection laws and regulations under APPI is a non-negotiable aspect for companies falling under its purview. The law envisages data integrity at all costs by protecting the personal data of an individual. And for companies to ensure that their policies are fully compliant with APPI, they must procure specialized tools that can help in failsafe disposal of confidential data. The current surge in cybercrimes and mass data breaches has made professional media sanitization tools an inevitable need for all businesses. Secure disposal of unwanted sensitive data is a way to ensure that it is not accessed by any malicious source leading to non-compliance.

BitRaser is NIST Certified

See All Certifications

Related Articles

Everything You Need To Know About Data Erasure

June 13, 2022

Business Process Integration For Scaling ITAD business

Sept 30, 2022

Certificate Of Data Destruction And It's Importance

Jan 17, 2022


REACH US

Stellar Data Recovery Inc.

48 Bridge Street Metuchen, New Jersey 08840, United States

Call Us

+1-844-775-0101

Email Us

sales@bitraser.com

Follow Us

linkedin youtube

Useful Links

  • About Us
  • Legal Policy
  • Privacy Policy
  • Cookies Policy
  • Sitemap

NEWS AND EVENTS

  • News & Press Release
  • Events

PARTNERS

  • Our Partnership Models
  • Reseller
  • Distributor
  • OEM
  • ITAD

RESOURCES

  • Knowledge Series
  • Technical Articles
  • Knowledge Base
  • Blogs
  • Reports & Certificates
  • Download Brochure
  • Deployment
  • Product FactSheets
  • Case Studies
  • Our Clients
  • Residual Data Study

BitRaser® & Stellar Data Recovery are Registered Trademarks of Stellar Information Technology Pvt. Ltd. © Copyright 2023 Stellar Information Technology Pvt. Ltd. All Trademarks Acknowledged.

ISO Certified
NAID VENDOR
ERN VENDOR

Submit Enquiry

Submit Enquiry

Usage*:     Business   Personal
UaYjR

I understand that the above information is protected by Stellar's Privacy Policy.

RYfea

I understand that the above information is protected by Stellar's Privacy Policy.

Modal body..
24 Internationally Recognized Erasure Standards
NIST Clear
NIST-ATA Purge
US Department of Defense, DoD 5220.22-M (3 passes)
US Department of Defense, DoD 5200.22-M (ECE) (7 passes)
US Department of Defense, DoD 5200.28-STD (7 passes)
Russian Standard – GOST-R-50739-95 (2 passes)
B.Schneier’s algorithm (7 passes)
German Standard VSITR (7 passes)
Peter Gutmann (35 passes)
US Army AR 380-19 (3 passes)
North Atlantic Treaty Organization-NATO Standard (7 passes)
US Air Force AFSSI 5020 (3 passes)
Pfitzner algorithm (33 passes)
Canadian RCMP TSSIT OPS-II (4 passes)
British HMG IS5 (3 passes)
Zeroes
Pseudo-random
Pseudo-random & Zeroes (2 passes)
Random Random Zero (6 passes)
British HMG IS5 Baseline standard 
NAVSO P-5239-26 (3 passes) 
NCSG-TG-025 (3 passes)  
5 Customized Algorithms & more

Listening...