Consideration of Privacy Risk Assessment of the My Number in the Financial Industry in Japan

  • Sanggyu ShinEmail author
  • Yoichi Seto
  • Kei Sakamoto
  • Mayumi Sasaki
Conference paper
Part of the Lecture Notes in Electrical Engineering book series (LNEE, volume 474)


In Sep. 2015, the Act on the Use of Numbers to Identify a Specific Individual in the Administrative Procedure was revised. It was decided to link personal numbers to deposit numbers of financial institutions. Currently, the Privacy Impact Assessment which is obliged to implement this law is required to implement safety control measures for the private sector. However, there is no system to conduct a risk assessment of the law. In the financial industry, which is a highly private sector of public nature, some privacy risk assessment is required because it has many individual numbers. In this paper, we propose a framework for privacy risk assessment on this law in the financial industry, using the privacy impact assessment prescribed as an international standard.


Specific personal information protection assessment Social security and tax system Privacy impact assessment My Number 



This research carried out in the Project Based Learning in the Advanced Institute of Industrial Technology. In advancing the PBL, we got the cooperation of Hiro Rokugawa, Yuta Kurosawa, Okimura Seiji, and Xiaofei Ma. We would like to express our appreciation here.


  1. 1.
    Act on the Use of Numbers to Identify a Specific Individual in the Administrative Procedure (Act No. 27 of 31 May 2013).
  2. 2.
    A draft of a bill to amend part of the Act on the Protection of Personal Information and the Act on Utilization of Numbers to Identify Specific Individuals in Administrative Procedures (Overview), February 2015.
  3. 3.
    Seto, Y.: Practical Privacy Risk Assessment Technique - Privacy by Design and Personal Information Impact Assessment. Kindaikagaku Press, Tokyo (2014)Google Scholar
  4. 4.
    Specific personal information protection assessment guideline, April 2014.
  5. 5.
    Mayumi, S., Kei, S., Kazuhiro M., Sanggyu, S., Yoichi, S.: The problem analysis of specific personal information protection assessment. In: CSS 2015, vol. 2015(3), pp. 1199–1206 (2015)Google Scholar
  6. 6.
    Kei, S., Mayumi, S., Sanggyu, S., Yoichi, S.: A Study on the privacy risk assessment of responding to National ID Act in the financial sector. In: 2016 Symposium on Cryptography and Information Security (SCIS 2016) (2016)Google Scholar
  7. 7.
    Guidelines on proper handling of specific personal information in financial services, December 2014.
  8. 8.
    Yoichi, S., Hiroaki, R., Fumio, S., Yasujiro, M., Hiroaki, I.: Privacy Impact Assessment PIA and Personal Information Protection. Chuokeizai Press, Tokyo (2010)Google Scholar
  9. 9.
    Sang-gyu, S., Tomomi, H., Mayumi, S., Yoichi, S.: Analysis of risk items in specific personal information protection assessment. In: The 32th Symposium on Cryptography and Information Security (2015)Google Scholar
  10. 10.
    ISO22307:2008 Financial services – Privacy impact assessment.
  11. 11.
    Satoru, N., Naoko, O., Michiya, O., Haruyki, K., Makoto, S., Yoichi, S.: Development of guidelines for personal information impact assessment. J. Jpn. Soc. Secur. Manage. 29(1), 3–16 (2015)Google Scholar
  12. 12.
    Explanation of Specific Personal Information Protection Assessment Guidelines, November 2014.
  13. 13.
    Inspection Manual for Deposit-Taking Institutions, June 2014.
  14. 14.
    About financial information system and FISC safety measures standard, December 2014.
  15. 15.
    The Guidelines on the Protection of Personal Information, November 2009.

Copyright information

© Springer Nature Singapore Pte Ltd. 2018

Authors and Affiliations

  • Sanggyu Shin
    • 1
    Email author
  • Yoichi Seto
    • 1
  • Kei Sakamoto
    • 1
  • Mayumi Sasaki
    • 1
  1. 1.Advanced Institute of Industrial TechnologyTokyoJapan

Personalised recommendations