Ritsumeikan Trust Personal Information Protection Regulations

 This English document is a reference translation of the Japanese version of Ritsumeikan Trust Personal Information Protection Regulations (Gakkō Hōjin Ritsumeikan Kojin Johō Hogo Kitei). The official text of the Regulations is the Japanese version. If there are any contradictions between the Japanese version and this reference translation, the former shall prevail.

April 13, 2005 Rule No. 637

Article 1: Purpose
The purpose of these Regulations is to protect individual rights and interests while taking consideration of the usefulness of personal information by setting down necessary matters regarding personal information handled by the Ritsumeikan Trust (hereinafter called "Trust") and schools established by the Trust.

Article 2: Definitions
The following terms as used herein have the following meanings, respectively:
(1) Personal Information
(i) Information about a living individual containing a name, date of birth, or other descriptions etc. (meaning any and all matters (excluding an individual identification code) stated, recorded or otherwise expressed using voice, movement or other methods in a document, drawing or electromagnetic record (meaning a record kept in an electromagnetic form (meaning an electronic, magnetic or other form that cannot be recognized by human senses)); the same shall apply in Article 9-3, Paragraph 2); hereinafter the same) whereby a specific individual can be identified (including details which can be readily collated with other information and thereby identify a specific individual).
(ii) Information containing an individual identification code.
(2) Individual Identification Code
Codes prescribed in Article 1 of the Cabinet Order to Enforce the Act on the Protection of Personal Information (hereinafter called “Cabinet Order”) which are any character, letter, number, symbol or other codes falling under any of each of the following items:
(i) Codes able to identify a specific individual that are a character, letter, number, symbol or other codes into which a bodily partial feature of the specific individual has been converted in order to be provided for use by computers
(ii) Character, letter, number, symbol or other codes which are assigned in regard to the use of services provided to an individual or to the purchase of goods sold to an individual, or which are stated or electromagnetically recorded in a card or other document issued to an individual so as to be able to identify a specific user or purchaser, or recipient of issuance by having made the codes differently assigned or, stated or recoded for the user or purchaser, or recipient of issuance
(3) Special Care-Required Personal Information
Personal Information comprising a principal's race, creed, social status, medical history, criminal record, fact of having suffered damage by a crime, or other descriptions etc. prescribed by Article 2 of the Cabinet Order as those for which handling requires special care so as not to cause unfair discrimination, prejudice or other disadvantages to the principal
(4) Personal Information Database, etc.
Databases set forth in the following which are a collective body of information comprising personal information (excluding those prescribed by Article 3, Paragraph 1 of the Cabinet Order as having little possibility of harming an individual's rights considering their utilization method).
(i) Databases systematically organized so as to be able to search for particular Personal Information using a computer
(ii) Besides databases set forth in the preceding item, databases prescribed by Article 3, Paragraph 2 of the Cabinet Order as having been systematically organized so as to be able to easily search for particular Personal Information
(5) Personal Data
Personal information constituting Personal Information Database, etc.
(6) Retained Personal Data
Personal Data which the Trust has the authority to disclose, correct, add or delete the contents of, cease the utilization of, erase, and cease the third-party provision of, and which shall be neither data prescribed by Article 4 of the Cabinet Order as likely to harm the public or other interests if their presence or absence is made known nor data set to be deleted within six months acquisition.
(7) Principal
A specific individual identifiable by Personal Information.
(8) Students, etc.
Pupils and students enrolled at a school established by the Trust at present or in the past.
(9) Faculty and Staff, etc.
Officers of the Trust and persons employed by the Trust at present or in the past, and Students and temporary workers, etc. engaged in Business under the directions of faculty and staff.
(10) Business
The education and research activities of the Trust and the Business as set forth in Articles 4, 5 and 6 of the Detailed Regulations on the Enforcement of the Bylaws of the Ritsumeikan Trust.
(11) Divisions/Offices
Organizations such as Divisions and Offices as set forth in the Bylaws of the Ritsumeikan Trust and the Detailed Regulations on the Enforcement of the Bylaws of the Ritsumeikan Trust.

Article 3: Responsibilities
1. The Trust must recognize the importance of Personal Information of Students, etc. and Faculty and Staff, etc., and take necessary measures for proper handling of Personal Information based on the recognition that it should be handled cautiously under the principle of respecting the personalities of individuals.
2. In case of obtaining and using Personal Information or providing the same for a third party, Faculty and Staff, etc. must comply with these Regulations.
3. Faculty and Staff, etc. must not leak Personal Information obtained through the Business to others for any other purpose than the Business.
4. Faculty and Staff, etc. must not use Personal Information Database, etc. improperly.

Article 4: Establishment of Personal Information Protection Committee
1. To attain the purpose of these Regulations, the Ritsumeikan Trust Personal Information Protection Committee (hereinafter called "Committee") will be established under the Executive Board of Trustees.
2. The Committee must report to the Executive Board of Trustees promptly its decisions regarding the matters set forth in Paragraph 1, Article 5.
3. Matters regarding the operation of the Committee will be determined by the Committee.
4. The Office of General Affairs within the Division of General Affairs will administer the running of the Committee.

Article 5: Authority of Committee
1. The functions of the Committee will be as follows:
(1) Deliberation and decision of important matters regarding protection of Personal Information;
(2) Establishment, revision, and abolition of detailed regulations required for the enforcement of these Regulations;
(3) To grasp the situation surrounding the handling of Personal Information handled by the Trust and the schools established by the Trust; and
(4) Any other matters deemed necessary by the Committee.
2. In case a school established by the Trust establishes a committee related to the protection of Personal Information (hereinafter called "Committee of Each School"), the authority held by the Ritsumeikan Trust Personal Information Protection Committee regarding the handling of the Personal Information on the Students, etc. and Faculty and Staff, etc. of the relevant school may be delegated to the Committee of Each School.

Article 6: Constitution of Committee
1. The Committee shall be composed of the following members:
(1) Chair: Personal Information General Administrator
(2) Committee member:
Personal Information School Administrator
Dean, Division of Academic Affairs, Ritsumeikan University
Dean, Division of Academic Affairs, Ritsumeikan Asia Pacific University
Dean, Division of Student Affairs, Ritsumeikan University
Dean, Division of Student Affairs, Ritsumeikan Asia Pacific University
Dean, Division of Integrated Primary and Secondary Education, Ritsumeikan University
Executive Director, Office of Legal Compliance
Managing Director, Division of Human Resources
Managing Director, Division of Academic Affairs, Ritsumeikan University
Managing Director, Division of Information Technology Services
Several other persons appointed by the Chair
2. The Committee may, when deemed necessary, cause persons other than the Committee members to attend a meeting to ask for their opinions.

Article 7-1: Establishment of Personal Information Administrators
To attain the purpose of these Regulations, the following Personal Information Administrators will be established:
(1) Personal Information General Administrator
(2) Personal Information School Administrator
(3) Personal Information Handling Administrator

Article 7-2: Personal Information General Administrator
1. The Personal Information General Administrator will be assumed by the Executive Trustee for General Affairs.
2. The Personal Information General Administrator will have authority and responsibilities for the protection of Personal Information of the Trust and supervise any and all Business regarding the protection of Personal Information at the Trust.
3. The Personal Information General Administrator may appoint a Deputy Personal Information General Administrator to assist with the Personal Information General Administrator’s duties and to act on behalf of the Personal Information General Administrator when the Personal Information General Administrator is absent.

Article 7-3 (deleted)

Article 7-4: Personal Information School Administrator
1. The Personal Information School Administrator of the Trust and Ritsumeikan University will be assumed by the Managing Director, Division of General Affairs; while that of Ritsumeikan Asia Pacific University will be assumed by the Director-General, Ritsumeikan Asia Pacific University; and that of an affiliated school will be assumed by the principal of that school.
2. A Personal Information School Administrator will administer the following Business:
(1) necessary measures to prevent Personal Information leaks, loss, or damage and other Personal Information security control actions;
(2) education and training for Faculty and Staff, etc. that handle Personal Data; and
(3) appropriate treatment of requests to disclose or correct, etc. Retained Personal Data.
3. A Personal Information School Administrator may appoint a Deputy Personal Information School Administrator to assist with the Personal Information School Administrator’s duties and to act on behalf of the Personal Information School Administrator when the Personal Information School Administrator is absent.

Article 7-5 (deleted)

Article 7-6: Personal Information Handling Administrator
1. The Personal Information Handling Administrator will be assumed by the respective Administrative Manager.
2. The Personal Information Handling Administrator will establish the procedures regarding the Personal Information in the Business under its charge, make such procedures well known to its Faculty and Staff, etc., and give directions and make confirmation regarding the proper handling of Personal Information.

Article 7-7: Control of Personal Information in Class Management, etc. of Universities and Affiliated Schools
Notwithstanding the provisions of the preceding Article, in case it is required for materials, reports, papers, and theses related to class management and the execution of any other education activities in universities and affiliated schools, the person in charge of each class will be deemed to be the administrator of the Personal Information retained by such teacher. In such case, the relevant teacher must handle the Personal Information appropriately in accordance with the prescribed control method, etc. for Personal Information.

Article 7-8: Specifying a Purpose of Use
1. The Trust must, in handling Personal Information, specify the purpose of utilizing the Personal Information (hereafter “Purpose of Use”) as explicitly as possible.
2. The Trust shall, in case of altering a Purpose of Use, not do so beyond the scope recognized as being reasonably relevant to the pre-altered Purpose of Use.

Article 7-9: Restrictions Due to a Purpose of Use
1. The Trust shall not handle Personal Information without obtaining in advance a Principal's consent beyond the necessary scope to achieve a Purpose of Use specified pursuant to the provisions under the preceding Article.
2. The Trust shall, in case of having acquired Personal Information accompanied with succeeding a business from another personal information handling business operator because of a merger or other reason, not handle the Personal Information without obtaining in advance a Principal's consent beyond the necessary scope to achieve the pre-succession Purpose of Use of the said Personal Information.
3. The provisions under the preceding two paragraphs shall not apply to those cases set forth in the following:
(1) cases based on laws and regulations;
(2) cases in which there is a need to protect a human life, body or fortune, and when it is difficult to obtain a Principal's consent;
(3) cases in which there is a special need to enhance public hygiene or promote fostering healthy children, and when it is difficult to obtain a Principal's consent;
(4) cases in which there is a need to cooperate in regard to a central government organization or a local government, or a person entrusted by them performing affairs prescribed by laws and regulations, and when there is a possibility that obtaining a Principal's consent would interfere with the performance of the affairs.
4. The Personal Information acquired for the purpose of conducting an entrance examination or a faculty recruitment assessment at a school established by the Trust will be handled within the scope of use for such purpose or for use in investigations or statistics, etc.

Article 8: Proper Acquisition
1. The Trust shall not acquire Personal Information by deceit or other improper means.
2. The Trust shall, except in those cases set forth in the following, not acquire Special Care-Required Personal Information without obtaining in advance a Principal's consent:
(1) cases based on laws and regulations;
(2) cases in which there is a need to protect a human life, body or fortune, and when it is difficult to obtain a Principal's consent;
(3) cases in which there is a special need to enhance public hygiene or promote fostering healthy children, and when it is difficult to obtain a Principal's consent;
(4) cases in which there is a need to cooperate in regard to a central government organization or a local government, or a person entrusted by them performing affairs prescribed by laws and regulations, and when there is a possibility that obtaining a Principal's consent would interfere with the performance of the affairs;
(5) cases in which the Special Care-Required Personal Information is being open to the public by a Principal, a government organization, a local government, or a foreign government, etc.;
(6) other cases prescribed by Article 7 of the Cabinet Order as equivalent to those cases set forth in each preceding item.

Article 9-1 (deleted)

Article 9-2 (deleted)

Article 9-3: Notification of Purpose of Use when Acquiring
1. The Trust must, in case of having acquired Personal Information except in cases where a Purpose of Use has been disclosed in advance to the public, promptly inform a Principal of, or disclose to the public, the Purpose of Use.
2. The Trust must, notwithstanding the provisions under the preceding Paragraph, in cases where it acquires, accompanied by concluding an agreement with a Principal, the Principal's Personal Information stated in a written agreement or other document (including an electromagnetic record; hereinafter the same in this paragraph) or other similar cases where it acquires, directly from a Principal, his or her Personal Information stated in a written document, state a Purpose of Use explicitly to the Principal; provided, however that this shall not apply in cases where there is an urgent need to protect a human life, body or fortune.
3. The Trust must, in case of altering a Purpose of Use, inform a Principal of, or disclose to the public, a post-altered Purpose of Use.
4. The provisions under the preceding three paragraphs shall not apply to those cases set forth in the following:
(1) cases in which there is a possibility that informing a Principal of, or disclosing to the public, a Purpose of Use would harm a Principal or third party's life, body, fortune or other rights and interests;
(2) cases in which there is a possibility that informing a Principal of, or disclosing to the public, a Purpose of Use would harm the rights or legitimate interests of the Trust;
(3) cases in which there is a need to cooperate in regard to a central government organization or a local government performing affairs prescribed by laws and regulations, and when there is a possibility that informing a Principal of, or disclosing to the public, a Purpose of Use would interfere with the performance of the affairs;
(4) cases in which it can be recognized, judging from the acquisitional circumstances, that a Purpose of Use is clear.

Article 9-4: Proper Control of Personal Data
The Personal Information School Administrator must take appropriate measures for ensuring the security and accuracy of Personal Data regarding the following matters:
(1) to prevent falsification, leak, or loss of, or damage to Personal Data;
(2) to keep Personal Data accurate and updated within the scope required to attain the purpose of use;
(3) to establish means to check the status of handling of Personal Data; and
(4) to destroy or delete information promptly which does not need to be maintained any longer.

Article 9-5: Restricted Taking Out and Copying of Personal Information
1. Faculty and Staff, etc. shall not take out Personal Information from schools; provided, however, that this shall not apply in the following cases:
(1) cases where the Personal Information Handling Administrator gives permission;
(2) cases where the Business using Personal Information is outsourced to an external contractor having agreed on matters required for the protection of Personal Information;
2. In the case of item (1) of the preceding Paragraph, the persons handling Personal Information must take measures necessary and sufficient to prevent external leaks of such information.
3. Faculty and Staff, etc. shall not copying Personal Information without the permission of the Personal Information Handling Administrator.

Article 9-6: Measures When Leaks, etc. Occur
1. Faculty and Staff, etc. must, when Personal Information is leaked, lost, damaged or falsified (hereinafter called “Leaks, etc.”) or when such a situation is suspected, inform the relevant Personal Information School Administrator promptly of such fact.
2. The Personal Information School Administrator must, when there are reports that Leaks, etc. have occurred or are suspected of having occurred, promptly investigate the facts and report the facts to the Personal Information General Administrator.
3. The Personal Information General Administrator who receives the report provided for in the preceding Paragraph must promptly take necessary measures and report the details of the measures to the Committee.

Article 9-7: Supervision over a Contractor
1. The Personal Information Handling Administrator must, in case of outsourcing the whole or any part of the Business of processing Personal Data, exercise necessary and appropriate supervision over the outsourcee to ensure the security of the outsourced Personal Data.
2. The Personal Information Handling Administrator must, in concluding an outsourcing agreement with the outsourcee, set forth in the agreement matters stated each of the following items:
(1) matters concerning the confidentiality of Personal Data;
(2) matters concerning the prohibition of the utilization of Personal Data other than for the intended purpose and provision to a third party;
(3) matters concerning the prohibition of re-outsourcing and confidentiality, etc. of Personal Information when re-outsourcing;
(4) matters concerning the prohibition of Personal Data processing, use, copying, and reproducing in excess of the extent absolutely essential;
(5) matters concerning the return and destruction of Personal Data after the completion of outsourcing agreements;
(6) matters concerning the supervision and training of employees;
(7) matters concerning the duty to report when accidents occur; and
(8) matters concerning the duty to compensate.
3. The Personal Information Handling Administrator shall inform the Personal Information School Administrator as appropriate of an outline of agreements concluded.

Article 10: Restricted Third Party Provision
1. The Trust shall, except in those cases set forth in the following, not provide Personal Data to a third party without obtaining a Principal's consent in advance.
(1) cases based on laws and regulations;
(2) cases in which there is a need to protect a human life, body or fortune, and when it is difficult to obtain a Principal's consent;
(3) cases in which there is a special need to enhance public hygiene or promote fostering healthy children, and when it is difficult to obtain a Principal's consent;
(4) cases in which there is a need to cooperate with a central government organization or a local government, or a person entrusted by them performing affairs prescribed by laws and regulations, and when there is a possibility that obtaining a Principal's consent would interfere with the performance of the affairs.
2. In those cases set forth in the following, a person receiving provision of Personal Data shall not fall under a third party in regard to applying the provisions of the preceding Paragraph:
(1) cases in which Personal Data is provided accompanied by the Trust entrusting the whole or any part of the handling of the Personal Data within the necessary scope to achieve a Purpose of Use;
(2) cases in which Personal Data is provided accompanied with business succession caused by a merger or other reason;
(3) cases in which Personal Data to be jointly utilized by a specified person is provided to the specified person, and when a Principal has in advance been informed or a state has been in place where a Principal can easily know to that effect as well as of the categories of the jointly utilized Personal Data, the scope of a jointly utilizing person, the Purpose of Use for the utilizing person and the name or appellation of a person responsible for controlling the Personal Data.
3. The Trust must, when providing Personal Data to a third party, conclude an agreement with the third party in consideration of the following matters:
(1) that employees of the recipient of such data must not leak or make unauthorized use of Personal Information obtained through the handling of the relevant Personal Information;
(2) that a prior written approval of the Personal Information School Administrator must be obtained when the relevant Personal Data is re-provided;
(3) that the retention period, etc. at the recipient must be clearly established;
(4) that the Personal Data must be returned or destroyed or deleted by the recipient appropriately and securely after the purpose of use is attained; and
(5) that the recipient must be prohibited from copying or duplicating Personal Data (excluding making backups necessary for a security reason).
4. The Personal Information Handling Administrator must, when Personal Data is jointly utilized by a specified person, obtain approval from the Personal Information General Administrator in advance.

Article 11-1 (deleted)

Article 11-2: Restriction on Provision to a Third Party in a Foreign Country
The Trust, except in those cases set forth in each item of the Article 10, Paragraph 1, must, in case of providing Personal Data to a third party (excluding a person establishing a system conforming to standards prescribed by rules of the Personal Information Protection Commission as necessary for continuously taking action equivalent to the one that a personal information handling business operator shall take pursuant to the Act on the Protection of Personal Information concerning the handling of personal data; hereinafter the same in this Article) in a foreign country (excluding countries prescribed by rules of the Personal Information Protection Commission as a foreign country establishing a personal information protection system recognized to have equivalent standards to that in Japan in regard to the protection of an individual's rights and interests; hereinafter the same in this Article), obtain a Principal's consent in advance to the effect that he or she approves the provision to a third party in a foreign country. In this case, the provisions of the same Article shall not apply.

Article 11-3: Keeping Records of Third-Party Provision
1. The Personal Information Handling Administrator must, when having provided Personal Data to a third party, excluding a person set forth in each of the following items, (hereinafter the same in this Article and the next Article), keep a record of the date of the Personal Data provision, the name or appellation of the third party, and other necessary matters; provided, however, that this shall not apply in cases where Personal Data provision falls under any of each item of Article 10, Paragraph 1 or any of each item of Article 10, Paragraph 2.
(1) a central government organization;
(2) a local government;
(3) an incorporated administrative agency, etc.; and
(4) a local incorporated administrative agency.
2. The Personal Information Handling Administrator must, in principle, keep the record under the preceding Paragraph for three years from the date it created the record.

Article 11-4: Confirmation etc. when Receiving a Third Party Provision
1. The Personal Information Handling Administrator must, when receiving the provision of Personal Data from a third party, confirm those matters set forth in the following; provided, however, that this shall not apply in cases where Personal Data provision falls under any of each item of Article 10, Paragraph 1 or any of each item of Article 10, Paragraph 2.
(1) the name or appellation and address of the third party and, for a corporate body, the name of its representative (for a non-corporate body that has appointed a representative or administrator, the representative or administrator);
(2) circumstances under which the Personal Data was acquired by the third party.
2. The Personal Information Handling Administrator must, when having confirmed pursuant to the provisions of the preceding Paragraph, prepare and keep a record of the date on which it received the provision of Personal Data, matters concerning the confirmation, and other necessary records.
3. The Personal Information Handling Administrator must keep the records under the preceding Paragraph for three years from the date it created the record.

Article 12 (deleted)

Article 13-1 (deleted)

Article 13-2: Public Disclosure etc. on Matters relating to Retained Personal Data
1. A Personal Information School Administrator must, concerning its Retained Personal Data, put those matters set forth in the following into a state where a Principal can know (including those cases in which it, at the request of a Principal, responds without delay):
(1) the Purpose of Use of Retained Personal Data (excluding those cases falling under item (1) to item (3) of Article 9-3, Paragraph 4);
(2) the procedures for responding to a request pursuant to the provisions of Paragraph 3 of this Article or a demand pursuant to the provisions of Article 14-1, Paragraph 1, Article 14-2, Paragrap 1, Article 14-3, Paragraph 1 or Article 14-3, Paragraph 3 (including, when the amount of a fee has been decided, the amount of the fee); and
(3) the division that accepts complaints and consultations relating to the handling of Retained Personal Data.
2. Disclosure shall be by putting up or distributing printed matter or posting on the Trust’s website.
3. A Personal Information School Administrator must, when requested by Students, etc. or Faculty and Staff, etc. to get informed of a Purpose of Use of Retained Personal Data that can identify the Principal, inform the Principal thereof without delay; provided, however, that shall not apply in those cases falling under any of each following item:
(1) cases in which the Purpose of Use of Retained Personal Data that can identify the Principal is clear pursuant to the provisions of Paragraph 1;
(2) cases falling under item (1) to item (3) of Article 9-3, Paragraph 4.
4. A Personal Information School Administrator must, when having been requested based on the provisions of the preceding Paragraph but decided not to inform a Principal of the Purpose of Use of Retained Personal Data, inform the Principal to that effect without delay.

Article 14-1: Disclosure
1. Students, etc. and Faculty and Staff, etc. may demand of a Personal Information School Administrator for Retained Personal Data that can identify the Principal the disclosing of such Retained Personal Data.
2. A Personal Information School Administrator must, when having received a demand pursuant to the provisions of the preceding Paragraph, disclose Retained Personal Data without delay; provided, however, that in the cases falling under any of the following items, the whole or any part of the Retained Personal Data may not be disclosed:
(1) cases in which there is a possibility of harming a Principal or third party's life, body, fortune or other rights and interests;
(2) cases in which there is a possibility of interfering seriously with the Trust implementing its Business properly; and
(3) cases of violating other laws or regulations.
3. The disclosure of Retained Personal Data shall be made by issuing a written document; provided, however, that such method shall be used when a method has been agreed with the disclosure requestor.
4. A Personal Information School Administrator must, when having decided not to disclose the whole or any part of Retained Personal Data in connection with a demand pursuant to the provisions of Paragraph 1 or when the Retained Personal Data does not exist, inform a Principal to that effect without delay.
5. In cases where the whole or any part of Retained Personal Data that can identify a Principal is to be disclosed to the Principal pursuant to the provisions of other laws or regulations using a method equivalent to that prescribed in the main clause of Paragraph 2, the provisions of Paragraph 1 and Paragraph 2 shall not apply in regard to the said whole or any part of the Retained Personal Data.

Article 14-2: Correction, etc.
1. Students, etc. and Faculty and Staff, etc. may, when the contents of Retained Personal Data that can identify the Principal are not factual, demand of a Personal Information School Administrator for such Retained Personal Data a correction, addition or deletion (hereinafter called "Correction, etc." in this Article) in regard to the contents of the Retained Personal Data.
2. A Personal Information School Administrator must, in case of having received a demand pursuant to the provisions of the preceding Paragraph except in cases where special procedures concerning a Correction, etc. of the contents is prescribed by the provisions of other laws or regulations, conduct a necessary investigation without delay to the extent necessary to achieve a Purpose of Use and, based on the result thereof, make a Correction, etc. to the contents of the Retained Personal Data.
3. A Personal Information School Administrator must, when having made a Correction, etc. to the whole or any part of the contents of the Retained Personal Data in connection with a demand pursuant to the provisions under Paragraph 1 or when having made a decision not to make a Correction, etc., inform a Principal without delay to that effect (including, when having made a Correction, etc., the contents thereof).

Article 14-3: Utilization Cease etc.
1. Students, etc. and Faculty and Staff, etc. may, when Retained Personal Data that can identify the Principal is being handled in violation of the provisions of Article 7-9 or has been acquired in violation of the provisions of Article 8, demand of a Personal Information School Administrator for such Retained Personal Data, a utilization cease or deletion (hereinafter called "Utilization Cease, etc." in this Article) of the Retained Personal Data.
2. A Personal Information School Administrator shall, in case of having received a demand pursuant to the provisions of the preceding Paragraph and when it has become clear that there is a reason in the demand, fulfill a Utilization Cease, etc. of the Retained Personal Data to the extent necessary to redress a violation without delay; provided, however, that this shall not apply in cases where a Utilization Cease, etc. of Retained Personal Data requires a large amount of expenses or other cases where it is difficult to fulfil a Utilization Cease, etc. and when necessary alternative action is taken to protect a Principal's rights and interests.
3. Students, etc. and Faculty and Staff, etc. may, when Retained Personal Data that can identify the Principal is being provided to a third party in violation of the provisions of Article 10, Paragraph 1 or Article 11-2, demand of a Personal Information School Administrator for the Retained Personal Data to cease third-party provision of the Retained Personal Data.
4. A Personal Information School Administrator must, in case of having received a demand pursuant to the provisions of the preceding Paragraph and when it has become clear that there is a reason in the demand, cease a third-party provision of the Retained Personal Data without delay; provided, however, that this shall not apply in cases where ceasing a third-party provision of the Retained Personal Data requires a large amount of expenses or other cases where it is difficult to cease a third-party provision and when necessary alternative action is taken to protect a Principal's rights and interests.
5. A Personal Information School Administrator must, when having fulfilled a Utilization Cease, etc. or decided not to fulfill a Utilization Cease, etc. of the whole or any part of Retained Personal Data in connection with a demand pursuant to the provisions of Paragraph 1, or when having ceased a third-party provision or decided not to cease a third-party provision of the whole or any part of Retained Personal Data in connection with a demand pursuant to the provisions of Paragraph 3, inform a Principal to that effect without delay.

Article 14-4: Explanation of Reason
A Personal Information School Administrator must, in case of informing a Principal to the effect that, as regards to the whole or any part of action requested or demanded by the Principal pursuant to the provisions of Article 13-2, Paragraph 4, Article 14-1, Paragraph 4, Article 14-2, Paragraph 3 of Article 14-3, Paragraph 5, the action will not be taken, or to the effect that different action from said action will be taken, strive to explain a reason therefor to the Principal.

Article 14-5: Responsibility for Expenses
Students, etc. and Faculty and Staff, etc. must, when notification of the Purpose of Use has been requested in accordance with provisions of Article 13-2, Paragraph 3 or when a request for disclosure has been made in accordance with the provisions of Article 14-1, Paragraph 1, pay an administrative fee of 300 JPY per record and actual fees in relation to conducting such disclosure, etc.

Article 15-1: Filing of Complaints
1. Students, etc. and Faculty and Staff, etc. who have a complaint about the measures taken in response to the request for disclosure, Correction, etc. or Suspension, etc. under these Regulations may file a complaint with the Appeals Committee in writing.
2. The Appeals Committee, when receiving the filing of a complaint pursuant to the preceding Paragraph, must investigate or deliberate such complaint promptly.
3. The Appeals Committee, when determining that there is a need for the investigation or deliberation by the filing of a complaint, may hear the opinions of involved persons including the filing person or the relevant Personal Information School Administrator.
4. The Appeals Committee, when determining that there is a reason for the filing, may recommend disclosure, Correction, etc. or Suspension, etc. to the relevant Personal Information School Administrator.
5. The Appeals Committee must notify the filing person of the result of deliberation in writing.

Article 15-2: Appeals Committee
1. The Appeals Committee provided for in the preceding Article is made up of members appointed by the Executive Trustee for General Affairs as follows:
(1) the Executive Trustee for General Affairs
(2) a number of external experts
(3) a number of non-fixed term faculty and staff
2. The chair and vice-chair of the Appeals Committee will be elected by the committee members from among its members.

Article 15-3: Handling Complaints
1. A Personal Information School Administrator must, when receiving a complaint regarding the handling of Personal Information by the Trust, promptly inform the Personal Information General Administrator.
2. The Personal Information General Administrator must, when receiving a report in accordance with the provision of the preceding Paragraph, strive to handle the complaint properly and promptly.

Article 16 (deleted)

Article 17 (deleted)

Article 18: Penalty
In the event that any Faculty and Staff, etc. is in violation of the responsibilities set forth in these Regulations, such Faculty and Staff, etc. may be disciplined. The discipline of Students, etc. will be governed by the rules of the school to which the relevant student belongs.

Article 19: Revision and Abolition
The revisions and abolitions of these Regulations will be executed by the Executive Board of Trustees after the deliberations of the Committee.

Supplementary Provision (March 27, 2019 partial revision following revisions to the Act on the Protection of Personal Information)
These Regulations will take effect as of April 1, 2019.

ページトップへ