In January 2020, Mitsubishi Electric reported a data leak incident caused by unauthorized access to its system, which has resulted in inconvenience and concern for customers and society. After also reflecting on guidance from the Personal Information Protection Commission received in December 2019 concerning the handling of personal information obtained through recruitment activities, the Mitsubishi Electric Group will continue to strengthen its information security measures* to prevent such a situation from occurring again. We also will strengthen the measures considering the general trend toward teleworking and cloud-based business models.
Mitsubishi Electric manages confidential corporate information relating to sales, engineering, intellectual property, and other areas, as well as information entrusted to the company by its customers and stakeholders. This is carried out based on the Declaration of Confidential Corporate Information Security Management established in February 2005. In light of events in fiscal 2019, we will once again work to increase awareness of this declaration within the Mitsubishi Electric Group and strive to protect and manage information even more carefully.
With respect to the information assets that constitute its core business activities, Mitsubishi Electric Corporation shall disclose information that should be released externally in a timely and appropriate manner, while ensuring strict and appropriate management of confidential corporate information.
In the unlikely event that valuable information or confidential corporate information entrusted to us by others were to leak, this would not only cost the trust and confidence invested in the Company; the improper use of this information could also threaten national, societal and individual security.
Recognizing that appropriate management of confidential corporate information is a key corporate social responsibility, the Company hereby declares that all employees shall comply with the following confidential corporate information management policies.
1. Appropriate Management of Confidential Corporate Information through Compliance with Laws, Ordinances and Regulations
The Company shall manage all confidential corporate information concerning business activities appropriately in accordance with laws, ordinances and Company regulations.
"Confidential corporate information" means valuable technical or business information held by the Company, and information (such as personal information, information obtained from outside the Company and insider information), which, if disclosed or used in an unauthorized way, could be disadvantageous to the Company and/or its stakeholders. Physical objects that constitute confidential corporate information are also subject to control.
2. Enforcement of Security Management Measures
The Company shall implement appropriate security management measures for the protection and proper control of confidential corporate information.
"Security management measures" means organizational, human, technological and physical measures that are strictly enforced according to the confidentiality level of the applicable corporate information.
3. Enhancement of Information System Security Measures
The Company shall enhance its information system security measures to prevent unauthorized access, intrusion and wrongful use of confidential corporate information, and implement comprehensive countermeasures with IT.
Recognizing that the awareness of individual employees who are involved in handling confidential corporate information is fundamental to management, the Company shall provide regular education for all employees concerning the importance of confidential corporate information management and the Company's efforts to enhance it.
5. Continual improvement of Management through the PDCA Cycle
The Company shall establish a confidential corporate information management system and improve it proactively and continually through the PDCA (Plan-Do-Check-Action) cycle.
6. Timely and Appropriate Information Disclosure
In addition to rigorously managing confidential corporate information in an appropriate manner in line with items 1 through 5 above, the Company shall disclose information that should be externally released in a timely and appropriate manner.
April 1, 2018
Takeshi Sugiyama, President & CEO
Mitsubishi Electric Corporation
Personal information collected from customers through questionnaires, registration of purchased products, repair services, and other such means is managed based on the "Personal Information Protection Policy." On the basis of this system, Mitsubishi Electric has been granted the right to use the "PrivacyMark" under Japan’s system for certifying personal information protection systems, in recognition of its ongoing efforts to ensure proper handling of personal information.
Mitsubishi Electric Corporation fully complies with Japan’s laws and regulations, national policies and other rules concerning the protection of personal information.
Personal information can be defined as any information that may be used to identify an individual, including, but not limited to, a first and last name, a home or other physical address, an e-mail address or other contact information.
Mitsubishi Electric Corporation sometimes collects personal information from its customers while conducting business activities. On the Global Website, personal information is collected predominantly through the various contact/inquiry forms.
When we directly solicit personal information from you in writing, we will specify how we intend to use the information, and ask for your consent. When we collect personal information by other means, we will announce on our website how we intend to use it.
When you provide us with personal information, we use the information to respond to and confirm your inquiry, and may keep a record of the inquiry for the same purposes. In addition, to support our customer relationship, we may store and process personal information and share it with our worldwide subsidiaries and affiliates to better understand your needs and how we can improve our products and services.
At times Mitsubishi Electric Corporation may conduct online surveys to better understand the needs and profile of our visitors. When we conduct a survey, we will do our utmost to let you know how we will use the information collected from you. Our site may provide contests, sweepstakes or other promotions that may ask you to enter your personal information. We will use the information you provide for the purpose of conducting the promotion, like providing customer support or contacting you if you’re a winner.
Mitsubishi Electric Corporation does not use or disclose information gathered from individual visits to the Site or information that you may give us to any third parties for intention to sell, rent or otherwise market your personal information. We may at times employ a third party service providers to perform or assist us on the on-line surveys, contests, sweepstakes or other promotions. For example, administering the survey or promotion, compiling the data or providing customer support. These parties will have signed a Non-Disclosure Agreement prior to any services we initiate with them. They will not disclose any personal information they receive from you and will only use it in order to initiate and or continue the services they are providing for us.
You have the option not to provide personal information to Mitsubishi Electric Corporation. If you choose not to provide the personal information we request, you can still visit most of the Site, but you may be unable to access certain options, offers and services that involve our interaction with you.
April 1, 2018
Takeshi Sugiyama, President & CEO
Mitsubishi Electric Corporation