1. Compliance with relevant laws
The university shall comply with relevant laws. These include the Act on the Protection of Personal Information and the guidelines issued by the government on the measures to be taken by educational providers to ensure the appropriate handling of student and other personal information by schools.
Furthermore, with regard to the handling of identification numbers and other specific personal information, the university shall comply with its own general and specific policies on the handling of such information with regard to employment at the university as well as the law on the use of identifying numbers in administrative procedures and the guidelines (for businesses) on the appropriate handling of specific personal information.
2. Collection and use of personal information
When collecting personal information, the purpose of collection shall be made clear and the collection and use of the information shall be limited to that needed to achieve this purpose and done in a manner that is appropriate and equitable.
3. Management of personal information
The university shall strive to maintain the accuracy of the information it holds. Furthermore, the information shall be strictly managed using appropriate measures to prevent its loss, alteration, destruction, falsification, or leaking.
4. Outsourcing of tasks that utilize personal information held by the university
When tasks that utilize personal information held by the university are outsourced, the contract with the outsourcing provider shall include provisions for the strict management of this information to prevent its loss or use for other than the intended purpose.
5. Supply of personal information to third parties
Personal information held by the university shall not be supplied to third parties without the consent in advance of the person concerned, except in cases where the need for consent is waived by law or the supply of information is needed to protect against death, injury, or damage to property.
6. Disclosure, correction, deletion, and complaints about personal information
In the event of a person making a complaint regarding personal information about them that is held by the university, or requesting its disclosure, correction, or deletion, the matter shall be handled appropriately by means of the required procedures subject to verification of the person’s identity.
7. In-house arrangements for dealing with personal information
The university shall strive to protect personal information by appointing a person with overall responsibility for personal information, creating a committee for personal information protection, and establishing an independent arrangement for supervision.