Actions on Materiality
Customer Privacy (FY2019 Report)
Reasons of materiality in respect of our business
As an energy business operator which supports a core infrastructure of society, the Daigas Group recognizes the vital importance of protecting customers’ information and managing that information appropriately.
Inside and outside the Group
Management systems and its performance
Indicator (GRI Standards: 418-1)
Total number of substantiated complaints regarding breaches of customer privacy
(International and domestic standards)
- Act on the Protection of Personal Information
- Act on the Prohibition of Unauthorized Computer Access
- Act on the Regulation of Transmission of Specified Electronic Mail
(In-house policy and standards)
- Daigas Group Code of Conduct
- Rules for Personal Information Protection
The Vice President in charge of the General Affairs Department is appointed as the Chief Privacy Officer (CPO). Placed under the Vice President to ensure the protection of private information involving the Daigas Group are Personal Information Managers, who supervise Business Units, the Human Resources Department, Osaka Gas affiliated companies and contractors working for Osaka Gas.
Personal Information Protection Structure
An “Information Security Subcommittee” was established under the “CSR Committee” (chaired by the CSR Executive), since which it has been developing systems to ensure information security throughout the Daigas Group.
Information Security System
In FY2019 there was an incident of attacks on server vulnerabilities and unauthorized access at one company in the Daigas Group that led to customer information being leaked. Based on the results of a third-party security audit, measures were taken to prevent a recurrence.
Specific actions taken regarding materiality
Mechanism to protect personal information
The Daigas Group is doing all it can to prevent the leakage of personal information of customers and other incidents affecting private information by improving the Group’s information management system, inspecting the implementation of the system as part of its risk-management efforts, carrying out regular audits of its business operations, and taking company-wide action in the event of incidents such as the loss of customer data, including information sharing and mobilization of all organizations to scrutinize the situation.
In FY2019, the Group implemented measures to strengthen the protection of personal information, including the introduction of a function to prevent the mistaken sending of email outside the company and the addition of a question to the G-RIMS risk self-assessment system’s self-auditing checklist regarding the confirmation and recording of instances when personal information belonging to customers, suppliers, or others is supplied (transferred) to a third party. The Group created and held an online training course for Osaka Gas employees on information security (participated in by 6,990 employees). The Information Security Subcommittee also introduced a system for checking the storage status of data files containing customer information, which is being carried out systematically.
Education of employees
All Daigas Group employees who have the authority to access PCs loaned to them by the Group, including those working on a contract basis and those dispatched from manpower agencies, are required to take an online training course on information security once a year. The percentage rate of employees taking this course reached 100% in FY2019. These employees also receive training every year aimed at enabling them to respond appropriately to targeted e-mail attacks.