JSO 81004

（ECO ／ An ethics-compliant organization）

We verify whether rules have been established to appropriately store and manage personally identifiable information obtained through business activities, such as names and addresses, and to limit its use to the scope consented to by the individual.

We also verify whether mechanisms are in place to regularly confirm that these rules are being properly followed, and whether these mechanisms are functioning effectively without becoming mere formalities.

Handling of Personal Information

The organization will be evaluated on whether sufficient measures are in place when handling personal information, such as the establishment of rules and procedures for privacy protection based on laws and regulations.

Establishment of Organizational Structure

We evaluate whether policies and procedures concerning privacy protection are understood and adhered to within the organization.

We also assess whether an appropriate management system for privacy protection has been established.

Purpose of Personal Data Collection

We evaluate whether a system is in place to clearly state the purpose of collecting personal information and to obtain prior consent.

We also assess whether a management system is established to prevent the use of collected personal information for purposes other than those specified.

Ensuring Information Security

We evaluate whether access to and modification of personal information are restricted, ensuring information security, and whether measures for preventing and responding to information leaks are appropriately established.