Our approach to information security

Activities for Personal Information Protection

Personal Information Protection

In efforts to protect personal information, Mitsubishi Electric first created company rules on personal information protection in October 2001, and since then it has required all employees and affiliated persons to obey those rules strictly. Mitsubishi Electric issued a personal information protection policy in 2004, complying with the requirements of JIS Q 15001:2006 Personal Information Protection Management Systems. In January 2008, we were granted the right to use the "PrivacyMark," which certifies the establishment of management systems that ensure proper measures for personal information protection. We have maintained our "PrivacyMark" certification until the present.

We have also conducted a review of our internal regulations to ensure a proper response to Japan’s amended Act on the Protection of Personal Information, which went into force in May 2017.

System of rules for personal information protection

Proper handling of personal information

Mitsubishi Electric handles personal information appropriately; we acquire it by specifying purpose of use, use it only within the intended scope, and provide it to a third party only with prior consent from users.
Furthermore, in preparation for data leakage risks from cyberattacks, we continue to strengthen security control measures, such as server storage and encryption.

Response to the EU General Data Protection Regulation (GDPR)

The Mitsubishi Electric Group handles personal data from the EU in an appropriate manner with due consideration to the General Data Protection Regulation (GDPR), which was put into force in the EU in May 2018 as a framework to protect privacy. In addition, cross-border transfer of personal data is now also being regulated outside Europe, and the Group is taking appropriate measures.