The Abe administration is coming under increasing pressure to close a loophole in the law on personal information protection by tightening regulations on the resale of data by name-list brokers, after information related to millions of customers was leaked from education service provider Benesse Corp.
The unit of Benesse Holdings Inc. has asked name-list brokers and companies that may have obtained the leaked information not to use it, but the request is not legally binding.
The law prohibits providing personal data to a third party without first-person consent. However, a so-called opt-out clause allows businesses to dodge the consent requirement on the condition that they give notice on a website or in writing.
“There is no organization to check the opt-out, and there is no way to check whether the clause is observed,” said Kaori Ishii, an associate professor at the University of Tsukuba.
Ishii said it’s necessary to require firms to disclose information sources to help curb purchases of data for profit.
In the Benesse case, Masaomi Matsuzaki, a former system engineer, was served with a fresh arrest warrant Monday for stealing the personal information of some 20 million customers including children and their parents from the company.
In light of the Benesse case, the consumer commission in the Cabinet Office in July called on the government to consider such issues as regulations on name list brokers, the deletion of personal information leaked by unlawful means and the responsibility of businesses for obtaining leaked information.