CSR Charter ⅣComplying with Laws and Regulations and Respect for Human Rights
Efforts for Protection of Personal Information
Principle and Outline
Based on its belief that information is an important asset for companies and should thus be managed properly to prevent leaks or losses, the Daigas Group has put into place a system to suitably use/manage the personal information entrusted to the Group by its customers. We are also striving to enhance our risk management regarding personal information via our “G-RIMS” risk self-inspection system, and to raise employee awareness through e-learning and training.
Protection of Personal Information
Structure for strengthening protection of personal information including affiliates and contractors
The Daigas Group is in possession of the personal information of a large number of individuals, and we have rules and measures in place to protect this information. Executives in charge of a Department or the Vice President who serves as the personal information protection administrator has established a personal information protection system that extends even to subcontractors, and is endeavoring to suitably manage personal information and prevent leaks.
Personal Information Protection Structure
Strengthening risk management through training and e-learning
Every year the Daigas Group uses the “G-RIMS” risk self-assessment system to reinforce risk management regarding personal information management. We also make the protection of personal information a key part of compliance training in efforts to raise employee awareness. And all employees and temporary workers dispatched from manpower agencies with access to an Osaka Gas personal computer, are obliged to take basic or case-study e-learning courses.
In FY2019, the Daigas Group worked to set up systems for strengthening the protection of personal information, including the introduction of a feature that prevents the accidental transmission of e-mails outside of the company and the addition of questions to the G-RIMS self-assessment checklist for risk management. The questions relate to confirming or documenting when the personal information of customers, business partners, or others is given to a third party.
- FY2019 Information security e-learning session participants: 6,990
Responding to Customer Information Leaks Due to Unauthorized Access
The vulnerability was attacked and unauthorized access was made on some servers used for the file transfer service operated by OGIS-RI Co., Ltd., a Daigas Group company. As a result, 4,815,399 customer information leaked to the outside.
Based on this incident, OGIS-RI has established the Security Enhancement Countermeasures Section to strengthen countermeasures and monitoring against cyber attacks. In addition, the Group as a whole is further strengthening information management, such as checking for the risk of similar events.
The same content is available as a press release.