Japan: Issued administrative response in PIPC investigation into NTT Marketing Act ProCX and NTT Business Solutions over data breach

On 11 September 2024, the Personal Information Protection Commission of Japan issued an administrative response in the investigation concerning NTT Marketing Act ProCX and NTT Business Solutions for a data leak under the Personal Information Protection Law. The response concerns a data breach at NTT Marketing Act ProCX, where the personal data of 9.28 million customers was misappropriated between 2013 and 2023 by an ex-employee of NTT Business Solutions. The Commission identified deficiencies in organisational safety management, requiring ProCX to report in February and March 2024 on corrective actions taken to prevent future breaches and clarify investigation inaccuracies. The response highlighted that corrective actions, including employee training, audits, and enhanced data security, have since been implemented, with list brokers now under a one-year compliance monitoring regime.