Protection of personal information

In accordance with the Information Assets Protection and Management Policy for the Dai-ichi Life Group, we will appropriately protect and manage personal information.
We strive to maintain accurate and up-to-date personal information that we hold. We take organizational, personnel, physical and technical security measures to protect personal information, and review these measures as necessary. At our company, the chairperson of the Group Compliance Committee is the overall manager in charge of the protection and management of information assets related to all group businesses. The Group Compliance Committee (Secretariat: Legal & Compliance Unit), which is a subordinate body of the Board of Directors, promotes the proper management of information related to all Group businesses. In addition, under the control of the Group Compliance Committee, we are taking steps to protect personal information, and we report to the Board of Directors and other bodies as appropriate. Personal data for which security control measures are taken includes personal information that is scheduled to be handled as personal data.

  1. 1In order to ensure the proper handling of personal information, we have established and published a personal information protection policy. We have also developed internal regulations that stipulate the handling methods for each stage of the process, such as acquisition and input, use and processing, storage and preservation, transfer and transmission, and disposal and deletion, in relation to the safe management of personal data.
  2. 2We have established rules in our employment regulations regarding the confidentiality of personal data and the penalties for violations, and we provide regular training to all employees on the precautions for handling personal data and on safety measures.
  3. 3We control access to and the items brought into areas where personal data is handled, and we also implement measures to prevent the loss or theft of equipment and electronic media that handle information.
  4. 4We strive to minimize data retention by setting access restrictions and managing personal data appropriately, deleting it when it is no longer necessary for business purposes, etc.
  5. 5We prevent information leaks by taking security measures such as installing firewalls to prevent unauthorized access from outside the company, restricting data access within the company, and logging and encrypting data transfers.
  1. 6We retain personal data for a period appropriate to our business needs and securely dispose of or delete it once that period has expired.
  2. 7We ensure that appropriate information handling rules are followed by regularly inspecting compliance with rules and conducting internal audits by specialist departments.
  3. 8When outsourcing the handling of personal data (including re-outsourcing), we select appropriate contractors and enter into contracts with them to ensure that they take the same safety control measures that we take, and we conduct regular monitoring and other appropriate supervision to ensure that personal data is managed safely by the contractor.
  4. 9We have appointed a person or persons responsible for the handling of personal data, and have established a reporting and communication system for such persons in the event that any facts or indications of a violation of laws or regulations are discovered.
  5. 10We have established a reporting system for cases where there has been a leak, loss, or damage of personal data, or where there is a risk of such an event occurring, and we strive to conduct a prompt investigation and prevent further damage.
  6. 11When providing personal data to a third party located in a foreign country, we take the necessary measures to ensure that the personal data is managed safely at the receiving party, such as selecting an appropriate transfer destination and clarifying the obligations and responsibilities of the receiving party in a contract.