ASIA PACIFIC | ALL INDUSTRIES
Act on the Protection of Personal Information (Japan)
The Act on the Protection of Personal Information (APPI) is a data protection law administered and enforced by the Personal Information Protection Commission (PPC) in Japan. APPI describes the key obligations that organizations that handle personal identifiable information (PII) have to the individuals whose PII they handle. The guidelines include security measures broken out into four categories; organizational measures, personnel controls, physical security controls, and technical controls.
Google Cloud has produced a whitepaper that examines APPI from the perspective of adopting Google Cloud services. It addresses roles and responsibilities under the shared responsibility model and shows how Google Cloud can provide a secure foundation for workloads that store and process PII. The whitepaper also provides information on how Google Cloud products and services can help customers meet the recommended security measures of the PPC Guidelines.
Related Regulations
Learn more about privacy regulations and guidelines in Japan.
My Number Act
Learn more about the My Number Act The Japanese government issues a unique number to every
resident of Japan. This number is protected by the My
Number Act and as personal identifiable information the
Act for the Protection of Personal Information is also
relevant. The Personal Information Protection Commission
(PPC), which acts as Japan’s data protection authority,
provides guidance on compliance with both of these acts.
The responsibility to protect “My Number” and other
personal identifiable information collected by our
customers lies with our customers. As part of their due
diligence, customers may choose to review the
information provided here and other relevant
information, including our ISO 27001, ISO 27017, and ISO
27018 certifications. These international certifications
relate to practices to protect information in Google
Cloud.