Home > Authorized Personal Information Protection Organizations > What is an Authorized Personal Information Protection Organizations?

About Authorized Personal Information Protection Organizations

Table of contents for this page: Duties of the Organizations; Handling of Complaints by the Organizations; Obligations of the Organizations; Significance to be a Target Entity

Act on the Protection of Personal Information (Act No. 57 of 2003) (hereafter, referred to as "the Act") came into full scale enforcement on April 1, 2005.

Business Operators to which the Act applies (Business Operators which handle personal information) must voluntarily work toward ensuring the proper handling of personal information. To facilitate this, the Act promotes voluntary working of Business Operators , and with the purpose of promoting the protection of personal information in the light of the purport of the Act, has established a system of Authorized Personal Information Protection Organizations (hereafter, referred to as "Organization(s)") which receive accreditation from the Competent Ministers based on the provisions of Article 37 of the Act.

Duties of the Organizations

The duties of the Organizations are stipulated in Article 37 of the Act, and are as indicated below:

Handling of Complaints of "bussiness operator handling of personal information" (hereafter, referred to as "Target Entity");
Provision of information for Target Entities about the matters contributing to the proper handling of personal information;
Others than any business necessary for ensuring Target Entities the proper handling of personal information.

Handling of Complaints by the Organizations

Handling of Complaints by the Organizations includes the following matters (Article 42 of the Act):

When the Organization is requested by a person, etc. to process a complaint about the handling of personal information by a Target Entity, the Organization processes the complaints via the following actions:
1. Corresponding to the request;
2. Giving necessary advices;
3. Investigating the circumstances pertaining to the complaint;
4. Requesting the Target Entity to process the complaint promptly by notifying it of the content of the complaint.
When the Organization finds it necessary for settling a complaint, the Organization would take the following actions:
1. Requesting the Target Entity to explain it in writing or orally; or
2. Requesting Target Entity to submit relevant materials.
  (Clause 3, Article 42 of the Act states that the Target Entity shall not reject the request without justifiable ground.)

Obligations of the Organizations

To ensure that the Organizations carry out their duties properly and maintain their reliability, the following constraints are imposed upon them.

Prohibition of utilization other than for intended purpose (Article 44 of the Act)
Collection of reports,Orders and Rescission of Authorization (Article 46 through Article 48 of the Act)

Significance to be a Target Entity

It is stipulated that "business operators handling personal information" must respond by themselves as parties concerned to complaints of the individuals about whom personal information is collected regarding the handling of retained personal data (No. 6, Clause 2, Article 7 of the Act and Article 31 of the Act).

However, in some cases it is impossible for the Target Entities to settle complaints amongst themselves. In such cases, the they could request the Organization in charge to process the complaints.

Also, because it is possible for the individuals to request processing of their complaints indirectly to the Organization, playing the role of buffers, it enables individuals not to contact the Target Entity directly.

In other words, becoming Target Entity, resulting getting trust from individuals as an operator to take objectively measures to process complaints, proves itself a meaningful and effecyive measure for both parties.

Advantages to Target Entities

Smooth and prompt settlement might be expected because of intervene of the Organization as a third party;
Promoting proper handling of personal information provided appropriate information by the Organization.

Note that, the following obligation is imposed on Target Entities.

When an Target Entity has received a request under the provisions of the Act from an Authorized Personal Information Protection Organization, it shall not reject the request without justifiable ground.(Clause 3, Article 42 of the Act)

Advantages to individuals

Smooth and prompt settlement might be expected because of intervene of the Organization as a third party;
Secure environment for disclosure of personal information might be expected.