Results of measures against opinions in the field survey report (FY2012/25)

Last updated on July 30, 2024.

The full text of the field survey report can be found on the report list page.

Results of measures against the opinions of the on-site survey report on personal information handling affairs in FY2012 and FY2013

Overview of the field survey
Survey date	1st: January 24, 2013 2nd: July 25, 2013
Survey target	Yokohama City Sports Center (1 building), Yokohama City District Center (1 building), Yokohama City Community Care Plaza (2 building)
Jurisdiction Division	Policy Bureau Co-creation Promotion Section, Regional Promotion Division Health and Welfare Division Ward, Health and Social Welfare Bureau Regional Support Section, Elderly Home Support Section

Implementation (improvement opinion) of detailed certification in city common system
Meaning See	Regarding the "citizen use facility reservation system", which has been operating before the introduction of the designated manager system, each sports center was given only one certification ID. In order to prevent the leakage of personal information, it is necessary to manage the authentication ID separately for each facility manager and staff, so that the log can be confirmed by who is accessing it later.
Measures Results	About "citizen use reservation system", we performed system update in January, 2014 and issued identification and password for authorization every staff using system and made it the situation that we could confirm log. In addition, in the case of departure due to a window or telephone response during the operation of the system, the system is automatically logged out after 30 minutes have passed since the system operation, and you cannot log in without entering the authentication ID and password again. At the same time, the application documents (paper) that were confirmed and accepted at the facility window will be submitted directly by the user to the Citizen Use Facility Reservation System Service Center, and the facility will provide application documents (paper) with personal information. We did not handle or store it.

Confirmation of whereabouts of personal information (improvement opinion)
Opinion	Regarding the information on registration and use applications related to the use of the rental building, measures were taken such as putting it in a locked library, but books with personal information such as business diary and application for reduction of taxes, especially information in independent business The applicant list, etc., seemed to be not sufficiently treated as personal information, such as being kept in a locked library. The management status is likely to vary depending on the facility, but we will grasp which documents contain personal information, promote measures such as storing it in a locked library, and share information on the management status of personal information among staff. I want to try to do it.
Results of the Measures	In facility jurisdiction section of district center, we explain "field investigation report about personal information handling office work" in chief meeting (March, 2014) of all wards in charge of concrete duties, and district center We alert designated manager about the following matter. At the same time, we will inform you that each district center is properly handling personal information at the time of business inspection. 1 Thoroughly and confirm with the staff in the district center to protect and handle personal information properly. 2 Inspect the documents in the district center and check which documents contain personal information. 3 Documents containing personal information must be kept in a locked library.

Introduction of key usage management book (improvement opinion)
Opinion	Regarding the management of stored documents containing personal information outside the office, consideration was given to storing them in a locked library, but it was unclear when and who used the keys. Was. In view of the fact that it is a business that holds a large amount of highly confidential information, we would like to improve it so that contact records with personal information, such as creating and utilizing a usage record book.
Results of the Measures	Based on the importance of keeping a record of contact with highly confidential personal information, it is necessary to create a key use record book for archives of documents containing personal information outside the office to the community care plaza at the beginning of each fiscal year. In addition to the personal information handling check sheet distributed, we will alert you.

Improving the use of copy machines and fax machines (improvement opinion)
Opinion	Copiers and fax machines are usually installed in the office, and many facilities are physically isolated from users. At one facility, the office was small, so a copy and fax machine was placed outside the office. As a countermeasure, it was placed inside the manned reception counter to secure a distance from the user and to arrange personal information for the contents sent by fax so that it could be masked. For facilities that have to be arranged like this, consideration should be given to ensuring safety, such as by devising so that users cannot come into contact with the copy / fax machine.
Results of the Measures	Facilities that have copiers and fax machines installed outside the office or in places where external users can see will alert you to prevent contact with users. Regarding the actual facility environment, we will check the situation on-site in audits from next fiscal year onwards, and devise individual response methods while taking into account physical space.

Common (improvement opinion) of designated manager
(a) Formulation of materials for shelf life of documents
(b) Proper management of personal computers and passwords
(c) Optimizing the management of external hard disks
(d) Improvement of location of personal information

Common (improvement opinion) of designated manager
Opinion	(a) Formulation of materials for shelf life of documents It is necessary to set a storage period for materials containing personal information from the viewpoint of proper management, and to ensure that they are discarded after the expiration date. Depending on the facilities, there were situations where the storage period was set by corporations, but some facilities were not specified. For undeveloped facilities, we would like to share information among staff after maintenance, and improve them so that they do not have unnecessary personal information. (b) Proper management of personal computers and passwords It is necessary for each staff member to properly manage access authentication to systems and personal computers in order to reduce the risk of leakage of personal information. On the other hand, depending on the facility, there were situations where the passwords of the PC inside the facility were all the same, or there were computers that were not locked. In addition, some facilities were unable to confirm the timing and lender of the system password on paper only because the administrator knew it by memory. While it seems that it is necessary for the administrator to know the password so that it can respond to the situation such as staff vacations, lock the personal computer while trying to ensure that only the minimum necessary staff access is provided. I want to improve security for thorough and password management. (c) Optimizing the management of external hard disks At a certain facility, personal information processed by data was stored on an external hard disk, and when used, it was connected to each PC and used. Although it is easy to carry and convenient, there were no anti-theft security wires installed on the hard disk, and there were challenges in safety management. In order to prevent theft, please take security measures so that it cannot be physically taken out. (d) Improvement of location of personal information Overall, consideration was given to the location of personal information, such as putting it in a locked library. On the other hand, there were also situations where files containing personal information such as application receipts were placed on the counter or at a very close distance from the counter. Files containing personal information should be placed in a position that cannot be seen by the user, and consideration should be given to the fact that the staff may leave the seat while responding to the user, so that it should be placed in a position that cannot be reached immediately by the user I want to be careful.
Results of the Measures	In the name of the Director of the Policy Bureau and the Director of the Citizens' Bureau (General Personal Information Protection Manager), to each ward bureau general manager (Personal Information Protection Manager), "Thorough handling of personal information by designated managers (Notification)" Was notified on March 3, 2014, and the items pointed out and evaluated in the field survey were disseminated, and alerts were issued to ensure proper handling. (Policy Bureau Civic Affairs Bureau) Going forward, we will continue to work to raise awareness of personal information protection through training opportunities and other means. The Policy Bureau Co-Creation Promotion Section≫ We carried out enlightenment to designated manager and facility jurisdiction section to raise awareness about personal information in designated manager. 1.Notification In the name of the Director of the Policy Bureau and the Director of the Citizens' Bureau (General Personal Information Protection Manager), to each ward bureau general manager (Personal Information Protection Manager), "Thorough handling of personal information by designated managers (Notification)" (March 3, 2014), disseminated the points pointed out and evaluation items of the field survey, and alerted them to ensure proper handling. 2.Training for designated managers and staff From 2014, we will reflect the opinions of on-site surveys in personal information protection training materials for staff, such as each affiliation training, and disseminate them to promote personal information protection in designated managers. ≪As mentioned above, Civic Affairs Bureau Citizen Information Division≫

Maintenance and inspection of access log records (proposal items)
Opinion	Regarding user information, when using the system, it was certified and managed for each staff member. However, it was unclear whether there was a log record of the output to the printer. As described in 2 (3) F, the information managed by the Community Care Plaza deals with information that is highly confidential for users, and it also has a deterrent effect, so if it is possible for the function of the equipment, Please consider keeping an access log record.
Results of the Measures	Keeping an access log record in addition to the personal information handling check sheet distributed to the community care plaza at the beginning of each fiscal year, alerting prevents highly confidential information from leaking to the outside.

Multiple confirmation of carry-out records (proposal items)
Opinion	At Community Care Plaza, there are many opportunities to take personal information out of the facility, such as visiting user's homes and sending documents by mail. In general, there is a high probability of leakage accidents when taking out personal information, so the risk of accidents is also high. Regarding taking out personal information, efforts were made to reduce the risk by creating a take-out confirmation book and conducting multiple checks. However, in order to further reduce the risk of leakage accidents, it is advisable to provide guidance if it is judged that the necessity of taking out and whether the material is actually taken out to a minimum, and the handling is not appropriate. If it takes a lot of time and effort, the work will be hindered, so please consider measures to reduce risks without impairing efficiency.
Results of the Measures	In order to further reduce the risk of leakage accidents when taking personal information out of the facility, managers, etc. regularly check the collection of personal information to the community care plaza at the beginning of each fiscal year In addition to the personal information handling check sheet, we alert you.

Safe and reliable handover of personal information when the designated manager is changed (proposal items)
Opinion	Regarding the system handling personal information, at the facilities surveyed this time, when the city is introduced and used in common, such as sports centers, and corporations have independently introduced and used such as district centers and community care plazas There was a case. In particular, when introducing or using a unique system, there is an advantage that the designated corporation can use ingenuity to improve services, but personal information data will be leaked when the designated manager is replaced. Please consider reflecting it in the contents of guidelines etc. so that there is no such thing, etc. so that it is not possible to carry out appropriate handover work. In addition, as it was thought that there was a possibility that it could become an issue in the future through this field survey, when the designated manager was changed, the necessity and method of taking over the independently introduced business system It may be necessary to consider for smooth business transition. About this contents, we want to refer to future operation in jurisdiction section as future problem.
Results of the Measures	If the designated manager is changed, ensure that there is no leakage when taking over personal information, and properly discard unnecessary personal information. We reflected in "Yokohama-shi designated manager system operation guidelines" about thorough handover of personal information. In the future, we will thoroughly implement this content to the responsible section and designated manager through opportunities such as training.

Further foster awareness of personal information (proposal opinion)
Opinion	The facilities surveyed this time have a high awareness of personal information protection and would like to evaluate them. On the other hand, some facilities were not very conscious, probably because there were no leaks. It is unavoidable that there will be some differences depending on the importance of confidentiality of the personal information handled, but in view of the situation operated by a wide variety of corporations, training opportunities to prevent leakage of personal information We want to promote approach of personal information protection of designated manager sequentially including enlightenment about point that we pointed out this time by grasping.
Results of the Measures	About personal information handling duties that designated manager performs, it is targeted for application of the regulations about Yokohama-shi personal information protection and must take necessary measures for appropriate management of personal information until now We are raising awareness on opportunities such as training for designated managers. (Policy Bureau) In addition, under the name of the Director-General of the Policy Bureau and the Director-General of the Civil Affairs Bureau (General Manager of the Protection of Personal Information), the General Manager of each ward bureau, etc. (Personal Information Protection Manager) was notified on March 3, 2014, and the items pointed out and evaluated in the field survey were disseminated to ensure proper handling. (Policy Bureau and Civic Affairs Bureau) Going forward, we will continue to raise awareness of the protection of personal information through training opportunities and other means. The Policy Bureau Co-Creation Promotion Section≫ We carried out enlightenment to designated manager and facility jurisdiction section to raise awareness about personal information in designated manager. 1.In the name of the Director of the Notification Policy Bureau and the Director of the Citizens' Bureau (General Personal Information Protection Manager), to each ward bureau general manager (Personal Information Protection Manager), "Thorough handling of personal information by designated managers (Notification) ) "(March 3, 2014), disseminated the points pointed out and evaluation items of the field survey, and alerted them to ensure proper handling. 2.Training for designated managers and staff From 2014, we will reflect the opinions of on-site surveys in personal information protection training materials for staff, such as each affiliation training, and disseminate them to promote personal information protection in designated managers. In addition, in fiscal 2013, instructors were dispatched to multiple personal information protection trainings hosted by designated manager organizations to disseminate the importance of personal information protection in designated management tasks. ≪As mentioned above, Civic Affairs Bureau Citizen Information Division≫

Return to the top of Yokohama City

Inquiries to this page

Civic Affairs Bureau Citizen Information Room Citizen Information Division

Phone: 045-671-3883

Fax: 045-664-7201

E-Mail address [email protected]

List of related pages Open the menu of related page list

Return to the previous page

Page ID: 147-714-070