Japan’s My Number Data Security Compliance

Regulation Summary

The data security requirements for businesses handling data associated with an individual’s Japanese “My Number” are governed primarily by Japan’s “Personal Information Protection Act (PIPA).”

These include:

• Taking necessary and proper measures for the prevention of leakage, loss, or damage, and for other security control of personal data
• Exercising necessary and appropriate supervision over the employees handling the data to ensure the security control of the personal data
• Exercising necessary and appropriate supervision over any persons of organizations entrusted with the data to ensure the security control of the entrusted personal data

Vormetric Transparent Encryption

The gold standard for preventing leakage or loss of data is transparent encryption with integrated key management. Thales adds data access controls and security intelligence to create a robust data security solution to help organizations collecting and using My Data information meet PIPA regulations.

Encryption and Key Management is critical to safeguarding data, because it ensures that if the data is breached it will be meaningless and worthless to those who retrieve it. Encryption key management’s role is essential, because if the cybercriminal has the keys, he or she has access to data in the clear. So best practice is for the organization that owns the data to maintain control of the keys. For example, if the data owner uses a cloud service provider, the data owner should retain within its own organization control of the keys. Best practice is also for the data-owning organization to encrypt the data before sending it to the cloud.

Vormetric’s Transparent Encryption with Integrated Key Management from Thales provides strong, centrally managed, file, volume and application encryption combined with simple, centralized key management that is transparent to processes, applications and users.

Vormetric Tokenization with Dynamic Masking

The Vormetric Token Server (VTS) from Thales is a VM download that can be deployed as a virtual appliance. It provides application-layer tokenization that uses APIs to allow communication between the application and the tokenization server. An example use case could be for protecting a credit card or driver's license number in an application running on a Web server. When the sensitive data is entered, the app will send the number to the tokenization server via a REST API. The token server creates a 'token' that replaces the original data, which is then encrypted and placed in a token vault to provide an additional layer of security. The token is then returned to the app server in place of the original credit card number or driver's license. VTS also includes dynamic data masking, which can tie in with AD or LDAP directories and serve data as clear text or partial clear text based on the user's role.

Security Intelligence

Security Intelligence is essential to knowing if the system is working and is, again, an expected best practice.

Vormetric’s Security Intelligence offering provides logs that capture access attempts to protected data, providing high value security intelligence information that can be used with a Security Information and Event Management (SIEM) solution and for threat identification and data security compliance reporting.