Safety and Security
Relevant GRI Standards: 103-2
9: INDUSTRY, INNOVATION AND INFRASTRUCTURE
11: SUSTAINABLE CITIES AND COMMUNITIES
The NTT Group has been entrusted with a considerable quantity of personal information, ranging from data on individual customers to that of corporate customers. In recent years, our customers' concern over protection of personal information has only increased. Meanwhile, the importance of enforcing personal information protection and information management is growing in terms of laws and regulations, as seen in the revision of Japan's Act on the Protection of Personal Information in 2017 and the enactment of the EU's General Data Protection Regulation (GDPR) in 2018.
Under these circumstances, personal information leakage could have various repercussions for the NTT Group in the operations of its businesses, including damage to its corporate value and loss of customers, which makes it essential to rigorously manage personal information as a top priority.
Under the NTT Group Information Security Policy, we disclose on our website specific policies for protecting the personal information of customers and shareholders and policies for protecting personally identifiable information required by Japan's Social Security and Tax Number System. In this policy, we also define how we respond to requests for disclosure, correction, and suspension of use related to the personal information retained by the NTT Group. We have also put in place a security management system that ensures thorough and rigorous security practices, with the Chief Information Officer (CISO) placed in charge (see page 054).
NTT has systematic security control measures, human security control measures, physical security control measures, and technical security control measures in place for handling our customers' personal information.
Each domestic company in the Group has established a personal information protection system in line with its business and based on the revised Act on the Protection of Personal Information. We are consistently pursuing initiatives to protect information, including stringent measures on the physical and systems aspects of security and appropriate supervision of outsourcing contractors.
In addition, NTT Group companies that conduct business globally conform to the laws and regulations of the various countries.
To conform to the EU's General Data Protection Regulation (GDPR) enacted in May 2018, Group companies are promoting compliance following discussions within the NTT Group. They implement the measures necessary for the acquisition of personal information and its transfer outside of the EU, and, based on the EU regulation and other countries' regulations, are taking actions with respect to the sharing of employee information among NTT Group companies in Japan and overseas.
NTT has set up the Customer Contact Point on Personal Information, and similar contact points for services related to personal information have been set up at each NTT Group company. Since NTT is a holding company that does not directly provide telecommunications services, inquiries regarding personal information related to services are redirected to the contact points of the operating companies concerned.
Additionally, inquiries regarding the handling of personal information under laws and regulations are redirected to the person responsible for information security at the operating companies concerned.
Nippon Telegraph and Telephone Corporation Customer Contact Point on Personal Information
Email : email@example.com
Safety and Security