Protecting personal information

  • Materiality

Mizuno addressed information security policy as one of the main issues of management, and developed and is administrating basic policy and measures on general information security. In particular, we acknowledge the importance of protecting personal information, and we manage appropriately and steadily implement tight control. We established the Personal Information Regulations, appointed the officer in charge of human resources and general affairs as a supervisor, provide education and training to persons handling personal information, take security measures, and have created an inventory of personal information so that we can prevent disclosure externally.

When gathering personal information, the purpose and procedure for collecting it must be clarified, and prior approval must be obtained inside the company. How to take custody and dispose of personal information is strictly regulated. We also undertake regular audits of whether operation is in accordance with the regulations. Along with this, we provide training on the handling of personal information to all employees.

In FY2018, for staff in charge of the protection of personal information in each division in Japan, and staff in charge of dealing with personal information with frequent access, we conducted briefing sessions on crucial points for business regarding personal information and also conducted an actual survey on how each department and each staff member manages that personal information.

Besides, while personal information protection in Europe is being strengthened, we made the necessary arrangements such as establishing or updating related formats, internal guidelines, the managers' manual, etc. to comply with the General Data Protection Regulation (GDPR).

Mizuno is working to establish a system that prevents major incidents, given that it manages a large quantity of personal information in the event of holding sporting events and when operating sporting facilities.

In FY2018, there were no customers’ privacy violations and no breaches of customers’ data from Mizuno group companies. However, we found one suspicious case of leakage of personal information, which is third-party fraudulent access to the reservation system operated by Coubic Inc., which we have adopted.

Future issues to be addressed

Mizuno Group needed to restore the appropriate use of data in our business sites and offices, along with brushing up on the information strategy of our group against changes in the surroundings.

  • Strengthening of GDPR compliance and mechanisms in Europe.
  • Deploying these measures in other regions.

In addition, the following measures will be taken to prevent the recurrence of fraudulent access to the outsourcing system.

  • Requesting that subcontractors thoroughly manage personal information and improve the security of their information system.
  • Stopping the acceptance of reservations from the system until the security of the outsourcing system can be confirmed. (The reservation system has resumed operation since the security was completely confirmed on March 20, 2019.)
  • Reviewing the standards for the security system and the personal information management system of subcontractors, which we plan to adopt.