Keywords

1 Introduction

Residents in Japan were notified about the “My number” system on October 2015. The personal information including my number is called “Specific personal information.”

Implementation of the “Specific Personal Information Protection Assessment,” which we also refer to “Protection Assessment” has been required in the appropriate municipal offices to keep certain personal information [1].

Protection assessment is done to prevent infringement of privacy of personal information and ensure the trust and protect the rights of citizens and residents. After protection assessment, each municipality must conduct their risk assessment.

The results of the protection assessment are published as an “Assessment report.” However, it has been pointed out that the protection assessment may not have been properly implemented [2].

In this paper, we analyzed the report published by the municipality in the following perspectives: (1) Adequacy of risk items; (2) Re-use of the Assessment report; and (3) Classification of the Assessment model [3].

2 Overview and Issues of Specific Personal Information Protection Assessment

Protection assessment is classified into three aspects of evaluation by the threshold decision: basic items assessment, priority items assessment, and all items assessment. Threshold decision is affected by the number of target people, the number of transactors, and the occurrence or non-occurrence of major accidents of specific personal information.

The case which puts evaluation of all items into effect treats a lot of specific personal information more than other evaluation. Also, since there is a large number of persons handling the information, there is a high risk for leakage of specific personal information and other accidents. Therefore, all item assessment report (From now on referred to as the “Assessment Report”) is necessary to evaluate concrete risk measures in more detail. In this paper, the assessment reports were analyzed in three aspects that have been pointed out by the persons concerned as targeted by the assessment report.

  • Adequacy of the Risk Item

    The protection assessment, which is carried out by a municipality is performed to describe the contents of a risk measure to the risk item indicated on an evaluation document beforehand. However, the risk items are not uniform, and the standards used by municipalities when considering a risk measure are not specified in detail. Therefore, it is likely that there is a difference in the level of the methods and measures to select various things such as the municipality of risk items.

  • Re-use of the Assessment Report

    It is not a big difference that the contents of office work are defined by law in the municipality, except partial for the municipality. Then, it is also conceivable to reuse the contents of the assessment report, which was evaluated previously in the same municipality.

  • Classification of the Assessment Model

    In the office work that handles specific personal information, it is possible to perform an information link via the information provided by the network system. Therefore, the scope of protection assessment of municipality is asked to be evaluated, including the cooperation foundation such as the intermediate server of the relevant office works and the providing information network system, etc.

3 Analysis of Issues

3.1 Adequacy of Risk Items

In the protection assessment, assessment depends on the municipality because there is no procedure manual for risk evaluation. There is a possibility that proper implementation of risk evaluation is difficult because the person who estimates risk does is not specialized as we have also investigated in actual conditions. We target the all item assessment report for analysis because it puts risk analysis into all risk issues comprehensively. The 221 assessment reports exhibited were analyzed on (June 10, 2015) from a specific personal information protection committee. The analysis is the same as office works, which targets the assessment report for the “Office works concerning the Basic Resident Register.” Nine cases were analyzed, which corresponds to about 10 % of the assessment report of the target affairs that has been published at that time (80 cases).

We make a comparison between the assessment standard that we created and the assessment report of the municipality to be analysis target [4]. The result of the comparison is indexed in Table 1 to confirm the excess or deficiency for each corresponding risk item.

Table 1. The category of assessment of the risk response.
Full size table

Table 2 shows the average value of the distribution and all the items of the assessment index for risk correspondence of system in the municipality. The assessment index when not mentioning the risk correspondence indicated by the assessment standard at all, is 1 point.

Table 2. The situation of corresponding to the risk (System).
Full size table

Average values of assessment index of all 49 items were conducted in municipalities is likely not to be applied appropriate assessment when close to 1 point.

Table 3 shows the distribution of the assessment index of the response to the management risk in municipalities and average values of the all item assessment.

Table 3. The situation of corresponding to the risk (Management).
Full size table

3.2 Re-Use of the Assessment Report

The analysis target is personal confirmation information file on an assessment report. The number of characters to which an assessment report and a mentioning point are parallel is counted, and its ratio is calculated [5]. The indexing would make based on Table 4.

Table 4. Concordance assessment index.
Full size table

3.3 Classification of the Assessment Model

In the municipality, the My Number system promotes task collaboration with other government agencies by information cooperation. Information cooperation is performed by the intermediate server and providing information network system to be established. The intermediate server performs information cooperation and dissemination of information in the network system. The scope of the specific personal information protection assessment is expressed in four models, as illustrated in Fig. 1. The bold line frame of Fig. 1 illustrates the extent of the assessment, and the dotted box refers to an original specific personal information file and a duplicate DB. Table 5 shows the model classification of the assessment report of the municipality.

Fig. 1.
figure 1

Assessment Model

Full size image
Table 5. The model classification of the assessment report.
Full size table

  • Model A: The model that assesses relevant office work.

  • Model B: The model that assesses relevant office work from the intermediate server.

  • Model C: The model to assessment, including the intermediate server and information provided network system on relevance office work.

  • Model D: The model to assessment separately the intermediate server which is assessment the information furnished the network system that relevance office work.

Office systems are often packaged products and it is difficult for municipality officials to get familiar with the technical specifications particularly the detailed specifications of the intermediate server and information provided the network system. In addition, the risk in the system and the operation are the causes because of the measures are also fundamentally different, whose risks should be assessed in isolation.

4 Conclusion

We analyzed the implementation of the risk assessment based on published assessment reports as the target because it was pointed out that assessments may not have been adequately implemented. As a result, we came up with a description of risk measures in the system. However, many assessment reports such as system management are missing. Furthermore, the municipality assumed that office work was estimated through a target of evaluation, but when it lacked in knowledge to a system actually, it was revealed that there is a possibility that the system and the files, which were assessment targets were overlooked.