Protection of Private Information (Article 17)

List of Issues:

  1. Is there any plan to enact a law to restrict the circulation of private information held by the private sector? If yes, what are its particulars? If no, what kind of preparations has the government been making to enact a Private Information Protection Law for the private sector?

  2. The Act for Protection of Computer Processed Personal Data Held By Administrative Organs, which came into force in October, 1990, is said to have been virtually unused for requesting the release of the requester's own personal information which is held by administrative organs in order to make corrections to that personal information. Is there any plan to amend the Private Information Protection Law for Administrative Organs? If yes, what would be the particulars of the amendment? If no, is there any proposal to correct the current state of affairs in which the law is not being used?

Background:

  1. There is no law in Japan to restrict the circulation of private information held by the private sector, in other words, a Private Information Protection Law.

    In reality a mass of private information has been accumulated, maintained, controlled, and used by the private sector, especially consumer credit information which is collected and used by the banking, insurance and credit card industries. Because there is no Private Information Protection Law, there are always rumors that private credit information is being brought and sold among industries. A recent example of an especially malicious case came to light when it was found that the customer management data of a major city bank was being collected onto floppy disks and compact laser disks and traded within the industry -- this became a criminal case (The Sakura Bank customer data circulation incident).

    However, outside of such malicious cases there are no controls, and there is always the danger that an individual's privacy is being violated. Enactment of a Private Information Protection Law for the private sector is necessary, and it must include restrictions on the purposes for which personal data is collected, prohibitions on usage that does not meet that purpose, prohibitions on offering the information to others, the right to request release of one's own personal information, and the right to have personal information corrected. Nevertheless, the Japanese government is not seeking to enact such a law.

  2. As mentioned in the 3rd Periodic Report by the Japanese government, as well as in the present 4th Report, the Act for Protection of Computer Processed Personal Data Held by Administrative Organs was enacted in December 1988, and became effective from October 1990. However, this Act has several problems, and it barely functions to guarantee the rights stipulated in article 17 of the Covenant.

    According to the fiscal 1995 report by the Management and Coordination Agency, there were 607 requests for the requester's own personal information from 14 files within 21 department agencies and 3 organizations, but most of these requests were for the files of departing and returning Japanese held by the Ministry of Justice, and the Act was hardly utilized in any other cases. Moreover, there were no requests for corrections of recorded data.

    As already stated in the previous alternate report by the JCLU (the 1993 Counter Report Concerning the Present Status of Human Rights in Japan), the Act is hardly utilized because of its restrictive elements which are as follows:

    1. The Act only targets computer processed information, and hand processed information is not subject to its regulations. Violations of the right guaranteed by article 17 of the Covenant can occur whether the information is processed by computer or by hand. In particular, at the stage at which information is being collected the danger of rights being violated is the same with both types of information -- computer processed or hand processed. The government accumulated a massive amount of private information before the introduction of the computer, but this type of information is completely outside of the range of the Act's regulations. This situation does not fulfill the purpose of article 17.

    2. It is difficult for citizens to know what private information the government possesses. The Act has a wide range of exceptions that allow the government not to tell anyone whether or not it maintains certain personal information files. This makes it difficult for citizens to learn what private information is held by the government, and severely limits requests for the release of one's own private information.

    3. In answer to the right to request the release of one's own private information, there are a wide range of reasons which enable the government to decide not to release such information.

    4. The right to request the correction, addition, or deletion of private information is not recognized by law. The Act recognizes requests for correction and the like, but does not recognize that there are such legal rights. Therefore, whether or not there should be a correction, or the method in which it is to be done, is all left to the government to decide. This violates article 17, which provides for the protection of individual's privacy.

    Furthermore, it is not prohibited to collect an unlimited amount of information on social status or family origin that can be a cause of social discrimination, and information regarding individuals' thoughts, beliefs, and faiths.

    Regarding these problems, is the government seeking to amend the Act in order to solve them? If not, is the government satisfied that the current law is not being used, or do they have any proposals for its improvement?
sals for its improvement?