Home > Procedure (New Applications) > Application Requirements

Application Requirements

Private enterprises eligible to apply for PrivacyMark

Only private enterprises that have business establishments for the business activities related to applications in Japan may apply for Accreditation of the PrivacyMark. PrivacyMark is accredited in the unit of per one company. Applicant (private enterprise and others, i.e. local governments etc.) must meet the requirements stated below:

  1. Must have set up a Personal Information Protection Management System (PMS) complying to JIS Q 15001: 2006 (Personal Information Protection Management Systems - Requirements).
  2. Must have prepared an enforceable system based on PMS and must be appropriately handling personal information.
  3. Applicant must have ensured that its PMS complies with JIS Q 15001: 2006

Applications from Private enterprises falling under any of the following categories (disqualifications) could not be received.

  1. Private enterprises that were, during the period of three (3) months preceding the date of Application, denied an Application for the Accreditation of the PrivacyMark under Paragraph 1 of Article 11 of "Rules for the Establishment and Operation of PrivacyMark System", or a reexamination request under Paragraph 1 of Article 12.
  2. Private enterprises that were, during the period of two years preceding the date of application, subjected to the withdrawing of Accreditation of the PrivacyMark under Paragraph 1 of Article 22 or to the cancellation of a PrivacyMark Use Agreement under Paragraph 2 of Article 36.
  3. Private enterprises that, during the period of two years preceding the date of application, leaked personal information outside or otherwise infringed upon the interests of principal parties to information.
  4. Private enterprises that do not have business establishment in Japan.
  5. Executives of the private enterprises (appointed representatives or managers for non-corporate organizations are included) must meet any of the following conditions.
      They must not have finished serving a prison sentence or a suspended sentence within two years of the Application They must not have finished serving a sentence or a suspended sentence for violating the Act on the Protection of Personal Information within two years of Application
  6. Private enterprises with just one employee cannot establish a PMS, and therefore may not apply.
(Note)
A leak, whether through accidental or intentional, will be treated as though the personal information had been handled by the unauthorized. In addition, cases in which a leak or loss of personal information takes place through unauthorized use, or in which, through accidental or intentional, personal information is used for unauthorized purposes are considered an infringement of rights. Even for accidents concerning personal information that do not correspond to the above cases, please contact the JIPDEC or Conforminity Assessment Bodies before Application.