NTT Group has been entrusted with a considerable quantity of personal information, ranging from data on individual customers to that of corporate customers. In recent years, our customers' concern over protection of personal information has only increased, while the importance of enforcing personal information protection and information management is growing in terms of laws and regulations, as seen in the revision of Japan's Act on the Protection of Personal Information in 2017 and the enactment of the EU's General Data Protection Regulation (GDPR) in 2018.
Under these circumstances, the occurrence of a personal information leak could have various repercussions for NTT Group in the operations of its businesses, including damage to its corporate value and loss of customers, which makes it essential to rigorously manage personal information as a top priority.
Under the NTT Group Information Security Policy, we have formulated specific policies for protecting the personal information of customers and shareholders and policies for protecting specific personal information required by the introduction of Japan's Social Security and Tax Number System. These policies are open to the public on our corporate website. In this policy, we also define how we respond to requests for disclosure, correction, suspension of use related to the personal information retained by NTT Group. We have also put in place a security management system that ensures thorough and rigorous security practices, with the Chief Information Officer (CISO) placed in charge.
NTT also discloses the following policies concerning protection of personal information.