Target Companies/Unit

Target Companies/Unit

Companies eligible to receive certification for PrivacyMark are private enterprises based in Japan. The PrivacyMark is certified in the unit of per one private enterprise. Private enterprises must meet the requirements stated below, and must actually be promoting the protection of personal information in their activities.

1. Must have set up a personal information protection management system (hereinafter referred to as PMS*) complying to JIS Q 15001.
2. Must have prepared an enforceable system based on PMS and must be appropriately handling personal information.
3. None of the conditions (disqualification condition) below must apply to private enterprises:
   • Private enterprises that have previously applied for or requested for the review for and been rejected for PrivacyMark certification 3 months prior to the application.
   • Private enterprises that have had their PrivacyMark certification revoked or the use of PrivacyMark contract cancelled within a year prior to the application.
   • Private enterprises that have not completed the probation period for the PrivacyMark application in line with violation of the separately stipulated standards involving the leakage of personal information or invasion of rights and interests of the subjects in question.
   • Conditions below that apply to executive members of operators (includes representative or managers appointed for non-corporate organizations)
     1. 1. Those who were sentenced to imprisonment and have served their sentence or the period of suspended execution but for whom two years have not passed since the day of fulfillment.
     2. 2. Those who were sentenced under the Act on the Protection of Personal Information, have fulfilled their sentence or the period of suspended execution but for whom two years have not passed since the day of fulfillment.

The applicant will be assessed through a document assessment form and an on-site assessment.

*1
In the JIS Q 15001, PMS is defined as a Management system by business operators for personal information used in their business operation, including policy, system, plan, enforcement, inspection and review that protect individual rights and interest, while considering serviceability.