Information Security and Personal Information Protection

Information Security and Personal Information Protection Initiatives

The Yamaha Group is committed to appropriately managing and protecting all of the information assets in its possession or with which it is entrusted. To this end, strict compliance is practiced with regard to relevant information security personal information-related regulations; the Group IT Policies & Rules, which delineate basic policies and rules pertaining to IT management at the Yamaha Group; the Privacy Policy; and the Group Personal Data Protection Policies & Rules. The advancement of information and communications technology is increasing the risk of information leakage and damage. Nevertheless, the Group is committed to combating potential risks and ensuring the utmost levels of information security and personal information protection.

Promotion System

The Yamaha Group perceives information security and personal information protection as a critical aspect of risk management and has established the Working Group for Information Security, which is chaired by an operating officer, under the Risk Management Committee, an advisory body to the president. In accordance with the Group IT Policies & Rules and the Group Personal Data Protection Policies & Rules, the status of compliance with information asset and personal information protection regulations is monitored, reports on incidents are compiled, and potential work improvement measures are examined. In addition, the Group appoints individuals responsible for supervising information security and the handling of personal information on a Groupwide basis, and individuals responsible for managing these tasks are named on a by-division basis. The Group has also established a system to respond quickly during incidents such as information leaks.

Training and Education

The Group IT Policies & Rules call for the provision of safe and secure IT platforms and stipulate that users of said platforms should be educated to ensure the safe and efficient use of IT.

We are strengthening efforts to enhance and round out awareness of employees through training and education for, and audits of, divisions handling information assets and personal information. We also provide information security training for standard employees that covers topics such as information asset protection and information leak prevention.

In 2020, we launched an information security e-learning program, which is now provided to all Yamaha Group employees worldwide. This program is regularly implemented to provide knowledge on information security threats, most notably email scams and virus attacks, and information on response methods toward these threats.

In February 2023, a response drill simulating an attack via targeted emails was held for approximately 8,000 officers and employees at domestic Yamaha Group companies. Targeted emails are a form of cyberattack in which a specific organization is targeted with emails designed to extract confidential information, intellectual properties, or account or other information. In the drill, simulated targeted emails were sent to employees without prior warning. Afterward, the opportunity was used to reflect on how each individual responded and to learn about the proper methods for responding to suspicious emails or emails from unknown senders.

In addition, follow-up e-learning programs on the protection of personal information were arranged for individuals involved in the handling of such information in order to entrench management and usage practices that are compliant with the revision to the Act on the Protection of Personal Information instituted in April 2022.

Approach Toward Information Security and Personal Information Protection

Personal Information Customer Service Organization and Responses

Based on the relevant laws and regulations, the Yamaha Group has set up a service organization regarding the personal information collected from its customers. The Group will respond to requests from customers or their proxies to disclose, change, delete, or stop usage of customer personal data held by the Group.

Customer Information Management Initiatives

The Yamaha Group manages personal information on a practical level out of consideration of information security based on the Group IT Management Standards, which detail policies regarding IT management of personal information. Personal information is stored in a system with an auto-encryption feature. In the unlikely case of an information leak, the system is structured so that only authorized personnel can view or use the personal information for an added degree of security. There were no major incidents concerning the management of personal information in fiscal 2023.