Actions on Materiality
Customer Privacy (FY2018 Report)
Reasons of materiality in respect of our business
As an energy business operator which secures the basis of the society, the Daigas Group considers it is indispensable to recognize the importance of customers' information and those appropriate management
Inside and outside the Company
Management systems and its performance
Indicator (GRI Standards: 418-1)
Total number of substantiated complaints regarding breaches of customer privacy
(International and domestic standards)
- Act on the Protection of Personal Information
- Act on the Prohibition of Unauthorized Computer Access
- Act on the Regulation of Transmission of Specified Electronic Mail
(In-house policy and standards)
- Daigas Group Code of Conduct
- Rules for Personal Information Protection
The Vice President in charge of the General Affairs Department is appointed as the Chief Privacy Officer (CPO). Placed under the vice president are “Personal Information Managers,” who supervise Business Units, the Human Resources Department, Osaka Gas affiliated companies and contractors working for Osaka Gas.
Personal Information Protection Structure
An “Information Security Subcommittee” was established under the “CSR Committee” (chaired by the CSR Executive), since which it has been developing systems to ensure information security throughout the Daigas Group.
Information Security System
During FY2018, no proper objections substantiated were filed regarding the alleged violation of customer privacy involving the Daigas Group. We will continue to do all we can to beef up the control of personal information of customers.
Specific actions taken regarding materiality
Mechanism to protect personal information
The Daigas Group is doing all it can to prevent the leakage of personal information of customers and other incidents affecting their information by improving the Group's information management system, inspecting the implementation of the system as part of its risk-management efforts, carrying out a periodical audit of its business operations, and taking company-wide response actions in the event of incidents such as the loss of customer data, including information sharing and mobilization of all organizations to scrutinize the situation. In FY2018, the Group revised its manual stipulating how to handle the personal information of customers and employees, based on the revised personal information protection law. Through the revision of the manual, we disseminated the importance of protecting personal information to employees and deepened their understanding of the matter. Furthermore, the Group held an e-learning session for Osaka Gas employees regarding the protection of personal information. (6,013 employees attended the session.) In addition, the Group's Information Security Subcommittee introduced a system to check the management of data files containing customer information, and put the system in practice.
Education of employees
All Daigas Group employees who have the authority to access PCs loaned to them by the Group, including those working on a contract basis and those dispatched from manpower agencies, are required to take an online training course on information security once a year. The percentage rate of employees taking this course reached 100% in FY2018. These employees also receive e-learning training, twice a year, aimed at enabling them to respond appropriately to targeted e-mail attacks.