Security Measures at Mizuho Securities
Mizuho Securities Co., Ltd. (Business Operator Handling Personal Information)
(1) Establishment of Personal Information Protection Guidelines
- In order to ensure the proper handling of personal data, we have established a privacy policy regarding “Contact for questions and complaints concerning security measures”, “Declaration on the secure management of personal data”, “Continuous improvement of basic policy,” and “Compliance with relevant laws and regulations, etc.”
(2) Maintenance of Discipline regarding the Handling of Personal Data
- For each stage of acquisition/input, use/processing, storage/preservation, transfer/transmission, and deletion/disposal, we have established rules for information management that stipulate the roles and responsibilities of handling persons, limitation of handling persons, and procedures, etc. required for the secure management of personal data at each management stage.
(3) Organizational Security Measures/Safeguards
- In addition to appointing a Personal Data Management Officer who is a chief officer in charge of the execution of operations related to the secure management of personal data and a Personal Data Manager in each department who handles personal data, we have clarified the employees who handle personal data and the scope of information handled, and have established a personal data management system to report the status of the handling of personal data to the Personal Data Management Officer.
- We periodically conduct self-inspections of the status of handling of personal data and have personnel from other departments conduct audits.
(4) Personal Security Measures/Safeguards
- We conduct regular training for employees regarding the handling of personal data.
- We have established employment rules that stipulate the roles and responsibilities of employees with respect to the handling of personal data, as well as disciplinary actions in the event of violations, and have entered into non-disclosure agreements with employees.
(5) Physical Security Measures/Safeguards
- In the areas where personal data is handled, we control the entry and exit of employees, restrict the equipment, etc. they may bring in, and implement measures to prevent unauthorized persons from viewing personal data.
- We implement measures to prevent theft or loss, etc. of equipment, electronic media and documents, etc. that contain personal data.
(6) Technical Security Measures/Safeguards
- We implement access control and limit the scope of persons in charge and personal information databases handled, etc.
- We implement measures to protect information systems that handle personal data from unauthorized external access or unauthorized software.
(7) Understanding the External Environment
- In cases where personal data is handled in a foreign country, we implement necessary and appropriate measures for the secure management of personal data based on an understanding of the systems for the protection of personal data in that foreign country.
(8) Supervision of Contractor
- We have established criteria for selecting contractors, which include “Development of basic policies and handling rules, etc. for the secure management of personal data at contractors” and “Development of an implementation system for the secure management of personal data at contractors,” and select contractors in accordance with such criteria.
- We conduct periodic evaluations of contractors to check their compliance with the security measures, etc., stipulated in the outsourcing contract on a regular or ad-hoc basis, and supervise contractors to ensure that they comply with the contract if they are not in compliance.