The amended Act on the Protection of Personal Information in Japan

Act on the Protection of Personal Information
Personal Information Protection Commission, Japan
The amended Act fully put into effect on May 30,2017
“Special care-required personal information” in this Act means personal information comprising a principal’s race, creed, social status, medical history, criminal record, fact of having suffered damage by a crime, or other descriptions etc. prescribed by cabinet order as those of which the handling requires special care so as not to cause unfair discrimination, prejudice or other disadvantages to the principal.
The amended Act includes establishment of Personal Information Protection Commission, definition of “individual identification code” and “Special care-required personal information” and use of “Anonymously processed information”.
“Anonymously processed information” can be transferred to a third party without consent of the person. Different from statistical data, it is possible to re-identify the person from the anonymously processed information but such re-identification is prohibited by laws.

Speech by Vice-President Ansip at the EU-Japan Business Roundtable
Firstly, on the data economy – a top priority for Japan as it is for Europe ? and specifically on the free flow of data. This is what gets the data economy moving.
Historically, Europe have made Japan follow their rules to keep their priority position. It would take more time for Japan to get used to new EU rules. Japan must understand there are still many obstacles to realize the free flow of data in EU.
Related Information:
Proposal for an ePrivacy Regulation
Digital Single Market: Commission calls for swift adoption of key proposals and maps out challenges ahead

Finding things: how we’re breaking down the silos on GOV.UK
We started by working to create a single-subject taxonomy. So that all content on GOV.UK could be tagged based on the type of subject it covered, rather than the department it came from.
Taxonomy problem is a big issue also in Japan. Taxonomy concerning government services is not standardized and difficult to understand for citizen. If the government like to realize digital government they have to establish nationwide standard of taxonomy and make every structured data fields have object identifiers. This is fundamental for digital partnership of human and computer.

OECD: ‘Create incentives for reuse of open data’
The Organisation for Economic Co-operation and Development (OECD) is urging Europe’s governments to create incentives for public sector organisations and others to use open data.
“Data-driven eGovernment services” are very important but the use of only open data doesn’t realize innovation of eGovernment service. Secure and reliable data including personal data is critical to maximize the effect of open data.

German parliament approves law enforcing eIDAS
The 2014 eIDAs regulation aims to make it possible for citizens and businesses in the EU to use their national eID solutions to access eGovernment service in other EU Member States.
I doubt that this act will increase the use of eID and reduce cost and paper work. Germany should reset their mindset of service design and user-oriented.

Bulgaria to digitally connect its main registries
Bulgaria wants automatic data exchange between the main public administration’s databases and registers to be realised by the end of next year. Mr Jeliazkov announced the removal of twelve certificates, from the land registry, the commercial register, insurance institute, tax administration and other registers.
It is inevitable to progress automatic data exchange among public administration’s databases and registers if the government want to realize the ‘once only principle’. Many EU countries will follow the approach of government digitizaion in Estonia.

SoK: Cryptographically protected database search
Survey paper (Systematization of Knowledge, SoK) reviewing the current state of protected database search (encrypted databases).
Electronic health records in Estonia uses encrypted databases to protect from internal person like database administrator.

Verification and Test Methods for Access Control Policies/Models
NIST Special Publication 800-192
It is morecommon that a system’s privacy and security are compromised due to the misconfiguration of AC policies rather than the failure of cryptographic primitives or protocols.
Playbook for Investment in “Quality ICT Infrastructure”
First Edition July 2017
This playbook seeks to provide the basic concept of “Quality ICT Infrastructure”, useful suggestions, and best practices to develop “Quality ICT Infrastructure” for ICT policy makers, procurement managers, and personnel in charge of ICT infrastructure.