December 3, 1997
Electronic Network Consortium

(Objective)

The aim of these guidelines is to ensure that electronic networks develop in a well-structured way by providing all domestic online service providers regardless of business aims, size or business methods with a unified approach to managing and protecting personal data to safeguard the rights of the online user.

It is intended that online service providers refer to these guidelines when designing their online services. In addition to pursuing their own business aims, it is important that they act to protect personal data belonging to network users.

(Terminology)

• Electronic network management
  Electronic network management is defined as providing the following unrestricted services to members of the general public: managing individual networks that form components of the Internet, and networks, ranging from large commercial online services to individually run BBSs, that are used for administration of the membership and payment of fees in PC-based information systems.

• Personal data
  Personal data in electronic network management refers to information that directly identifies a particular individual or where a combination of such information can be used to identify the individual. However, it excludes data on directors of corporations and other organizations which form part of general corporate information.

  Key categories of personal data are defined below:

  • Member's data
    Information obtained when a person becomes a member of a network. This information is retained by the network provider for membership administration purposes and to improve the service to members.
    Key data: E-mail address or ID number, password, name, address, sex, age, date of birth, picture of the person, voice, nickname or handle name, phone number, occupation, model of PC.
    
  • Account information
    Payment method used by a member.
    Key data: name of the credit card company, credit card number, bank name, bank account number, name of the bank account.
    
  • Service fee information
    Record of billing and payment of membership fees with member and account information described above.
    Key data: Amount of fee, statement, billing amount, payment information.
    
  • Network transaction record
    Record of network usage including the time and volume of transactions.
    Key data: Data sending and receiving addresses, log-in/log-out time, log-in time by service type.
    
  • Marketing information
    Information used for marketing purposes such as actual use of services and the data obtained through surveys.
    Key data: hobbies, taste, field of interest, forum membership, web sites visited.

(Subject of the guidelines)

The guidelines apply to anyone who handles personal data on electronic networks. Following is a list of relevant organizations:

• Providers of electronic network services
• Companies and organizations that contract out their electronic networks to network providers
• Hosts and providers of services including electronic malls, e-mail servers, electronic bulletin boards, forums.
• Administrators of web sites on the Internet who process customer information.

(Guidelines)

1. Collecting personal data
   When people or organizations that are the subject of these guidelines collect personal data as a prerequisite to providing a service, the necessity of collecting the data must be clearly established and only the data that is required to provide the service should be requested. Following are some examples of the type of membership data that should be requested:
   
   • How to request membership data
     Data on individual members should be obtained directly from the member or a representative assigned by the member. Data on corporate members should be obtained directly from the individual or a representative assigned by the individual (a pre-designated contact person).

2. Considerations in collecting personal data
   The personal data must be collected by legal and fair means, and the consent of the individual concerned must be obtained.

3. Personal information that cannot be collected
   Personal data in the following categories cannot be requested, used or provided, with the following exceptions: When the unambiguous consent of the individual concerned has been obtained, when a specific law allows for the collection, usage and provision of such data, or when the information is essential for a specific legal procedure.
   
   • Information on race or ethnic group
   • Family background and place of birth
   • Religion (religion, belief, creed), political views, or membership of a labor union
   • Health, medical condition or sexual preference

4. Use of personal data
   Use of personal data must be limited to the purposes for which the data was collected. However, the data may be utilized for other purposes when the individual concerned gives consent for this use. Organizations that are the subject of these guidelines should maintain the necessary systems. Following is an example of the systems where personal data can be considered necessary.
   
   • e-mail, electronic bulletin boards, electronic forums.
     Personal data displayed on e-mail systems should be limited to the minimum amount necessary to send an e-mail. Personal data attached to messages to electronic bulletin boards or forums must be limited to the minimum amount needed to identify the individual taking responsibility for the content in the light of freedom of expression.

5. Providing personal data
   Personal data must not be provided to any third party, except in the case where a third party has valid legal reasons and the consent of the individual concerned is obtained. Following are some examples:
   
   • Inquiries by financial institutions
     When a financial institution used by a member inquires about the service fee, only the fee amount should be provided. No other information should be given.
   • Inquiries based on membership policy, etc.
     Except for any cases clearly stated in the membership policy, personal data must not be made public without showing the content of the data to be made public to the individual concerned and obtaining their consent.
   • Where there are valid legal reasons
     In principle a request backed by valid legal reasons refers to where a public office requests the data with a search warrant or distress warrant. In exceptional cases, personal data may be provided in response to a request to investigate the contents of a search in order to protect human rights and privacy.

     In addition, personal data may be provided to a third party with valid legal reasons when the data is necessary to protect the public interest.

6. Request by a person to view their own data
   When disclosure of personal data is requested by the subject of the data, the data shall be provided after confirming the identification of the requester. The provider or the host of the electronic network should have in place a system to provide legitimate data promptly.
   • Request by a person to view their own data
     When disclosure of personal data is requested by the subject of the data, the requester's identification should be confirmed first by checking against the member's data and then the requested data should be provided. When the requester is a representative such as a family member assigned by the individual concerned, the information should be provided only after confirming that the representative has been assigned by the subject of the data themselves. In the case of corporate membership, personal data can be provided to a contractor (representative) who has the permission of the individual concerned in the same way as for individual members. The request for personal data by other departments in the same corporation will be rejected.
   • Method of verifying ownership of data
     Data should be collated with the registered member data held by the provider or host of the electronic network and data which is known only to the individual concerned.
   • Data available for disclosure
     Personal data categorized in the previous section are subject to disclosure. However, data such as passwords should be provided after confirming that the recipient is the requester via postal mail, or a phone call.
   • Setting up a help desk
     Providers and hosts of electronic networks should set up a help desk to respond to inquiries. All members should be informed of the existence of the help desk.

7. Disapproval of the use of personal data
   When the individual disapproves of the provision to a third party of his/her personal data already held by the provider or host of an electronic network, the data should not be given to a third party, except in cases where the data must be given to fulfill the responsibility as provider or host.

8. Security of personal data
   Providers of electronic networks should have in place a suitable and effective security system to prevent leakage of data. They should keep personal data needed in fulfilling their business aims accurate and up-to-date.
   • Request for correcting account information
     When the account holder requests corrections to their account information, the data should be corrected after verifying the requester's identification. The account information may be changed when requested by a financial institution.
   • Use of external services
     When outside vendors are contracted to handle any part of the operation, their legal obligation to maintain privacy of information must be written in the contract. They must not disclose any information obtained during the contracted work, and there must be no leakage of personal data.
   • Handling personal data for ex-members
     When personal data is kept after membership has been canceled, the data should be safeguarded by a proper security system in the same way as before cancellation.
   • Responsibility of users
     Some personal data such as passwords are known only by the user, and the responsibility of the user to keep such information secret should be clearly stated in the membership policy along with the reasons why.

9. Managers of personal data
   Providers of electronic networks should appoint a manager within the organization who understands the objectives of these guidelines and who is capable of carrying them out to be responsible for the proper management of personal data.

(Implementation)

Providers of electronic network should respect the aims of the guidelines and provide proper systems within the organization to protect personal data. The guidelines should be enforced among electronic network providers and the Electronic Network Consortium will follow up on spreading the use of the guidelines and user education.