Default banner

Japan’s My Number Data Security Compliance

Thales can help organizations comply with data security regulations governing storage and use of Japan’s My Number data

Japan My Number Compliance


Thales can help organizations comply with data security regulations governing storage and use of Japan’s My Number data. These compliance regulations include prevention of data leakage, loss or damage; supervision of employees handling the data; and supervision of third parties entrusted with the data.


  • Regulation
  • Compliance

Regulation Summary

The data security requirements for businesses handling data associated with an individual’s Japanese “My Number” are governed primarily by Japan’s “Personal Information Protection Act (PIPA).”

These include:

  • Taking necessary and proper measures for the prevention of leakage, loss, or damage, and for other security control of personal data
  • Exercising necessary and appropriate supervision over the employees handling the data to ensure the security control of the personal data
  • Exercising necessary and appropriate supervision over any persons of organizations entrusted with the data to ensure the security control of the entrusted personal data

Vormetric Transparent Encryption

The gold standard for preventing leakage or loss of data is transparent encryption with integrated key management. Thales adds data access controls and security intelligence to create a robust data security solution to help organizations collecting and using My Data information meet PIPA regulations.

Encryption and Key Management is critical to safeguarding data, because it ensures that if the data is breached it will be meaningless and worthless to those who retrieve it. Encryption key management’s role is essential, because if the cybercriminal has the keys, he or she has access to data in the clear. So best practice is for the organization that owns the data to maintain control of the keys. For example, if the data owner uses a cloud service provider, the data owner should retain within its own organization control of the keys. Best practice is also for the data-owning organization to encrypt the data before sending it to the cloud.

Vormetric’s Transparent Encryption with Integrated Key Management from Thales provides strong, centrally managed, file, volume and application encryption combined with simple, centralized key management that is transparent to processes, applications and users.

Vormetric Tokenization with Dynamic Masking

The Vormetric Token Server (VTS) from Thales is a VM download that can be deployed as a virtual appliance. It provides application-layer tokenization that uses APIs to allow communication between the application and the tokenization server. An example use case could be for protecting a credit card or driver's license number in an application running on a Web server. When the sensitive data is entered, the app will send the number to the tokenization server via a REST API. The token server creates a 'token' that replaces the original data, which is then encrypted and placed in a token vault to provide an additional layer of security. The token is then returned to the app server in place of the original credit card number or driver's license. VTS also includes dynamic data masking, which can tie in with AD or LDAP directories and serve data as clear text or partial clear text based on the user's role.

Security Intelligence

Security Intelligence is essential to knowing if the system is working and is, again, an expected best practice.

Vormetric’s Security Intelligence offering provides logs that capture access attempts to protected data, providing high value security intelligence information that can be used with a Security Information and Event Management (SIEM) solution and for threat identification and data security compliance reporting.

Other key data protection and security regulations


Active Now

Perhaps the most comprehensive data privacy standard to date, GDPR affects any organisation that processes the personal data of EU citizens - regardless of where the organisation is headquartered.


Active Now

Any organisation that plays a role in processing credit and debit card payments must comply with the strict PCI DSS compliance requirements for the processing, storage and transmission of account data.

Data Breach Notification Laws

Active Now

Data breach notification requirements following loss of personal information have been enacted by nations around the globe. They vary by jurisdiction but almost universally include a “safe harbour” clause.