New Data Protection Authority for Japan

The Number Use Act 2013 establishes a new and independent Data Protection Authority to be set up in the first half of 2014. The Specific Personal Information Protection Commission will consist of a Chairman and six commission members, and will be appointed by the Prime Minister with the consent of both Houses of the legislature.

The Commission will ensure the proper handling of personal numbers and other specific personal information, and provide guidance, advice and recommendations. Its enforcement powers will be limited to requiring reports and conducting on-site inspections. The commission was established on the recommendation of a committee chaired by Emeritus Professor Masao Horibe, Hitotsubashi University.

The Consumer Affairs Agency will continue to have overall responsibility for the legal framework of the Protection of Personal Information Act and oversight of specific sectors will remain the responsibility of different government ministries.

Speaking at the Privacy Laws & Business Asia Roundtable in London on 1st October, Professor Hiroshi Miyashita from Japan's Chuo University, and an Advisor to the Consumer Affairs Agency (CAA), explained that cultural factors play an important part in Japan's enforcement of privacy law. Loss of reputation is a far more important factor driving compliance than fines. Voluntary payment of compensation and an apology for data breaches are common. He announced that the CAA published its annual report on 30th September giving statistics on enforcement, data breaches, and complaint handling.