Mizuho Financial Group’s Security Measures on Personal Information

Established on April 1, 2022

(1) Formulation of the Privacy Policy

  • The Mizuho Financial Group (“MHFG”) has a Privacy Policy that stipulates on the “consultation desk for receiving questions and complaints on security measures for personal information”, “declaration on security management of personal data”, “review of the Basic Policy for continuous improvement” and “compliance with related laws and regulations, etc.”, to ensure proper handling of personal data.

(2) Formulation of the disciplinary rule on handling personal data

  • We have internal regulations on information control that stipulate the roles and responsibilities of the persons who handle personal data and on restriction of the handling persons, and the procedures on the security management of personal data to be conducted at each of the following management stages: Acquisition and entry; use and processing; transfer or transmission; and deletion or disposal. 

(3) Organizational security measures

  • We appoint the Chief Personal Data Manager responsible for business operations related to safeguarding personal data, and the Personal Data Manager responsible for administrating personal data at each department that handles personal data. Further, we clarify the employees who handle personal data and the scope of information handled, and have established a framework where such employees report the handling status to the Chief Personal Data Manager.
  • We regularly conduct intra-office inspection on the handling status of personal data, as well as internal audit conducted by employees of another department. 

(4) Personnel security measures

  • We regularly conduct training to employees on handling of personal data.
  • MHFG’s Office Regulations stipulate the roles and responsibilities of employees who are engaged in handling personal data, and the disciplinary action to be taken when they violate the rules. We also conclude non-disclosure agreements with all employees.

(5) Physical security measures

  • In the area where personal data is handled, we control the entry and exit of the building or office, restrict the equipment, etc. to be brought in, as well as conduct measures to prevent people who don’t have access authority from viewing personal data.
  • We conduct measures to prevent theft or loss, etc. of equipment and electronic / paper-based media, etc. that store personal data. We also conduct measures in a way that personal data in such equipment or media cannot be easily accessed by others while being carried, including in the office.

(6) Technical security measures

  • We control access to personal data, and restrict the persons who can use the personal information database, etc., along with their scope of use.
  • We take measures to safeguard information systems that contain personal data, to protect them from illegal access or malware.

(7) Supervision of outsourcing agents

  • In selecting outsourcing agents, we check that: they have a basic policy for safeguarding personal data and the regulations on handling personal data; established the framework for safeguarding personal data; the security measures for personal data is creditworthy based on past results, etc.; and that their business management is sound. 
  • We check that the outsourcing agents are complying with the security measures, etc. by regularly conducting audit, and if we find that they are not complying with the outsourcing agreement, we give necessary instructions to ensure compliance.

(8) Keeping abreast of the external environment

  • When we are to handle personal data outside Japan, we grasp the relevant country’s system, etc. related to protection of personal information, and take necessary and appropriate measures to safeguard personal data beforehand.
Back to top