In efforts to protect personal information, Mitsubishi Electric first created company rules on personal information protection in October 2001, and since then it has required all employees and affiliated persons to obey those rules strictly. Mitsubishi Electric issued a personal information protection policy in 2004, complying with the requirements of JIS Q 15001:2006 Personal Information Protection Management Systems. In January 2008, we were granted the right to use the "PrivacyMark," which certifies the establishment of management systems that ensure proper measures for personal information protection. We have maintained our "PrivacyMark" certification until the present.
We have also conducted a review of our internal regulations to ensure a proper response to Japan’s amended Act on the Protection of Personal Information, which went into force in May 2017.
System of rules for personal information protection
Mitsubishi Electric handles personal information appropriately; we acquire it by specifying purpose of use, use it only within the intended scope, and provide it to a third party only with prior consent from users.
In August 2019, there was an incident where personal information was not properly handled during recruitment activities, and in December 2019, guidance was received from the Personal Information Protection Commission. We deeply regret this incident and will strive to always acquire personal information appropriately.
The Mitsubishi Electric Group handles personal data from the EU in an appropriate manner with due consideration to the General Data Protection Regulation (GDPR), which was put into force in the EU in May 2018 as a framework to protect privacy. In addition, cross-border transfer of personal data is now also being regulated outside Europe, and the Group is taking appropriate measures.