Actions on Materiality
Customer Privacy (FY2017 Report)
Reasons of materiality in respect of our business
As an energy business operator which secures the basis of the society, the Daigas Group considers it is indispensable to recognize the importance of customers' information and those appropriate management
Inside and outside the Company
Management systems and its performance
Total number of substantiated complaints regarding breaches of customer privacy (G4-PR8)
(International and domestic standards)
- Act on the Protection of Personal Information
- Act on the Prohibition of Unauthorized Computer Access
- Act on the Regulation of Transmission of Specified Electronic Mail
(In-house policy and standards)
- Daigas Group Code of Conduct
- Rules for Personal Information Protection
The Vice President in charge of the General Affairs Department is appointed as the Chief Privacy Officer (CPO). Placed under the vice president are “Personal Information Managers,” who supervise Business Units, the Human Resources Department, Osaka Gas affiliated companies and contractors working for Osaka Gas.
Personal Information Protection Structure
An “Information Security Subcommittee” was established under the “CSR Committee” (chaired by the CSR Executive), since which it has been developing systems to ensure information security throughout the Daigas Group.
Information Security System
Incidents in which documents containing personal information of customers were lost were reported at two Daigas Group companies in fiscal 2017. Acting on the incidents, the Group reviewed its business operational procedures and established a strict data control system to prevent a recurrence.
Specific actions taken regarding materiality
Mechanism to protect personal information
The Daigas Group is doing all it can to prevent the leakage of personal information of customers and other incidents affecting their information by improving the Group's information management system, inspecting the implementation of the system as part of its risk-management efforts, carrying out a periodical audit of its business operations, and taking company-wide response actions in the event of incidents such as the loss of customer data, including information sharing and mobilization of all organizations to scrutinize the situation. In fiscal 2017, the Group held a Net-based session for employees to enhance their awareness of the importance of protecting personal information. In addition, the Group's Information Security Subcommittee introduced a system to check the management of data files containing customer information, and put the system in practice.
Education of employees
All Daigas Group employees who have the authority to access PCs loaned to them by the Group, including those working on a contract basis and those dispatched from manpower agencies, are required to take an online training course on information security once a year. The percentage rate of employees taking this course reached 100% in fiscal 2017. These employees also receive e-learning training, twice a year, aimed at enabling them to respond appropriately to targeted e-mail attacks.