Japan: Issued Administrative Response and Recommendations in Investigation into NTT Marketing Act ProCX and NTT Business Solutions Corporation regarding a data leakage

On 24 January 2024, the Personal Information Protection Committee (PIPC) issued recommendations after investigating NTT Marketing Act ProCX and NTT Business Solutions Corporation (ProCX) for a data leak under the Personal Information Protection Law. ProCX, handling call centre services, experienced a data leak involving 9.28 million individuals due to an employee at NTT Business Solutions Corporation (BS). Both companies conducted an investigation, but it was deemed insufficient by the PIPC. ProCX and BS haven't clarified reasons for the inadequate investigation and have organizational shortcomings in understanding personal data handling. Recommendations, as per Article 148, paragraph 1, require the adoption of measures to correct the violation. Both companies must submit relevant materials by 29 February 2024 and confirm their implementation to prevent recurrence.