[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"article:hotaikei":3},{"meta":4,"markdown":1110,"quiz":1111},{"type":5,"articleId":6,"slug":7,"title":8,"titleEn":9,"category":10,"order":11,"seriesLabel":12,"summary":13,"publishedAt":14,"image":15,"tags":16,"vocabulary":22,"quizId":1106,"source":1107},"article","kjh-k1-h01-hotaikei","hotaikei","課題Ⅰ 第１編 個人情報保護の法体系と各種認定制度","The Legal Framework of Personal Information Protection and Certification Systems","kojin-joho-hogo\u002Fkadai-1",1010,"課題Ⅰ 第１編","Comprehensive exam-prep article covering the full scope of 課題Ⅰ 第１編 総説: the OECD 8 Principles and their mapping to Japanese law, EU Data Protection Directive and GDPR influence, Japan's legislative history from 1988 through the 2021 three-law integration, the structure of the current Personal Information Protection Act and its hierarchy (law → enforcement order → enforcement rules → guidelines), the Personal Information Protection Commission's composition and powers, all four guideline volumes, related laws (My Number Act, Unauthorized Access Prohibition Act, Unfair Competition Prevention Act with its 3 trade-secret requirements, Telecommunications Business Act, Criminal Code virus provisions, Specified Electronic Mail Act), the Japan-EU mutual adequacy decision and supplementary rules, Privacy Mark (JIS Q 15001:2023) certification details, ISMS (ISO\u002FIEC 27001) certification details, a detailed P-Mark vs ISMS comparison, and other certifications (TRUSTe, SOC 2, ISO 27701).","2026-04-26T00:00:00Z","https:\u002F\u002Fimages.yamiyomi.com\u002Fkjh-k1-h01-hotaikei.png",[17,18,19,20,21],"exam:個人情報保護士","topic:法体系","topic:認定制度","topic:プライバシーマーク","law:GDPR",[23,28,32,36,40,44,48,52,57,61,65,69,73,77,81,85,89,93,97,101,105,109,113,117,121,125,129,133,137,141,145,149,153,157,161,165,169,173,177,181,185,189,193,196,200,204,208,212,216,220,224,228,232,236,240,244,248,252,256,260,264,268,272,276,280,284,288,292,296,300,304,308,312,316,320,324,328,332,336,340,343,347,351,355,359,363,367,371,375,379,383,387,391,395,399,403,407,411,415,419,423,427,431,435,439,443,447,451,455,459,463,467,471,475,479,483,487,491,495,499,503,507,511,514,518,522,526,530,534,538,542,546,550,554,558,562,566,570,574,578,582,586,590,594,597,601,605,609,613,617,621,625,629,633,637,641,645,649,653,657,661,665,669,673,677,681,685,689,693,697,701,705,709,713,717,721,725,729,733,737,741,745,749,752,756,760,764,768,772,776,780,784,788,792,796,800,804,808,812,816,820,824,828,832,836,840,844,848,852,856,860,864,868,872,876,880,884,888,892,896,900,904,908,912,916,920,924,928,932,936,940,944,948,952,956,959,963,967,971,975,979,983,987,991,995,999,1003,1007,1011,1015,1019,1023,1027,1031,1035,1039,1043,1046,1050,1054,1058,1062,1066,1070,1074,1078,1082,1086,1090,1094,1098,1102],{"word":24,"reading":25,"meaning":26,"level":27},"個人情報","こじんじょうほう","personal information","N2",{"word":29,"reading":30,"meaning":31,"level":27},"保護","ほご","protection",{"word":33,"reading":34,"meaning":35,"level":27},"国際的","こくさいてき","international",{"word":37,"reading":38,"meaning":39,"level":27},"出発点","しゅっぱつてん","starting point",{"word":41,"reading":42,"meaning":43,"level":27},"経済","けいざい","economy",{"word":45,"reading":46,"meaning":47,"level":27},"協力","きょうりょく","cooperation",{"word":49,"reading":50,"meaning":51,"level":27},"開発","かいはつ","development",{"word":53,"reading":54,"meaning":55,"level":56},"機構","きこう","organization, mechanism","N1",{"word":58,"reading":59,"meaning":60,"level":56},"採択","さいたく","adoption",{"word":62,"reading":63,"meaning":64,"level":27},"原則","げんそく","principle",{"word":66,"reading":67,"meaning":68,"level":27},"収集","しゅうしゅう","collection",{"word":70,"reading":71,"meaning":72,"level":27},"制限","せいげん","limitation",{"word":74,"reading":75,"meaning":76,"level":56},"適法","てきほう","lawful",{"word":78,"reading":79,"meaning":80,"level":56},"公正","こうせい","fair, impartial",{"word":82,"reading":83,"meaning":84,"level":27},"手段","しゅだん","means, method",{"word":86,"reading":87,"meaning":88,"level":27},"本人","ほんにん","the person themselves",{"word":90,"reading":91,"meaning":92,"level":27},"同意","どうい","consent",{"word":94,"reading":95,"meaning":96,"level":27},"利用","りよう","use, utilization",{"word":98,"reading":99,"meaning":100,"level":27},"目的","もくてき","purpose",{"word":102,"reading":103,"meaning":104,"level":27},"範囲","はんい","scope, range",{"word":106,"reading":107,"meaning":108,"level":27},"正確","せいかく","accurate",{"word":110,"reading":111,"meaning":112,"level":27},"完全","かんぜん","complete, perfect",{"word":114,"reading":115,"meaning":116,"level":27},"最新","さいしん","latest, most recent",{"word":118,"reading":119,"meaning":120,"level":56},"明確化","めいかくか","clarification",{"word":122,"reading":123,"meaning":124,"level":27},"安全","あんぜん","safety, security",{"word":126,"reading":127,"meaning":128,"level":56},"措置","そち","measures",{"word":130,"reading":131,"meaning":132,"level":27},"合理的","ごうりてき","reasonable, rational",{"word":134,"reading":135,"meaning":136,"level":27},"公開","こうかい","disclosure, public",{"word":138,"reading":139,"meaning":140,"level":27},"方針","ほうしん","policy",{"word":142,"reading":143,"meaning":144,"level":27},"参加","さんか","participation",{"word":146,"reading":147,"meaning":148,"level":27},"自己","じこ","self",{"word":150,"reading":151,"meaning":152,"level":27},"訂正","ていせい","correction",{"word":154,"reading":155,"meaning":156,"level":27},"削除","さくじょ","deletion",{"word":158,"reading":159,"meaning":160,"level":27},"権利","けんり","rights",{"word":162,"reading":163,"meaning":164,"level":27},"責任","せきにん","responsibility",{"word":166,"reading":167,"meaning":168,"level":27},"管理者","かんりしゃ","manager, administrator",{"word":170,"reading":171,"meaning":172,"level":56},"遵守","じゅんしゅ","compliance",{"word":174,"reading":175,"meaning":176,"level":27},"法的","ほうてき","legal",{"word":178,"reading":179,"meaning":180,"level":56},"拘束力","こうそくりょく","binding force",{"word":182,"reading":183,"meaning":184,"level":56},"勧告","かんこく","recommendation",{"word":186,"reading":187,"meaning":188,"level":27},"基盤","きばん","foundation",{"word":190,"reading":191,"meaning":192,"level":27},"反映","はんえい","reflection",{"word":194,"reading":79,"meaning":195,"level":27},"構成","composition, structure",{"word":197,"reading":198,"meaning":199,"level":27},"条","じょう","article (of law)",{"word":201,"reading":202,"meaning":203,"level":27},"適正","てきせい","proper, appropriate",{"word":205,"reading":206,"meaning":207,"level":27},"取得","しゅとく","acquisition",{"word":209,"reading":210,"meaning":211,"level":27},"対応","たいおう","correspondence, response",{"word":213,"reading":214,"meaning":215,"level":56},"条文","じょうぶん","article, provision text",{"word":217,"reading":218,"meaning":219,"level":27},"暗記","あんき","memorization",{"word":221,"reading":222,"meaning":223,"level":56},"欧州","おうしゅう","Europe",{"word":225,"reading":226,"meaning":227,"level":27},"連合","れんごう","union",{"word":229,"reading":230,"meaning":231,"level":56},"指令","しれい","directive",{"word":233,"reading":234,"meaning":235,"level":56},"十分性","じゅうぶんせい","adequacy",{"word":237,"reading":238,"meaning":239,"level":27},"認定","にんてい","certification, accreditation",{"word":241,"reading":242,"meaning":243,"level":27},"移転","いてん","transfer",{"word":245,"reading":246,"meaning":247,"level":56},"施行","しこう","enforcement, implementation",{"word":249,"reading":250,"meaning":251,"level":56},"加盟国","かめいこく","member state",{"word":253,"reading":254,"meaning":255,"level":56},"域外適用","いきがいてきよう","extraterritorial application",{"word":257,"reading":258,"meaning":259,"level":56},"条項","じょうこう","provision, clause",{"word":261,"reading":262,"meaning":263,"level":27},"企業","きぎょう","enterprise, company",{"word":265,"reading":266,"meaning":267,"level":27},"影響","えいきょう","influence, impact",{"word":269,"reading":270,"meaning":271,"level":56},"制裁金","せいさいきん","penalty, sanction",{"word":273,"reading":274,"meaning":275,"level":27},"売上高","うりあげだか","revenue",{"word":277,"reading":278,"meaning":279,"level":56},"厳格","げんかく","strict, rigorous",{"word":281,"reading":282,"meaning":283,"level":27},"相互","そうご","mutual",{"word":285,"reading":286,"meaning":287,"level":27},"認証","にんしょう","certification, authentication",{"word":289,"reading":290,"meaning":291,"level":56},"発効","はっこう","taking effect",{"word":293,"reading":294,"meaning":295,"level":56},"補完的","ほかんてき","supplementary, complementary",{"word":297,"reading":298,"meaning":299,"level":56},"要配慮","ようはいりょ","requiring special care",{"word":301,"reading":302,"meaning":303,"level":27},"同等","どうとう","equivalent",{"word":305,"reading":306,"meaning":307,"level":27},"拡大","かくだい","expansion",{"word":309,"reading":310,"meaning":311,"level":27},"保有","ほゆう","possession, holding",{"word":313,"reading":314,"meaning":315,"level":27},"保存","ほぞん","storage, preservation",{"word":317,"reading":318,"meaning":319,"level":56},"撤廃","てっぱい","abolition",{"word":321,"reading":322,"meaning":323,"level":27},"匿名","とくめい","anonymous",{"word":325,"reading":326,"meaning":327,"level":27},"加工","かこう","processing",{"word":329,"reading":330,"meaning":331,"level":27},"追加","ついか","addition",{"word":333,"reading":334,"meaning":335,"level":27},"条件","じょうけん","condition",{"word":337,"reading":338,"meaning":339,"level":27},"段階的","だんかいてき","gradual, phased",{"word":341,"reading":342,"meaning":51,"level":27},"発展","はってん",{"word":344,"reading":345,"meaning":346,"level":27},"行政","ぎょうせい","administration",{"word":348,"reading":349,"meaning":350,"level":27},"機関","きかん","institution, organ",{"word":352,"reading":353,"meaning":354,"level":56},"制定","せいてい","enactment",{"word":356,"reading":357,"meaning":358,"level":27},"民間","みんかん","private sector",{"word":360,"reading":361,"meaning":362,"level":27},"事業者","じぎょうしゃ","business operator",{"word":364,"reading":365,"meaning":366,"level":56},"包括的","ほうかつてき","comprehensive",{"word":368,"reading":369,"meaning":370,"level":27},"成立","せいりつ","establishment, enactment",{"word":372,"reading":373,"meaning":374,"level":27},"全面","ぜんめん","full, complete",{"word":376,"reading":377,"meaning":378,"level":27},"基本","きほん","basic, fundamental",{"word":380,"reading":381,"meaning":382,"level":56},"理念","りねん","principle, ideal",{"word":384,"reading":385,"meaning":386,"level":27},"義務","ぎむ","obligation, duty",{"word":388,"reading":389,"meaning":390,"level":27},"当初","とうしょ","initially, at first",{"word":392,"reading":393,"meaning":394,"level":27},"要件","ようけん","requirement",{"word":396,"reading":397,"meaning":398,"level":27},"適用","てきよう","application",{"word":400,"reading":401,"meaning":402,"level":56},"除外","じょがい","exclusion",{"word":404,"reading":405,"meaning":406,"level":27},"小規模","しょうきぼ","small-scale",{"word":408,"reading":409,"meaning":410,"level":27},"改正","かいせい","amendment, revision",{"word":412,"reading":413,"meaning":414,"level":27},"大幅","おおはば","significant",{"word":416,"reading":417,"meaning":418,"level":27},"見直し","みなおし","review, overhaul",{"word":420,"reading":421,"meaning":422,"level":27},"委員会","いいんかい","commission, committee",{"word":424,"reading":425,"meaning":426,"level":27},"設置","せっち","establishment",{"word":428,"reading":429,"meaning":430,"level":56},"省庁","しょうちょう","ministry, government agency",{"word":432,"reading":433,"meaning":434,"level":56},"所管","しょかん","jurisdiction",{"word":436,"reading":437,"meaning":438,"level":56},"共管","きょうかん","joint jurisdiction",{"word":440,"reading":441,"meaning":442,"level":27},"独立","どくりつ","independent",{"word":444,"reading":445,"meaning":446,"level":27},"監督","かんとく","supervision",{"word":448,"reading":449,"meaning":450,"level":56},"一元化","いちげんか","unification",{"word":452,"reading":453,"meaning":454,"level":27},"新設","しんせつ","newly established",{"word":456,"reading":457,"meaning":458,"level":27},"人種","じんしゅ","race",{"word":460,"reading":461,"meaning":462,"level":56},"信条","しんじょう","creed, belief",{"word":464,"reading":465,"meaning":466,"level":27},"社会的","しゃかいてき","social",{"word":468,"reading":469,"meaning":470,"level":27},"身分","みぶん","status, position",{"word":472,"reading":473,"meaning":474,"level":56},"病歴","びょうれき","medical history",{"word":476,"reading":477,"meaning":478,"level":27},"犯罪","はんざい","crime",{"word":480,"reading":481,"meaning":482,"level":27},"経歴","けいれき","record, career",{"word":484,"reading":485,"meaning":486,"level":27},"被害","ひがい","damage, harm",{"word":488,"reading":489,"meaning":490,"level":27},"該当","がいとう","applicable, relevant",{"word":492,"reading":493,"meaning":494,"level":56},"創設","そうせつ","creation, establishment",{"word":496,"reading":497,"meaning":498,"level":27},"定義","ていぎ","definition",{"word":500,"reading":501,"meaning":502,"level":56},"個人識別符号","こじんしきべつふごう","personal identification code",{"word":504,"reading":505,"meaning":506,"level":27},"強化","きょうか","strengthening",{"word":508,"reading":509,"meaning":510,"level":27},"利用停止","りようていし","suspension of use",{"word":512,"reading":513,"meaning":156,"level":27},"消去","しょうきょ",{"word":515,"reading":516,"meaning":517,"level":56},"請求権","せいきゅうけん","right to demand",{"word":519,"reading":520,"meaning":521,"level":56},"緩和","かんわ","relaxation, easing",{"word":523,"reading":524,"meaning":525,"level":27},"目的外","もくてきがい","beyond the purpose",{"word":527,"reading":528,"meaning":529,"level":27},"正当","せいとう","legitimate",{"word":531,"reading":532,"meaning":533,"level":27},"利益","りえき","interest, benefit",{"word":535,"reading":536,"meaning":537,"level":56},"仮名加工情報","かめいかこうじょうほう","pseudonymously processed information",{"word":539,"reading":540,"meaning":541,"level":27},"内部","ないぶ","internal",{"word":543,"reading":544,"meaning":545,"level":27},"分析","ぶんせき","analysis",{"word":547,"reading":548,"meaning":549,"level":56},"漏えい","ろうえい","leakage",{"word":551,"reading":552,"meaning":553,"level":27},"報告","ほうこく","report",{"word":555,"reading":556,"meaning":557,"level":27},"義務化","ぎむか","making obligatory",{"word":559,"reading":560,"meaning":561,"level":27},"通知","つうち","notification",{"word":563,"reading":564,"meaning":565,"level":27},"罰金","ばっきん","fine",{"word":567,"reading":568,"meaning":569,"level":56},"三法統合","さんぽうとうごう","three-law integration",{"word":571,"reading":572,"meaning":573,"level":56},"法制","ほうせい","legal system",{"word":575,"reading":576,"meaning":577,"level":56},"並立","へいりつ","coexistence",{"word":579,"reading":580,"meaning":581,"level":27},"統合","とうごう","integration",{"word":583,"reading":584,"meaning":585,"level":56},"地方公共団体","ちほうこうきょうだんたい","local public entity",{"word":587,"reading":588,"meaning":589,"level":27},"自治体","じちたい","municipality",{"word":591,"reading":592,"meaning":593,"level":27},"全国","ぜんこく","nationwide",{"word":595,"reading":596,"meaning":450,"level":27},"統一","とういつ",{"word":598,"reading":599,"meaning":600,"level":27},"規律","きりつ","discipline, regulation",{"word":602,"reading":603,"meaning":604,"level":27},"現行","げんこう","current",{"word":606,"reading":607,"meaning":608,"level":56},"本則","ほんそく","main provisions",{"word":610,"reading":611,"meaning":612,"level":56},"附則","ふそく","supplementary provisions",{"word":614,"reading":615,"meaning":616,"level":56},"総則","そうそく","general provisions",{"word":618,"reading":619,"meaning":620,"level":56},"責務","せきむ","duty, responsibility",{"word":622,"reading":623,"meaning":624,"level":56},"施策","しさく","measure, policy",{"word":626,"reading":627,"meaning":628,"level":27},"取扱","とりあつかい","handling",{"word":630,"reading":631,"meaning":632,"level":56},"雑則","ざっそく","miscellaneous provisions",{"word":634,"reading":635,"meaning":636,"level":56},"罰則","ばっそく","penal provisions",{"word":638,"reading":639,"meaning":640,"level":56},"政令","せいれい","government ordinance",{"word":642,"reading":643,"meaning":644,"level":56},"施行令","しこうれい","enforcement order",{"word":646,"reading":647,"meaning":648,"level":56},"委任","いにん","delegation",{"word":650,"reading":651,"meaning":652,"level":27},"内閣","ないかく","cabinet",{"word":654,"reading":655,"meaning":656,"level":27},"規則","きそく","rules, regulations",{"word":658,"reading":659,"meaning":660,"level":27},"解釈","かいしゃく","interpretation",{"word":662,"reading":663,"meaning":664,"level":56},"実務","じつむ","practical work",{"word":666,"reading":667,"meaning":668,"level":56},"発足","ほっそく","inauguration",{"word":670,"reading":671,"meaning":672,"level":56},"内閣府","ないかくふ","Cabinet Office",{"word":674,"reading":675,"meaning":676,"level":56},"外局","がいきょく","external bureau",{"word":678,"reading":679,"meaning":680,"level":27},"委員長","いいんちょう","chairperson",{"word":682,"reading":683,"meaning":684,"level":27},"委員","いいん","member",{"word":686,"reading":687,"meaning":688,"level":56},"両議院","りょうぎいん","both houses of the Diet",{"word":690,"reading":691,"meaning":692,"level":56},"任命","にんめい","appointment",{"word":694,"reading":695,"meaning":696,"level":27},"任期","にんき","term of office",{"word":698,"reading":699,"meaning":700,"level":27},"独立性","どくりつせい","independence",{"word":702,"reading":703,"meaning":704,"level":56},"職権","しょっけん","authority",{"word":706,"reading":707,"meaning":708,"level":56},"行使","こうし","exercise (of authority)",{"word":710,"reading":711,"meaning":712,"level":27},"保障","ほしょう","guarantee",{"word":714,"reading":715,"meaning":716,"level":27},"権限","けんげん","authority, power",{"word":718,"reading":719,"meaning":720,"level":56},"報告徴収","ほうこくちょうしゅう","collection of reports",{"word":722,"reading":723,"meaning":724,"level":56},"立入検査","たちいりけんさ","on-site inspection",{"word":726,"reading":727,"meaning":728,"level":27},"指導","しどう","guidance",{"word":730,"reading":731,"meaning":732,"level":27},"助言","じょげん","advice",{"word":734,"reading":735,"meaning":736,"level":27},"命令","めいれい","order",{"word":738,"reading":739,"meaning":740,"level":56},"刑事罰","けいじばつ","criminal penalty",{"word":742,"reading":743,"meaning":744,"level":56},"通則","つうそく","general rules",{"word":746,"reading":747,"meaning":748,"level":27},"編","へん","volume, edition",{"word":750,"reading":751,"meaning":366,"level":56},"網羅的","もうらてき",{"word":753,"reading":754,"meaning":755,"level":27},"開示","かいじ","disclosure",{"word":757,"reading":758,"meaning":759,"level":27},"請求","せいきゅう","request, claim",{"word":761,"reading":762,"meaning":763,"level":27},"第三者","だいさんしゃ","third party",{"word":765,"reading":766,"meaning":767,"level":27},"提供","ていきょう","provision, supply",{"word":769,"reading":770,"meaning":771,"level":27},"基準","きじゅん","standard, criteria",{"word":773,"reading":774,"meaning":775,"level":27},"体制","たいせい","system, structure",{"word":777,"reading":778,"meaning":779,"level":27},"整備","せいび","development, maintenance",{"word":781,"reading":782,"meaning":783,"level":27},"確認","かくにん","confirmation",{"word":785,"reading":786,"meaning":787,"level":27},"記録","きろく","record",{"word":789,"reading":790,"meaning":791,"level":27},"双方","そうほう","both sides",{"word":793,"reading":794,"meaning":795,"level":56},"名簿屋","めいぼや","name list broker",{"word":797,"reading":798,"meaning":799,"level":27},"対策","たいさく","countermeasure",{"word":801,"reading":802,"meaning":803,"level":27},"区別","くべつ","distinction",{"word":805,"reading":806,"meaning":807,"level":56},"特別法","とくべつほう","special law",{"word":809,"reading":810,"meaning":811,"level":56},"特定個人情報","とくていこじんじょうほう","specific personal information (My Number)",{"word":813,"reading":814,"meaning":815,"level":27},"社会保障","しゃかいほしょう","social security",{"word":817,"reading":818,"meaning":819,"level":27},"税","ぜい","tax",{"word":821,"reading":822,"meaning":823,"level":27},"災害","さいがい","disaster",{"word":825,"reading":826,"meaning":827,"level":56},"法定","ほうてい","legal, statutory",{"word":829,"reading":830,"meaning":831,"level":56},"懲役","ちょうえき","imprisonment",{"word":833,"reading":834,"meaning":835,"level":56},"頻出","ひんしゅつ","frequent occurrence",{"word":837,"reading":838,"meaning":839,"level":56},"識別","しきべつ","identification",{"word":841,"reading":842,"meaning":843,"level":56},"符号","ふごう","code, symbol",{"word":845,"reading":846,"meaning":847,"level":27},"不正","ふせい","unauthorized, unfair",{"word":849,"reading":850,"meaning":851,"level":27},"禁止","きんし","prohibition",{"word":853,"reading":854,"meaning":855,"level":56},"制御","せいぎょ","control",{"word":857,"reading":858,"meaning":859,"level":27},"機能","きのう","function",{"word":861,"reading":862,"meaning":863,"level":56},"不正競争防止法","ふせいきょうそうぼうしほう","Unfair Competition Prevention Act",{"word":865,"reading":866,"meaning":867,"level":56},"営業秘密","えいぎょうひみつ","trade secret",{"word":869,"reading":870,"meaning":871,"level":56},"秘密管理性","ひみつかんりせい","secrecy management",{"word":873,"reading":874,"meaning":875,"level":56},"有用性","ゆうようせい","usefulness",{"word":877,"reading":878,"meaning":879,"level":56},"非公知性","ひこうちせい","non-public knowledge",{"word":881,"reading":882,"meaning":883,"level":56},"電気通信事業法","でんきつうしんじぎょうほう","Telecommunications Business Act",{"word":885,"reading":886,"meaning":887,"level":27},"秘密","ひみつ","secret, confidentiality",{"word":889,"reading":890,"meaning":891,"level":56},"刑法","けいほう","criminal law",{"word":893,"reading":894,"meaning":895,"level":56},"電磁的","でんじてき","electromagnetic",{"word":897,"reading":898,"meaning":899,"level":56},"処罰","しょばつ","punishment",{"word":901,"reading":902,"meaning":903,"level":56},"適正化","てきせいか","optimization, normalization",{"word":905,"reading":906,"meaning":907,"level":27},"事前","じぜん","in advance",{"word":909,"reading":910,"meaning":911,"level":27},"広告","こうこく","advertisement",{"word":913,"reading":914,"meaning":915,"level":27},"制度","せいど","system, institution",{"word":917,"reading":918,"meaning":919,"level":56},"財団法人","ざいだんほうじん","incorporated foundation",{"word":921,"reading":922,"meaning":923,"level":27},"運営","うんえい","operation, management",{"word":925,"reading":926,"meaning":927,"level":27},"審査","しんさ","examination, review",{"word":929,"reading":930,"meaning":931,"level":27},"活動","かつどう","activity",{"word":933,"reading":934,"meaning":935,"level":27},"拠点","きょてん","base, location",{"word":937,"reading":938,"meaning":939,"level":27},"法人","ほうじん","corporation",{"word":941,"reading":942,"meaning":943,"level":27},"単位","たんい","unit",{"word":945,"reading":946,"meaning":947,"level":27},"有効期間","ゆうこうきかん","validity period",{"word":949,"reading":950,"meaning":951,"level":27},"更新","こうしん","renewal",{"word":953,"reading":954,"meaning":955,"level":56},"満了","まんりょう","expiration",{"word":957,"reading":958,"meaning":398,"level":27},"申請","しんせい",{"word":960,"reading":961,"meaning":962,"level":27},"構築","こうちく","building, construction",{"word":964,"reading":965,"meaning":966,"level":27},"運用","うんよう","operation",{"word":968,"reading":969,"meaning":970,"level":27},"従業者","じゅうぎょうしゃ","employee, worker",{"word":972,"reading":973,"meaning":974,"level":27},"教育","きょういく","education",{"word":976,"reading":977,"meaning":978,"level":56},"監査","かんさ","audit",{"word":980,"reading":981,"meaning":982,"level":27},"実施","じっし","implementation",{"word":984,"reading":985,"meaning":986,"level":56},"適合性","てきごうせい","conformity",{"word":988,"reading":989,"meaning":990,"level":27},"評価","ひょうか","evaluation",{"word":992,"reading":993,"meaning":994,"level":56},"国際規格","こくさいきかく","international standard",{"word":996,"reading":997,"meaning":998,"level":27},"要素","ようそ","element",{"word":1000,"reading":1001,"meaning":1002,"level":56},"機密性","きみつせい","confidentiality",{"word":1004,"reading":1005,"meaning":1006,"level":56},"完全性","かんぜんせい","integrity",{"word":1008,"reading":1009,"meaning":1010,"level":56},"可用性","かようせい","availability",{"word":1012,"reading":1013,"meaning":1014,"level":27},"維持","いじ","maintenance",{"word":1016,"reading":1017,"meaning":1018,"level":27},"改善","かいぜん","improvement",{"word":1020,"reading":1021,"meaning":1022,"level":27},"継続的","けいぞくてき","continuous",{"word":1024,"reading":1025,"meaning":1026,"level":27},"組織","そしき","organization",{"word":1028,"reading":1029,"meaning":1030,"level":27},"固有","こゆう","unique, inherent",{"word":1032,"reading":1033,"meaning":1034,"level":27},"部門","ぶもん","department",{"word":1036,"reading":1037,"meaning":1038,"level":56},"特化","とっか","specialization",{"word":1040,"reading":1041,"meaning":1042,"level":27},"全般","ぜんぱん","overall, general",{"word":1044,"reading":1045,"meaning":172,"level":56},"準拠","じゅんきょ",{"word":1047,"reading":1048,"meaning":1049,"level":27},"規格","きかく","standard, specification",{"word":1051,"reading":1052,"meaning":1053,"level":27},"頻度","ひんど","frequency",{"word":1055,"reading":1056,"meaning":1057,"level":56},"通用性","つうようせい","validity, acceptability",{"word":1059,"reading":1060,"meaning":1061,"level":27},"比較","ひかく","comparison",{"word":1063,"reading":1064,"meaning":1065,"level":27},"焦点","しょうてん","focus",{"word":1067,"reading":1068,"meaning":1069,"level":56},"内部統制","ないぶとうせい","internal control",{"word":1071,"reading":1072,"meaning":1073,"level":27},"拡張","かくちょう","extension",{"word":1075,"reading":1076,"meaning":1077,"level":27},"橋渡し","はしわたし","bridge, intermediary",{"word":1079,"reading":1080,"meaning":1081,"level":27},"概要","がいよう","overview",{"word":1083,"reading":1084,"meaning":1085,"level":56},"把握","はあく","understanding, grasp",{"word":1087,"reading":1088,"meaning":1089,"level":27},"枠組み","わくぐみ","framework",{"word":1091,"reading":1092,"meaning":1093,"level":56},"策定","さくてい","formulation",{"word":1095,"reading":1096,"meaning":1097,"level":27},"形成","けいせい","formation",{"word":1099,"reading":1100,"meaning":1101,"level":27},"流通","りゅうつう","distribution, circulation",{"word":1103,"reading":1104,"meaning":1105,"level":27},"公表","こうひょう","publication","kjh-k1-h01-quiz",{"name":1108,"url":1109},"個人情報保護士試験対策","https:\u002F\u002Fwww.joho-gakushu.or.jp\u002Fpiip\u002F","\n::para\n[個人]{こじん:individual:N2}[情報]{じょうほう:information:N3}[保護]{ほご:protection:N1}の[国際的]{こくさいてき:international:N3}な[出発点]{しゅっぱつてん:starting point:N3}は、1980[年]{ねん:year:N5}に[経済]{けいざい:economy:N3}[協力]{きょうりょく:cooperation:N2}[開発]{かいはつ:development:N4}[機構]{きこう:organization:N3}（OECD）が[採択]{さいたく:adoption:N1}した「プライバシー[保護]{ほご:protection:N1}と[個人]{こじん:individual:N2}データの[国際]{こくさい:international:N3}[流通]{りゅうつう:distribution:N3}についてのガイドライン」である。このガイドラインは[以下]{いか:the following:N4}の8つの[原則]{げんそく:principles:N2}を[定めた]{さだめた:established:N3}。（1）[収集]{しゅうしゅう:collection:N3}[制限]{せいげん:limitation:N3}の[原則]{げんそく:principles:N2}（Collection Limitation）：[個人]{こじん:individual:N2}データの[収集]{しゅうしゅう:collection:N3}は[適法]{てきほう:lawful:N3}かつ[公正]{こうせい:fair:N4}な[手段]{しゅだん:means:N3}で、[本人]{ほんにん:the person themselves:N5}の[同意]{どうい:consent:N4}を[得て]{えて:to obtain:N3}[行う]{おこなう:to carry out:N5}。（2）データ[内容]{ないよう:content:N3}の[原則]{げんそく:principles:N2}（Data Quality）：[利用]{りよう:use:N3}[目的]{もくてき:purpose:N4}に[必要]{ひつよう:necessary:N3}な[範囲]{はんい:scope:N1}で[正確]{せいかく:accurate:N3}・[完全]{かんぜん:complete:N3}・[最新]{さいしん:latest:N3}に[保つ]{たもつ:to maintain:N1}。（3）[目的]{もくてき:purpose:N4}[明確化]{めいかくか:clarification:N3}の[原則]{げんそく:principles:N2}（Purpose Specification）：[収集]{しゅうしゅう:collection:N3}[時]{じ:time of:N5}までに[利用]{りよう:use:N3}[目的]{もくてき:purpose:N4}を[明確]{めいかく:clear:N3}にする。（4）[利用]{りよう:use:N3}[制限]{せいげん:limitation:N3}の[原則]{げんそく:principles:N2}（Use Limitation）：[明確化]{めいかくか:clarification:N3}された[目的]{もくてき:purpose:N4}[以外]{いがい:other than:N4}に[使用]{しよう:use:N4}しない。（5）[安全]{あんぜん:safety:N3}[保護]{ほご:protection:N1}の[原則]{げんそく:principles:N2}（Security Safeguards）：[合理的]{ごうりてき:reasonable:N3}な[安全]{あんぜん:safety:N3}[保護]{ほご:protection:N1}[措置]{そち:measures:N1}を[講じる]{こうじる:to take:N2}。（6）[公開]{こうかい:disclosure:N4}の[原則]{げんそく:principles:N2}（Openness）：データに[関する]{かんする:related to:N3}[方針]{ほうしん:policy:N2}を[公開]{こうかい:disclosure:N4}する。（7）[個人]{こじん:individual:N2}[参加]{さんか:participation:N3}の[原則]{げんそく:principles:N2}（Individual Participation）：[本人]{ほんにん:the person themselves:N5}が[自己]{じこ:self:N1}のデータにアクセス・[訂正]{ていせい:correction:N1}・[削除]{さくじょ:deletion:N1}を[求める]{もとめる:to request:N3}[権利]{けんり:rights:N3}を[持つ]{もつ:to have:N4}。（8）[責任]{せきにん:responsibility:N3}の[原則]{げんそく:principles:N2}（Accountability）：データ[管理者]{かんりしゃ:manager:N2}が[上記]{じょうき:the above:N3}[原則]{げんそく:principles:N2}の[遵守]{じゅんしゅ:compliance:N1}に[責任]{せきにん:responsibility:N3}を[負う]{おう:to bear:N3}。\n\n#en\nThe international starting point for personal information protection is the \"Guidelines on the Protection of Privacy and Transborder Flows of Personal Data\" adopted by the Organisation for Economic Co-operation and Development (OECD) in 1980. These guidelines established the following eight principles: (1) Collection Limitation Principle: personal data should be collected by lawful and fair means, with the consent of the data subject. (2) Data Quality Principle: data should be kept accurate, complete, and up-to-date within the scope necessary for the purpose of use. (3) Purpose Specification Principle: the purpose of use should be clarified at the time of collection. (4) Use Limitation Principle: data should not be used for purposes other than those specified. (5) Security Safeguards Principle: reasonable security safeguards should be taken. (6) Openness Principle: policies regarding data should be disclosed. (7) Individual Participation Principle: data subjects have the right to access, correct, and delete their own data. (8) Accountability Principle: data controllers bear responsibility for compliance with the above principles.\n::\n\n::callout\n[試験]{しけん:examination:N4}のポイント：OECD8[原則]{げんそく:principles:N2}の[名称]{めいしょう:name:N1}（[日本語]{にほんご:Japanese:N5}・[英語]{えいご:English:N4}[両方]{りょうほう:both:N3}）と[内容]{ないよう:content:N3}を[全て]{すべて:all:N3}[暗記]{あんき:memorization:N3}すること。「[法的]{ほうてき:legal:N3}[拘束力]{こうそくりょく:binding force:N1}はない」が「[各国]{かっこく:each country:N2}の[立法]{りっぽう:legislation:N3}の[基盤]{きばん:foundation:N1}となった」という[位置]{いち:position:N3}づけが[出題]{しゅつだい:exam question:N4}される。また、8[原則]{げんそく:principles:N2}と[日本法]{にほんほう:Japanese law:N3}の[条文]{じょうぶん:article:N1}[対応]{たいおう:correspondence:N1}も[頻出]{ひんしゅつ:frequent:N1}。\n\n#en\nExam Tip: Memorize the names (both Japanese and English) and content of all OECD 8 Principles. The positioning that they \"have no legal binding force\" but \"became the foundation for legislation in each country\" is tested. The correspondence between the 8 principles and articles of Japanese law is also frequently tested.\n::\n\n::para\nOECD8[原則]{げんそく:principles:N2}は[法的]{ほうてき:legal:N3}[拘束力]{こうそくりょく:binding force:N1}を[持たない]{もたない:not to have:N4}[勧告]{かんこく:recommendation:N1}であるが、[世界]{せかい:world:N4}[各国]{かっこく:each country:N2}の[個人]{こじん:individual:N2}[情報]{じょうほう:information:N3}[保護]{ほご:protection:N1}[法制]{ほうせい:legal system:N3}の[基盤]{きばん:foundation:N1}となった。[日本]{にほん:Japan:N5}の[個人]{こじん:individual:N2}[情報]{じょうほう:information:N3}[保護]{ほご:protection:N1}[法]{ほう:law:N3}も、これら8[原則]{げんそく:principles:N2}を[反映]{はんえい:reflection:N3}した[構成]{こうせい:composition:N3}になっている。[例えば]{たとえば:for example:N3}、[収集]{しゅうしゅう:collection:N3}[制限]{せいげん:limitation:N3}の[原則]{げんそく:principles:N2}は[法]{ほう:law:N3}[第]{だい:number:N1}17[条]{じょう:article:N1}の[適正]{てきせい:proper:N3}な[取得]{しゅとく:acquisition:N3}、[目的]{もくてき:purpose:N4}[明確化]{めいかくか:clarification:N3}の[原則]{げんそく:principles:N2}は[第]{だい:number:N1}17[条]{じょう:article:N1}[第]{だい:number:N1}1[項]{こう:paragraph:N1}の[利用]{りよう:use:N3}[目的]{もくてき:purpose:N4}の[特定]{とくてい:specification:N3}、[安全]{あんぜん:safety:N3}[保護]{ほご:protection:N1}の[原則]{げんそく:principles:N2}は[第]{だい:number:N1}23[条]{じょう:article:N1}の[安全]{あんぜん:safety:N3}[管理]{かんり:management:N2}[措置]{そち:measures:N1}にそれぞれ[対応]{たいおう:correspondence:N1}している。[試験]{しけん:examination:N4}では「OECD8[原則]{げんそく:principles:N2}のうちどれが[日本法]{にほんほう:Japanese law:N3}のどの[条文]{じょうぶん:article:N1}に[対応]{たいおう:correspondence:N1}するか」が[問われる]{とわれる:to be asked:N4}ことがあるため、8[原則]{げんそく:principles:N2}の[名称]{めいしょう:name:N1}と[内容]{ないよう:content:N3}は[正確]{せいかく:accurate:N3}に[暗記]{あんき:memorization:N3}すべきである。\n\n#en\nThe OECD 8 Principles are a recommendation without legal binding force, but they became the foundation for personal information protection legislation in countries around the world. Japan's Personal Information Protection Act also has a structure reflecting these 8 principles. For example, the Collection Limitation Principle corresponds to proper acquisition under Article 17, the Purpose Specification Principle corresponds to specification of purpose of use under Article 17(1), and the Security Safeguards Principle corresponds to safety management measures under Article 23. Because the exam may ask \"which OECD principle corresponds to which article of Japanese law,\" the names and content of all 8 principles should be memorized accurately.\n::\n\n::heading\nEU[指令]{しれい:directive:N2}・GDPRの[影響]{えいきょう:influence:N1}と[日]{にち:Japan:N5}EU[相互]{そうご:mutual:N3}[認証]{にんしょう:authentication:N1}\n\n#en\nThe Influence of the EU Directive and GDPR, and the Japan-EU Mutual Adequacy Decision\n::\n\n::para\n1995[年]{ねん:year:N5}にEU（[欧州]{おうしゅう:Europe:N2}[連合]{れんごう:union:N3}）は「データ[保護]{ほご:protection:N1}[指令]{しれい:directive:N2}」（Directive 95\u002F46\u002FEC）を[採択]{さいたく:adoption:N1}した。この[指令]{しれい:directive:N2}は、[十分]{じゅうぶん:sufficient:N5}な[保護]{ほご:protection:N1}[水準]{すいじゅん:level:N2}を[有さない]{ゆうさない:not to have:N4}[第三国]{だいさんこく:third country:N1}への[個人]{こじん:individual:N2}データの[移転]{いてん:transfer:N2}を[原則]{げんそく:principles:N2}[禁止]{きんし:prohibition:N2}するという[十分性]{じゅうぶんせい:adequacy:N3}[認定]{にんてい:certification:N3}の[仕組み]{しくみ:mechanism:N3}を[導入]{どうにゅう:introduction:N2}し、[各国]{かっこく:each country:N2}に[法]{ほう:law:N3}[整備]{せいび:development:N1}を[促した]{うながした:urged:N1}。2018[年]{ねん:year:N5}にはこれを[発展]{はってん:development:N1}させた「[一般]{いっぱん:general:N2}データ[保護]{ほご:protection:N1}[規則]{きそく:regulation:N2}」（GDPR: General Data Protection Regulation）が[施行]{しこう:enforcement:N1}された。GDPRは[全]{ぜん:all:N3}EU[加盟国]{かめいこく:member state:N1}に[直接]{ちょくせつ:directly:N2}[適用]{てきよう:application:N3}される[規則]{きそく:regulation:N2}であり、[域外]{いきがい:extraterritorial:N2}[適用]{てきよう:application:N3}[条項]{じょうこう:provision:N1}を[持つ]{もつ:to have:N4}ため、EU[域内]{いきない:within the territory:N2}の[個人]{こじん:individual:N2}データを[扱う]{あつかう:to handle:N1}[日本]{にほん:Japan:N5}[企業]{きぎょう:enterprise:N1}にも[影響]{えいきょう:influence:N1}を[及ぼす]{およぼす:to exert:N1}。[違反]{いはん:violation:N3}[時]{じ:time of:N5}の[制裁金]{せいさいきん:penalty:N1}は[最大]{さいだい:maximum:N3}で[全世界]{ぜんせかい:worldwide:N3}[売上高]{うりあげだか:revenue:N4}の4%[又は]{または:or:N1}2,000[万]{まん:ten thousand:N5}ユーロのいずれか[高い]{たかい:higher:N5}[方]{ほう:side:N4}と[規定]{きてい:provision:N3}され、[極めて]{きわめて:extremely:N2}[厳格]{げんかく:strict:N1}である。\n\n#en\nIn 1995, the EU adopted the \"Data Protection Directive\" (Directive 95\u002F46\u002FEC). This directive introduced the mechanism of adequacy decisions, which in principle prohibit the transfer of personal data to third countries that do not have a sufficient level of protection, urging countries to develop their legislation. In 2018, the \"General Data Protection Regulation\" (GDPR) came into force as its successor. The GDPR is a regulation directly applicable in all EU member states and has extraterritorial application provisions, meaning it also affects Japanese companies that handle personal data of individuals within the EU. Penalties for violations are stipulated as the higher of up to 4% of worldwide annual revenue or 20 million euros, making it extremely strict.\n::\n\n::para\n2019[年]{ねん:year:N5}1[月]{がつ:month:N5}23[日]{にち:day:N5}、[日本]{にほん:Japan:N5}と[欧州]{おうしゅう:Europe:N2}[連合]{れんごう:union:N3}の[間]{あいだ:between:N5}で[相互]{そうご:mutual:N3}の[十分性]{じゅうぶんせい:adequacy:N3}[認定]{にんてい:certification:N3}（[日]{にち:Japan:N5}EU[相互]{そうご:mutual:N3}[認証]{にんしょう:authentication:N1}）が[発効]{はっこう:taking effect:N2}した。これにより、[日本]{にほん:Japan:N5}はGDPR[第]{だい:number:N1}45[条]{じょう:article:N1}に[基づく]{もとづく:based on:N1}[十分性]{じゅうぶんせい:adequacy:N3}[認定]{にんてい:certification:N3}を[受けた]{うけた:received:N3}[国]{くに:country:N5}の[一つ]{ひとつ:one:N5}となり、EU[域内]{いきない:within the territory:N2}から[日本]{にほん:Japan:N5}への[個人]{こじん:individual:N2}データの[移転]{いてん:transfer:N2}が[原則]{げんそく:principles:N2}として[認められる]{みとめられる:to be recognized:N3}ようになった。[同時に]{どうじに:at the same time:N4}、[日本]{にほん:Japan:N5}の[個人]{こじん:individual:N2}[情報]{じょうほう:information:N3}[保護]{ほご:protection:N1}[委員会]{いいんかい:commission:N2}もEUを[個人]{こじん:individual:N2}データの[移転先]{いてんさき:transfer destination:N2}として[認めた]{みとめた:recognized:N3}。ただし、[日本]{にほん:Japan:N5}の[事業者]{じぎょうしゃ:business operator:N4}がEUからデータを[受領]{じゅりょう:receipt:N2}する[際]{さい:occasion:N3}には、「[補完的]{ほかんてき:supplementary:N2}ルール」に[従う]{したがう:to follow:N1}[必要]{ひつよう:necessary:N3}がある。[補完的]{ほかんてき:supplementary:N2}ルールでは、[要配慮]{ようはいりょ:requiring special care:N1}[個人]{こじん:individual:N2}[情報]{じょうほう:information:N3}の[範囲]{はんい:scope:N1}をGDPRの「[特別]{とくべつ:special:N4}カテゴリーデータ」と[同等]{どうとう:equivalent:N3}に[拡大]{かくだい:expansion:N1}すること、[保有]{ほゆう:possession:N1}[個人]{こじん:individual:N2}データの[保存]{ほぞん:storage:N1}[期間]{きかん:period:N3}の[制限]{せいげん:limitation:N3}を[撤廃]{てっぱい:abolition:N1}すること、[匿名]{とくめい:anonymous:N1}[加工]{かこう:processing:N3}[情報]{じょうほう:information:N3}の[取り扱い]{とりあつかい:handling:N1}に[追加]{ついか:addition:N3}[条件]{じょうけん:condition:N1}を[付す]{ふす:to attach:N3}ことなどが[求められる]{もとめられる:required:N3}。\n\n#en\nOn January 23, 2019, the mutual adequacy decision between Japan and the EU (Japan-EU mutual recognition) took effect. This made Japan one of the countries that received an adequacy decision under Article 45 of the GDPR, allowing the transfer of personal data from within the EU to Japan in principle. At the same time, Japan's Personal Information Protection Commission also recognized the EU as a valid transfer destination for personal data. However, when Japanese business operators receive data from the EU, they must comply with \"Supplementary Rules.\" The Supplementary Rules require expanding the scope of special care-required personal information to be equivalent to GDPR's \"special category data,\" abolishing the retention period limitation for retained personal data, and adding extra conditions for the handling of anonymously processed information.\n::\n\n::callout\n[試験]{しけん:examination:N4}のポイント：[日]{にち:Japan:N5}EU[相互]{そうご:mutual:N3}[認証]{にんしょう:authentication:N1}の[発効]{はっこう:taking effect:N2}[年]{ねん:year:N5}（2019[年]{ねん:year:N5}）を[覚える]{おぼえる:to remember:N3}こと。「[補完的]{ほかんてき:supplementary:N2}ルール」の[存在]{そんざい:existence:N3}と、[十分性]{じゅうぶんせい:adequacy:N3}[認定]{にんてい:certification:N3}＝[個人]{こじん:individual:N2}データの[自由]{じゆう:free:N3}な[移転]{いてん:transfer:N2}が[可能]{かのう:possible:N3}になるという[意味]{いみ:meaning:N4}を[理解]{りかい:understanding:N3}する。GDPRの[制裁金]{せいさいきん:penalty:N1}の[上限]{じょうげん:upper limit:N3}（4%\u002F[又は]{または:or:N1}2,000[万]{まん:ten thousand:N5}ユーロ）も[頻出]{ひんしゅつ:frequent:N1}。\n\n#en\nExam Tip: Remember the year the Japan-EU mutual adequacy decision took effect (2019). Understand the existence of \"Supplementary Rules\" and that an adequacy decision means the free transfer of personal data becomes possible. The GDPR penalty cap (4% \u002F or 20 million euros) is also frequently tested.\n::\n\n::heading\n[日本]{にほん:Japan:N5}の[個人]{こじん:individual:N2}[情報]{じょうほう:information:N3}[保護]{ほご:protection:N1}[法制]{ほうせい:legal system:N3}の[変遷]{へんせん:transition:N1}\n\n#en\nThe Evolution of Japan's Personal Information Protection Legal System\n::\n\n::para\n[日本]{にほん:Japan:N5}の[個人]{こじん:individual:N2}[情報]{じょうほう:information:N3}[保護]{ほご:protection:N1}[法制]{ほうせい:legal system:N3}は、[段階的]{だんかいてき:gradual:N2}に[発展]{はってん:development:N1}してきた。1988[年]{ねん:year:N5}、[行政]{ぎょうせい:administration:N3}[機関]{きかん:institution:N3}を[対象]{たいしょう:target:N2}に「[行政]{ぎょうせい:administration:N3}[機関]{きかん:institution:N3}の[保有]{ほゆう:possession:N1}する[電子]{でんし:electronic:N5}[計算]{けいさん:calculation:N2}[機]{き:machine:N3}[処理]{しょり:processing:N3}に[係る]{かかる:pertaining to:N3}[個人]{こじん:individual:N2}[情報]{じょうほう:information:N3}の[保護]{ほご:protection:N1}に[関する]{かんする:related to:N3}[法律]{ほうりつ:law:N2}」が[制定]{せいてい:enactment:N3}された。これは[行政]{ぎょうせい:administration:N3}[機関]{きかん:institution:N3}がコンピュータで[処理]{しょり:processing:N3}する[個人]{こじん:individual:N2}[情報]{じょうほう:information:N3}のみを[対象]{たいしょう:target:N2}とし、[民間]{みんかん:private sector:N3}[事業者]{じぎょうしゃ:business operator:N4}は[含まれ]{ふくまれ:to be included:N2}なかった。2003[年]{ねん:year:N5}に[成立]{せいりつ:establishment:N3}した[個人]{こじん:individual:N2}[情報]{じょうほう:information:N3}[保護]{ほご:protection:N1}[法]{ほう:law:N3}（2005[年]{ねん:year:N5}[全面]{ぜんめん:full:N3}[施行]{しこう:enforcement:N1}）は、[民間]{みんかん:private sector:N3}[事業者]{じぎょうしゃ:business operator:N4}を[含む]{ふくむ:to include:N2}[包括的]{ほうかつてき:comprehensive:N1}な[法律]{ほうりつ:law:N2}であり、[基本]{きほん:basic:N1}[理念]{りねん:principle:N3}（[第]{だい:number:N1}1[章]{しょう:chapter:N2}）と[民間]{みんかん:private sector:N3}[事業者]{じぎょうしゃ:business operator:N4}の[義務]{ぎむ:obligation:N1}（[第]{だい:number:N1}4[章]{しょう:chapter:N2}）を[定めた]{さだめた:established:N3}。ただし、[当初]{とうしょ:initially:N3}は「5,000[件]{けん:cases:N3}[要件]{ようけん:requirements:N3}」があり、[取り扱う]{とりあつかう:to handle:N1}[個人]{こじん:individual:N2}[情報]{じょうほう:information:N3}が5,000[件]{けん:cases:N3}[以下]{いか:below:N4}の[小規模]{しょうきぼ:small-scale:N1}[事業者]{じぎょうしゃ:business operator:N4}は[適用]{てきよう:application:N3}[除外]{じょがい:exclusion:N3}であった。\n\n#en\nJapan's personal information protection legal system has developed in stages. In 1988, the \"Act on the Protection of Personal Information Held by Administrative Organs in Computer Processing\" was enacted targeting administrative organs. This covered only personal information processed by computers at administrative organs and did not include private-sector business operators. The Personal Information Protection Act enacted in 2003 (fully enforced in 2005) was a comprehensive law covering private-sector business operators, establishing basic principles (Chapter 1) and obligations of private-sector business operators (Chapter 4). However, initially there was a \"5,000 record requirement,\" and small-scale business operators handling 5,000 or fewer personal information records were excluded from application.\n::\n\n::para\n2015[年]{ねん:year:N5}[改正]{かいせい:amendment:N2}（2017[年]{ねん:year:N5}[全面]{ぜんめん:full:N3}[施行]{しこう:enforcement:N1}）は[大幅]{おおはば:significant:N2}な[見直し]{みなおし:review:N3}であった。[主な]{おもな:main:N4}[改正]{かいせい:amendment:N2}[点]{てん:point:N3}は[以下]{いか:the following:N4}の[通り]{とおり:as follows:N4}である。[第]{だい:number:N1}1に、[個人]{こじん:individual:N2}[情報]{じょうほう:information:N3}[保護]{ほご:protection:N1}[委員会]{いいんかい:commission:N2}の[設置]{せっち:establishment:N2}である。[従来]{じゅうらい:previously:N1}は[各]{かく:each:N2}[省庁]{しょうちょう:ministry:N2}が[所管]{しょかん:jurisdiction:N2}[業界]{ぎょうかい:industry:N4}を[監督]{かんとく:supervision:N1}する「[共管]{きょうかん:joint jurisdiction:N2}」[体制]{たいせい:system:N3}であったが、[独立]{どくりつ:independent:N1}した[監督]{かんとく:supervision:N1}[機関]{きかん:institution:N3}に[一元化]{いちげんか:unification:N3}された。[第]{だい:number:N1}2に、「[要配慮]{ようはいりょ:requiring special care:N1}[個人]{こじん:individual:N2}[情報]{じょうほう:information:N3}」の[新設]{しんせつ:newly established:N2}である。[人種]{じんしゅ:race:N3}、[信条]{しんじょう:creed:N1}、[社会的]{しゃかいてき:social:N4}[身分]{みぶん:status:N4}、[病歴]{びょうれき:medical history:N2}、[犯罪]{はんざい:crime:N3}の[経歴]{けいれき:record:N2}、[犯罪]{はんざい:crime:N3}[被害]{ひがい:damage:N2}[情報]{じょうほう:information:N3}などがこれに[該当]{がいとう:applicable:N1}し、[取得]{しゅとく:acquisition:N3}に[原則]{げんそく:principles:N2}として[本人]{ほんにん:the person themselves:N5}の[同意]{どうい:consent:N4}が[必要]{ひつよう:necessary:N3}となった。[第]{だい:number:N1}3に、「[匿名]{とくめい:anonymous:N1}[加工]{かこう:processing:N3}[情報]{じょうほう:information:N3}」の[制度]{せいど:system:N3}[創設]{そうせつ:creation:N1}である。[第]{だい:number:N1}4に、5,000[件]{けん:cases:N3}[要件]{ようけん:requirements:N3}の[撤廃]{てっぱい:abolition:N1}により、[全て]{すべて:all:N3}の[事業者]{じぎょうしゃ:business operator:N4}が[法]{ほう:law:N3}の[適用]{てきよう:application:N3}[対象]{たいしょう:target:N2}となった。[第]{だい:number:N1}5に、[個人]{こじん:individual:N2}[情報]{じょうほう:information:N3}の[定義]{ていぎ:definition:N1}が[明確化]{めいかくか:clarification:N3}され、「[個人]{こじん:individual:N2}[識別]{しきべつ:identification:N3}[符号]{ふごう:code:N2}」が[新設]{しんせつ:newly established:N2}された。\n\n#en\nThe 2015 amendment (fully enforced in 2017) was a major overhaul. The main amendments were as follows. First, the establishment of the Personal Information Protection Commission. Previously, each ministry supervised its jurisdictional industry under a \"joint jurisdiction\" system, but this was unified into an independent supervisory authority. Second, the creation of \"special care-required personal information.\" This includes race, creed, social status, medical history, criminal record, and crime victimization information, and obtaining such data now in principle requires the consent of the individual. Third, the creation of the \"anonymously processed information\" system. Fourth, the abolition of the 5,000-record requirement made all business operators subject to the law. Fifth, the definition of personal information was clarified, and \"personal identification codes\" were newly established.\n::\n\n::para\n2020[年]{ねん:year:N5}[改正]{かいせい:amendment:N2}（2022[年]{ねん:year:N5}4[月]{がつ:month:N5}[施行]{しこう:enforcement:N1}）では、[個人]{こじん:individual:N2}の[権利]{けんり:rights:N3}がさらに[強化]{きょうか:strengthening:N3}された。[利用]{りよう:use:N3}[停止]{ていし:suspension:N2}・[消去]{しょうきょ:deletion:N3}[請求権]{せいきゅうけん:right to demand:N1}の[要件]{ようけん:requirements:N3}が[緩和]{かんわ:relaxation:N1}され、[従来]{じゅうらい:previously:N1}は「[目的外]{もくてきがい:beyond the purpose:N4}[利用]{りよう:use:N3}」や「[不正]{ふせい:unauthorized:N4}[取得]{しゅとく:acquisition:N3}」の[場合]{ばあい:case:N3}に[限定]{げんてい:limitation:N3}されていたが、「[本人]{ほんにん:the person themselves:N5}の[権利]{けんり:rights:N3}[又は]{または:or:N1}[正当]{せいとう:legitimate:N3}な[利益]{りえき:interest:N1}が[害される]{がいされる:to be harmed:N3}おそれがある[場合]{ばあい:case:N3}」にも[認められる]{みとめられる:to be recognized:N3}ようになった。また、「[仮名]{かめい:pseudonymous:N1}[加工]{かこう:processing:N3}[情報]{じょうほう:information:N3}」が[創設]{そうせつ:creation:N1}され、[匿名]{とくめい:anonymous:N1}[加工]{かこう:processing:N3}[情報]{じょうほう:information:N3}よりも[加工]{かこう:processing:N3}の[程度]{ていど:degree:N3}が[低い]{ひくい:low:N2}が、[内部]{ないぶ:internal:N3}[分析]{ぶんせき:analysis:N1}[用途]{ようと:use, application:N3}に[限り]{かぎり:limited to:N3}[利用]{りよう:use:N3}できるカテゴリーとして[導入]{どうにゅう:introduction:N2}された。[漏えい]{ろうえい:leakage:N1}[報告]{ほうこく:report:N3}が[義務化]{ぎむか:making obligatory:N1}され、[個人]{こじん:individual:N2}[情報]{じょうほう:information:N3}[保護]{ほご:protection:N1}[委員会]{いいんかい:commission:N2}への[報告]{ほうこく:report:N3}と[本人]{ほんにん:the person themselves:N5}への[通知]{つうち:notification:N4}が[必要]{ひつよう:necessary:N3}となった（[要配慮]{ようはいりょ:requiring special care:N1}[個人]{こじん:individual:N2}[情報]{じょうほう:information:N3}の[漏えい]{ろうえい:leakage:N1}、1,000[件]{けん:cases:N3}[超]{ちょう:exceeding:N2}の[漏えい]{ろうえい:leakage:N1}など[一定]{いってい:fixed:N3}の[場合]{ばあい:case:N3}）。さらに、[法]{ほう:law:N3}[定]{てい:stipulated:N3}[刑]{けい:penalty:N1}の[引き上げ]{ひきあげ:raising:N3}（[法人]{ほうじん:corporation:N3}に[対する]{たいする:against:N3}[罰金]{ばっきん:fine:N1}[最大]{さいだい:maximum:N3}1[億]{おく:hundred million:N2}[円]{えん:yen:N5}）も[行われた]{おこなわれた:was carried out:N5}。\n\n#en\nThe 2020 amendment (enforced April 2022) further strengthened individual rights. The requirements for the right to request suspension of use and deletion were relaxed—previously limited to cases of \"use beyond the purpose\" or \"improper acquisition,\" they now also apply when \"the rights or legitimate interests of the individual are likely to be harmed.\" Additionally, \"pseudonymously processed information\" was created—a category with a lower degree of processing than anonymously processed information, introduced for use limited to internal analysis. Breach reporting was made mandatory, requiring reporting to the Personal Information Protection Commission and notification to the individual (in certain cases such as leakage of special care-required personal information or leakage exceeding 1,000 records). Furthermore, statutory penalties were raised (maximum fine of 100 million yen for corporations).\n::\n\n::para\n2021[年]{ねん:year:N5}[改正]{かいせい:amendment:N2}（2022[年]{ねん:year:N5}4[月]{がつ:month:N5}[施行]{しこう:enforcement:N1}）は「[三法]{さんぽう:three laws:N3}[統合]{とうごう:integration:N1}」と[呼ばれ]{よばれ:called:N3}、[個人]{こじん:individual:N2}[情報]{じょうほう:information:N3}[保護]{ほご:protection:N1}[法制]{ほうせい:legal system:N3}の[一元化]{いちげんか:unification:N3}を[実現]{じつげん:realization:N3}した。[従来]{じゅうらい:previously:N1}は（1）[個人]{こじん:individual:N2}[情報]{じょうほう:information:N3}[保護]{ほご:protection:N1}[法]{ほう:law:N3}（[民間]{みんかん:private sector:N3}）、（2）[行政]{ぎょうせい:administration:N3}[機関]{きかん:institution:N3}[個人]{こじん:individual:N2}[情報]{じょうほう:information:N3}[保護]{ほご:protection:N1}[法]{ほう:law:N3}、（3）[独立]{どくりつ:independent:N1}[行政]{ぎょうせい:administration:N3}[法人]{ほうじん:corporation:N3}[等]{とう:etc.:N3}[個人]{こじん:individual:N2}[情報]{じょうほう:information:N3}[保護]{ほご:protection:N1}[法]{ほう:law:N3}の3つの[法律]{ほうりつ:law:N2}が[並立]{へいりつ:coexistence:N2}していたが、これらが[一本]{いっぽん:single:N5}の[法律]{ほうりつ:law:N2}に[統合]{とうごう:integration:N1}された。[地方]{ちほう:local:N4}[公共]{こうきょう:public:N3}[団体]{だんたい:organization:N2}（[自治体]{じちたい:municipality:N3}）も[個人]{こじん:individual:N2}[情報]{じょうほう:information:N3}[保護]{ほご:protection:N1}[法]{ほう:law:N3}の[適用]{てきよう:application:N3}[対象]{たいしょう:target:N2}に[含まれる]{ふくまれる:to be included:N2}ことになり、[全国]{ぜんこく:nationwide:N3}[統一]{とういつ:unification:N1}の[規律]{きりつ:discipline:N2}が[適用]{てきよう:application:N3}されるようになった（2023[年]{ねん:year:N5}4[月]{がつ:month:N5}[施行]{しこう:enforcement:N1}）。\n\n#en\nThe 2021 amendment (enforced April 2022) is called the \"Three-Law Integration\" and achieved the unification of the personal information protection legal system. Previously, three separate laws coexisted: (1) the Personal Information Protection Act (private sector), (2) the Administrative Organs Personal Information Protection Act, and (3) the Incorporated Administrative Agencies Personal Information Protection Act. These were integrated into a single law. Local public entities (municipalities) were also brought under the Personal Information Protection Act, and nationwide uniform rules became applicable (enforced April 2023).\n::\n\n::callout\n[試験]{しけん:examination:N4}のポイント：[各]{かく:each:N2}[改正]{かいせい:amendment:N2}[年]{ねん:year:N5}と[施行]{しこう:enforcement:N1}[年]{ねん:year:N5}の[区別]{くべつ:distinction:N2}に[注意]{ちゅうい:caution:N4}。2015[年]{ねん:year:N5}[改正]{かいせい:amendment:N2}→2017[年]{ねん:year:N5}[施行]{しこう:enforcement:N1}、2020[年]{ねん:year:N5}[改正]{かいせい:amendment:N2}→2022[年]{ねん:year:N5}4[月]{がつ:month:N5}[施行]{しこう:enforcement:N1}、2021[年]{ねん:year:N5}[改正]{かいせい:amendment:N2}（[三法]{さんぽう:three laws:N3}[統合]{とうごう:integration:N1}）→2022[年]{ねん:year:N5}4[月]{がつ:month:N5}[施行]{しこう:enforcement:N1}（[自治体]{じちたい:municipality:N3}は2023[年]{ねん:year:N5}4[月]{がつ:month:N5}）。「5,000[件]{けん:cases:N3}[要件]{ようけん:requirements:N3}の[撤廃]{てっぱい:abolition:N1}」は2015[年]{ねん:year:N5}[改正]{かいせい:amendment:N2}。「[漏えい]{ろうえい:leakage:N1}[報告]{ほうこく:report:N3}の[義務化]{ぎむか:making obligatory:N1}」は2020[年]{ねん:year:N5}[改正]{かいせい:amendment:N2}。「[三法]{さんぽう:three laws:N3}[統合]{とうごう:integration:N1}」は2021[年]{ねん:year:N5}[改正]{かいせい:amendment:N2}。どの[改正]{かいせい:amendment:N2}でどの[制度]{せいど:system:N3}が[導入]{どうにゅう:introduction:N2}されたか[整理]{せいり:organization:N1}しておくこと。\n\n#en\nExam Tip: Be careful to distinguish between amendment years and enforcement years. 2015 amendment → 2017 enforcement, 2020 amendment → April 2022 enforcement, 2021 amendment (three-law integration) → April 2022 enforcement (municipalities April 2023). \"Abolition of the 5,000-record requirement\" was the 2015 amendment. \"Mandatory breach reporting\" was the 2020 amendment. \"Three-law integration\" was the 2021 amendment. Organize which system was introduced by which amendment.\n::\n\n::heading\n[現行法]{げんこうほう:current law:N3}の[構造]{こうぞう:structure:N2}：[本則]{ほんそく:main provisions:N2}・[政令]{せいれい:government ordinance:N2}・[規則]{きそく:rules:N2}・ガイドライン\n\n#en\nThe Structure of the Current Law: Main Provisions, Cabinet Order, Rules, and Guidelines\n::\n\n::para\n[現行]{げんこう:current:N3}の[個人]{こじん:individual:N2}[情報]{じょうほう:information:N3}[保護]{ほご:protection:N1}[法]{ほう:law:N3}は[本則]{ほんそく:main provisions:N2}と[附則]{ふそく:supplementary provisions:N1}で[構成]{こうせい:composition:N3}される。[本則]{ほんそく:main provisions:N2}は[第]{だい:number:N1}1[章]{しょう:chapter:N2}「[総則]{そうそく:general provisions:N2}」（[目的]{もくてき:purpose:N4}・[定義]{ていぎ:definition:N1}）、[第]{だい:number:N1}2[章]{しょう:chapter:N2}「[国]{くに:country:N5}[及び]{および:and:N1}[地方]{ちほう:local:N4}[公共]{こうきょう:public:N3}[団体]{だんたい:organization:N2}の[責務]{せきむ:duty:N3}[等]{とう:etc.:N3}」、[第]{だい:number:N1}3[章]{しょう:chapter:N2}「[個人]{こじん:individual:N2}[情報]{じょうほう:information:N3}の[保護]{ほご:protection:N1}に[関する]{かんする:related to:N3}[施策]{しさく:measure:N1}」、[第]{だい:number:N1}4[章]{しょう:chapter:N2}「[個人]{こじん:individual:N2}[情報]{じょうほう:information:N3}[取扱]{とりあつかい:handling:N1}[事業者]{じぎょうしゃ:business operator:N4}[等]{とう:etc.:N3}の[義務]{ぎむ:obligation:N1}[等]{とう:etc.:N3}」（[最]{もっと:most:N3}も[試験]{しけん:examination:N4}に[出る]{でる:to appear:N5}[章]{しょう:chapter:N2}）、[第]{だい:number:N1}5[章]{しょう:chapter:N2}「[行政]{ぎょうせい:administration:N3}[機関]{きかん:institution:N3}[等]{とう:etc.:N3}の[義務]{ぎむ:obligation:N1}[等]{とう:etc.:N3}」、[第]{だい:number:N1}6[章]{しょう:chapter:N2}「[個人]{こじん:individual:N2}[情報]{じょうほう:information:N3}[保護]{ほご:protection:N1}[委員会]{いいんかい:commission:N2}」、[第]{だい:number:N1}7[章]{しょう:chapter:N2}「[雑則]{ざっそく:miscellaneous provisions:N2}」、[第]{だい:number:N1}8[章]{しょう:chapter:N2}「[罰則]{ばっそく:penal provisions:N1}」で[構成]{こうせい:composition:N3}される。[法]{ほう:law:N3}の[下位]{かい:lower:N3}[規範]{きはん:norm:N1}として、[政令]{せいれい:government ordinance:N2}（[施行令]{しこうれい:enforcement order:N1}）は[法律]{ほうりつ:law:N2}の[委任]{いにん:delegation:N2}に[基づき]{もとづき:based on:N1}[内閣]{ないかく:cabinet:N1}が[制定]{せいてい:enactment:N3}し、[施行]{しこう:enforcement:N1}[規則]{きそく:rules:N2}は[個人]{こじん:individual:N2}[情報]{じょうほう:information:N3}[保護]{ほご:protection:N1}[委員会]{いいんかい:commission:N2}が[定める]{さだめる:to determine:N3}。さらにその[下]{した:below:N5}にガイドラインが[位置]{いち:position:N3}づけられ、[実務]{じつむ:practical work:N3}[上]{じょう:in terms of:N5}の[詳細]{しょうさい:details:N1}な[解釈]{かいしゃく:interpretation:N1}を[提供]{ていきょう:provision:N1}する。\n\n#en\nThe current Personal Information Protection Act consists of main provisions and supplementary provisions. The main provisions are structured as follows: Chapter 1 \"General Provisions\" (purpose and definitions), Chapter 2 \"Responsibilities of the National and Local Public Entities,\" Chapter 3 \"Measures Related to Personal Information Protection,\" Chapter 4 \"Obligations of Personal Information Handling Business Operators\" (the chapter most tested on the exam), Chapter 5 \"Obligations of Administrative Organs,\" Chapter 6 \"Personal Information Protection Commission,\" Chapter 7 \"Miscellaneous Provisions,\" and Chapter 8 \"Penal Provisions.\" As subordinate norms below the law, the Cabinet Order (Enforcement Order) is enacted by the Cabinet based on delegation from the law, and the Enforcement Rules are determined by the Personal Information Protection Commission. Guidelines are positioned further below, providing detailed practical interpretations.\n::\n\n::heading\n[個人]{こじん:individual:N2}[情報]{じょうほう:information:N3}[保護]{ほご:protection:N1}[委員会]{いいんかい:commission:N2}の[組織]{そしき:organization:N1}と[権限]{けんげん:authority:N3}\n\n#en\nThe Organization and Powers of the Personal Information Protection Commission\n::\n\n::para\n[個人]{こじん:individual:N2}[情報]{じょうほう:information:N3}[保護]{ほご:protection:N1}[委員会]{いいんかい:commission:N2}は、2016[年]{ねん:year:N5}1[月]{がつ:month:N5}に[発足]{ほっそく:inauguration:N4}した、[内閣府]{ないかくふ:Cabinet Office:N1}の[外局]{がいきょく:external bureau:N3}たる[独立]{どくりつ:independent:N1}[行政]{ぎょうせい:administration:N3}[委員会]{いいんかい:commission:N2}（いわゆる「[三条]{さんじょう:Article 3:N1}[委員会]{いいんかい:commission:N2}」）である。[委員長]{いいんちょう:chairperson:N2}1[名]{めい:person:N5}と[委員]{いいん:member:N2}8[名]{めい:person:N5}の[計]{けい:total:N4}9[名]{めい:person:N5}で[構成]{こうせい:composition:N3}され、[委員長]{いいんちょう:chairperson:N2}・[委員]{いいん:member:N2}は[両議院]{りょうぎいん:both houses:N3}の[同意]{どうい:consent:N4}を[得て]{えて:to obtain:N3}[内閣]{ないかく:cabinet:N1}[総理]{そうり:prime minister:N2}[大臣]{だいじん:minister:N2}が[任命]{にんめい:appointment:N3}する。[任期]{にんき:term of office:N3}は5[年]{ねん:year:N5}である。[独立性]{どくりつせい:independence:N1}が[極めて]{きわめて:extremely:N2}[重視]{じゅうし:emphasis:N1}され、[職権]{しょっけん:authority:N3}[行使]{こうし:exercise:N4}の[独立性]{どくりつせい:independence:N1}が[法律]{ほうりつ:law:N2}で[保障]{ほしょう:guarantee:N1}されている。[主な]{おもな:main:N4}[権限]{けんげん:authority:N3}は：（1）[報告]{ほうこく:report:N3}[徴収]{ちょうしゅう:collection:N1}・[立入]{たちいり:on-site:N4}[検査]{けんさ:inspection:N1}（[第]{だい:number:N1}143[条]{じょう:article:N1}）、（2）[指導]{しどう:guidance:N2}・[助言]{じょげん:advice:N3}（[第]{だい:number:N1}144[条]{じょう:article:N1}）、（3）[勧告]{かんこく:recommendation:N1}（[第]{だい:number:N1}145[条]{じょう:article:N1}）、（4）[命令]{めいれい:order:N2}（[第]{だい:number:N1}145[条]{じょう:article:N1}）である。[命令]{めいれい:order:N2}[違反]{いはん:violation:N3}には[刑事]{けいじ:criminal:N1}[罰]{ばつ:punishment:N1}が[科される]{かされる:to be imposed:N3}。\n\n#en\nThe Personal Information Protection Commission is an independent administrative commission (a so-called \"Article 3 Commission\"), an external bureau of the Cabinet Office, inaugurated in January 2016. It is composed of a total of 9 persons: 1 chairperson and 8 members. The chairperson and members are appointed by the Prime Minister with the consent of both houses of the Diet. The term of office is 5 years. Independence is extremely emphasized, and independence in the exercise of authority is guaranteed by law. Main powers include: (1) collection of reports and on-site inspections (Article 143), (2) guidance and advice (Article 144), (3) recommendations (Article 145), and (4) orders (Article 145). Violations of orders are subject to criminal penalties.\n::\n\n::callout\n[試験]{しけん:examination:N4}のポイント：[委員会]{いいんかい:commission:N2}の[構成]{こうせい:composition:N3}（[委員長]{いいんちょう:chairperson:N2}1[名]{めい:person:N5}＋[委員]{いいん:member:N2}8[名]{めい:person:N5}＝[計]{けい:total:N4}9[名]{めい:person:N5}）、[発足]{ほっそく:inauguration:N4}[年]{ねん:year:N5}（2016[年]{ねん:year:N5}1[月]{がつ:month:N5}）、[権限]{けんげん:authority:N3}の[段階]{だんかい:stage:N2}（[報告]{ほうこく:report:N3}[徴収]{ちょうしゅう:collection:N1}→[指導]{しどう:guidance:N2}・[助言]{じょげん:advice:N3}→[勧告]{かんこく:recommendation:N1}→[命令]{めいれい:order:N2}）を[正確]{せいかく:accurate:N3}に[覚える]{おぼえる:to remember:N3}こと。「[三条]{さんじょう:Article 3:N1}[委員会]{いいんかい:commission:N2}」という[性格]{せいかく:character:N3}（[独立性]{どくりつせい:independence:N1}が[高い]{たかい:high:N5}）も[出題]{しゅつだい:exam question:N4}される。\n\n#en\nExam Tip: Accurately memorize the Commission's composition (1 chairperson + 8 members = 9 total), year of inauguration (January 2016), and the graduated levels of authority (collection of reports → guidance and advice → recommendations → orders). The character of an \"Article 3 Commission\" (high independence) is also tested.\n::\n\n::heading\n4つのガイドラインの[体系]{たいけい:system:N1}\n\n#en\nThe System of Four Guidelines\n::\n\n::para\n[個人]{こじん:individual:N2}[情報]{じょうほう:information:N3}[保護]{ほご:protection:N1}[委員会]{いいんかい:commission:N2}は4つのガイドラインを[公表]{こうひょう:publication:N3}している。（1）「[通則]{つうそく:general rules:N2}[編]{へん:volume:N2}」：[法]{ほう:law:N3}[全体]{ぜんたい:whole:N3}の[基本的]{きほんてき:fundamental:N1}な[解釈]{かいしゃく:interpretation:N1}を[示す]{しめす:to indicate:N3}。[個人]{こじん:individual:N2}[情報]{じょうほう:information:N3}の[定義]{ていぎ:definition:N1}、[利用]{りよう:use:N3}[目的]{もくてき:purpose:N4}の[特定]{とくてい:specification:N3}、[安全]{あんぜん:safety:N3}[管理]{かんり:management:N2}[措置]{そち:measures:N1}、[第三者]{だいさんしゃ:third party:N1}[提供]{ていきょう:provision:N1}、[開示]{かいじ:disclosure:N3}[請求]{せいきゅう:request:N1}[等]{とう:etc.:N3}を[網羅的]{もうらてき:comprehensive:N1}に[解説]{かいせつ:explanation:N3}する。（2）「[外国]{がいこく:foreign:N5}にある[第三者]{だいさんしゃ:third party:N1}への[提供]{ていきょう:provision:N1}[編]{へん:volume:N2}」：[法]{ほう:law:N3}[第]{だい:number:N1}28[条]{じょう:article:N1}に[基づく]{もとづく:based on:N1}[外国]{がいこく:foreign:N5}への[個人]{こじん:individual:N2}データ[移転]{いてん:transfer:N2}の[要件]{ようけん:requirements:N3}を[規定]{きてい:provision:N3}する。[本人]{ほんにん:the person themselves:N5}の[同意]{どうい:consent:N4}、[基準]{きじゅん:standard:N1}に[適合]{てきごう:conformity:N3}する[体制]{たいせい:system:N3}の[整備]{せいび:development:N1}、[又は]{または:or:N1}[日本]{にほん:Japan:N5}と[同等]{どうとう:equivalent:N3}の[保護]{ほご:protection:N1}[水準]{すいじゅん:level:N2}の[国]{くに:country:N5}への[移転]{いてん:transfer:N2}が[要件]{ようけん:requirements:N3}となる。（3）「[第三者]{だいさんしゃ:third party:N1}[提供]{ていきょう:provision:N1}[時]{じ:time of:N5}の[確認]{かくにん:confirmation:N3}・[記録]{きろく:record:N2}[義務]{ぎむ:obligation:N1}[編]{へん:volume:N2}」：[提供]{ていきょう:provision:N1}[元]{もと:source:N4}・[提供]{ていきょう:provision:N1}[先]{さき:destination:N5}の[双方]{そうほう:both sides:N2}が[記録]{きろく:record:N2}を[作成]{さくせい:creation:N3}・[保存]{ほぞん:storage:N1}する[義務]{ぎむ:obligation:N1}を[詳述]{しょうじゅつ:detailed description:N1}する。[名簿屋]{めいぼや:name list broker:N1}[対策]{たいさく:countermeasure:N1}として2015[年]{ねん:year:N5}[改正]{かいせい:amendment:N2}で[導入]{どうにゅう:introduction:N2}された。（4）「[仮名]{かめい:pseudonymous:N1}[加工]{かこう:processing:N3}[情報]{じょうほう:information:N3}・[匿名]{とくめい:anonymous:N1}[加工]{かこう:processing:N3}[情報]{じょうほう:information:N3}[編]{へん:volume:N2}」：[加工]{かこう:processing:N3}の[基準]{きじゅん:standard:N1}、[取り扱い]{とりあつかい:handling:N1}ルール、[安全]{あんぜん:safety:N3}[管理]{かんり:management:N2}[措置]{そち:measures:N1}などを[定める]{さだめる:to determine:N3}。[試験]{しけん:examination:N4}では4つのガイドラインの[名称]{めいしょう:name:N1}と[対象]{たいしょう:subject:N2}[範囲]{はんい:scope:N1}が[問われる]{とわれる:to be asked:N4}ため、[正確]{せいかく:accurate:N3}に[区別]{くべつ:distinction:N2}できるようにしておくこと。\n\n#en\nThe Personal Information Protection Commission publishes four guidelines. (1) \"General Rules Edition\": provides the basic interpretation of the entire law. It comprehensively explains the definition of personal information, specification of purpose of use, safety management measures, third-party provision, disclosure requests, etc. (2) \"Provision to Third Parties in Foreign Countries Edition\": stipulates the requirements for transferring personal data to foreign countries based on Article 28 of the law. Requirements include the consent of the individual, establishing a system conforming to standards, or transfer to a country with an equivalent level of protection to Japan. (3) \"Confirmation and Record Obligations at the Time of Third-Party Provision Edition\": details the obligation for both the provider and recipient to create and retain records. This was introduced in the 2015 amendment as a countermeasure against name list brokers. (4) \"Pseudonymously Processed Information and Anonymously Processed Information Edition\": determines processing standards, handling rules, and safety management measures. Since the exam tests the names and scope of all four guidelines, be sure you can distinguish them accurately.\n::\n\n::heading\n[関連]{かんれん:related:N3}[法]{ほう:law:N3}の[詳細]{しょうさい:details:N1}：マイナンバー[法]{ほう:law:N3}・[不正]{ふせい:unauthorized:N4}アクセス[禁止]{きんし:prohibition:N2}[法]{ほう:law:N3}・[不正]{ふせい:unfair:N4}[競争]{きょうそう:competition:N2}[防止]{ぼうし:prevention:N2}[法]{ほう:law:N3}[等]{とう:etc.:N3}\n\n#en\nDetails of Related Laws: My Number Act, Unauthorized Access Prohibition Act, Unfair Competition Prevention Act, etc.\n::\n\n::para\nマイナンバー[法]{ほう:law:N3}（「[行政]{ぎょうせい:administration:N3}[手続]{てつづき:procedure:N3}における[特定]{とくてい:specific:N3}の[個人]{こじん:individual:N2}を[識別]{しきべつ:identification:N3}するための[番号]{ばんごう:number:N3}の[利用]{りよう:use:N3}[等]{とう:etc.:N3}に[関する]{かんする:related to:N3}[法律]{ほうりつ:law:N2}」）は、[個人]{こじん:individual:N2}[情報]{じょうほう:information:N3}[保護]{ほご:protection:N1}[法]{ほう:law:N3}の[特別法]{とくべつほう:special law:N3}に[位置]{いち:position:N3}づけられる。[特定]{とくてい:specific:N3}[個人]{こじん:individual:N2}[情報]{じょうほう:information:N3}（マイナンバーを[含む]{ふくむ:to include:N2}[個人]{こじん:individual:N2}[情報]{じょうほう:information:N3}）の[取り扱い]{とりあつかい:handling:N1}には、[個人]{こじん:individual:N2}[情報]{じょうほう:information:N3}[保護]{ほご:protection:N1}[法]{ほう:law:N3}よりも[厳格]{げんかく:strict:N1}な[制限]{せいげん:limitation:N3}がある。マイナンバーの[利用]{りよう:use:N3}[範囲]{はんい:scope:N1}は[社会]{しゃかい:society:N4}[保障]{ほしょう:security:N1}・[税]{ぜい:tax:N2}・[災害]{さいがい:disaster:N1}[対策]{たいさく:countermeasure:N1}の3[分野]{ぶんや:field:N4}に[法定]{ほうてい:legal:N3}されており、[目的外]{もくてきがい:beyond the purpose:N4}[利用]{りよう:use:N3}は[原則]{げんそく:principles:N2}[禁止]{きんし:prohibition:N2}である。[特定]{とくてい:specific:N3}[個人]{こじん:individual:N2}[情報]{じょうほう:information:N3}の[提供]{ていきょう:provision:N1}も[情報]{じょうほう:information:N3}[提供]{ていきょう:provision:N1}ネットワークシステムを[通じた]{つうじた:through:N4}[場合]{ばあい:case:N3}[等]{とう:etc.:N3}に[限定]{げんてい:limitation:N3}される。[違反]{いはん:violation:N3}には[個人]{こじん:individual:N2}[情報]{じょうほう:information:N3}[保護]{ほご:protection:N1}[法]{ほう:law:N3}よりも[重い]{おもい:heavy:N4}[罰則]{ばっそく:penal provisions:N1}が[科される]{かされる:to be imposed:N3}（[最大]{さいだい:maximum:N3}4[年]{ねん:year:N5}[以下]{いか:below:N4}の[懲役]{ちょうえき:imprisonment:N1}[又は]{または:or:N1}200[万]{まん:ten thousand:N5}[円]{えん:yen:N5}[以下]{いか:below:N4}の[罰金]{ばっきん:fine:N1}）。\n\n#en\nThe My Number Act (\"Act on the Use of Numbers to Identify Specific Individuals in Administrative Procedures\") is positioned as a special law to the Personal Information Protection Act. The handling of specific personal information (personal information containing My Number) is subject to stricter limitations than the Personal Information Protection Act. The scope of My Number use is legally limited to three fields: social security, taxation, and disaster countermeasures, and use beyond the purpose is prohibited in principle. Provision of specific personal information is also limited to cases through the Information Provision Network System. Violations are subject to heavier penalties than the Personal Information Protection Act (maximum imprisonment of up to 4 years or a fine of up to 2 million yen).\n::\n\n::para\nその[他]{ほか:other:N3}の[関連]{かんれん:related:N3}[法]{ほう:law:N3}も[試験]{しけん:examination:N4}で[頻出]{ひんしゅつ:frequent:N1}である。「[不正]{ふせい:unauthorized:N4}アクセス[禁止]{きんし:prohibition:N2}[法]{ほう:law:N3}」は、[他人]{たにん:another person:N3}の[識別]{しきべつ:identification:N3}[符号]{ふごう:code:N2}（ID・パスワード）を[用いた]{もちいた:to use:N4}[不正]{ふせい:unauthorized:N4}[行為]{こうい:act:N1}やセキュリティホールを[攻撃]{こうげき:attack:N1}する[行為]{こうい:act:N1}を[禁止]{きんし:prohibition:N2}する。[注意]{ちゅうい:caution:N4}すべきは、[不正]{ふせい:unauthorized:N4}アクセス[禁止]{きんし:prohibition:N2}[法]{ほう:law:N3}はアクセス[制御]{せいぎょ:control:N3}[機能]{きのう:function:N3}を[有する]{ゆうする:to have:N4}コンピュータに[対する]{たいする:against:N3}[不正]{ふせい:unauthorized:N4}アクセスのみを[対象]{たいしょう:target:N2}とし、アクセス[制御]{せいぎょ:control:N3}[機能]{きのう:function:N3}のないコンピュータは[対象外]{たいしょうがい:outside the scope:N2}である[点]{てん:point:N3}だ。「[不正]{ふせい:unfair:N4}[競争]{きょうそう:competition:N2}[防止]{ぼうし:prevention:N2}[法]{ほう:law:N3}」は[営業]{えいぎょう:business:N2}[秘密]{ひみつ:secret:N1}の[保護]{ほご:protection:N1}を[定める]{さだめる:to determine:N3}。[営業]{えいぎょう:business:N2}[秘密]{ひみつ:secret:N1}の3[要件]{ようけん:requirements:N3}は[極めて]{きわめて:extremely:N2}[重要]{じゅうよう:important:N3}で、（ア）[秘密]{ひみつ:secret:N1}[管理性]{かんりせい:manageability:N2}（[秘密]{ひみつ:secret:N1}として[管理]{かんり:management:N2}されていること）、（イ）[有用性]{ゆうようせい:usefulness:N3}（[事業]{じぎょう:business:N4}[活動]{かつどう:activity:N3}に[有用]{ゆうよう:useful:N4}であること）、（ウ）[非]{ひ:non-:N3}[公知性]{こうちせい:public knowledge:N3}（[公然]{こうぜん:publicly:N3}と[知られて]{しられて:to be known:N4}いないこと）の3つを[全て]{すべて:all:N3}[満たす]{みたす:to satisfy:N3}[必要]{ひつよう:necessary:N3}がある。\n\n#en\nOther related laws are also frequently tested on the exam. The \"Unauthorized Access Prohibition Act\" prohibits unauthorized acts using another person's identification codes (ID and password) and attacks exploiting security holes. An important point to note is that the Unauthorized Access Prohibition Act only covers unauthorized access to computers that have access control functions—computers without access control functions are outside its scope. The \"Unfair Competition Prevention Act\" provides for the protection of trade secrets. The three requirements for trade secrets are extremely important: (a) secrecy management (being managed as a secret), (b) usefulness (being useful for business activities), and (c) non-public knowledge (not being publicly known)—all three must be satisfied.\n::\n\n::para\n「[電気]{でんき:electric:N5}[通信]{つうしん:communication:N3}[事業法]{じぎょうほう:business act:N3}」は[通信]{つうしん:communication:N3}の[秘密]{ひみつ:secret:N1}の[保護]{ほご:protection:N1}を[定める]{さだめる:to determine:N3}[重要]{じゅうよう:important:N3}な[法律]{ほうりつ:law:N2}である。[第]{だい:number:N1}4[条]{じょう:article:N1}で[通信]{つうしん:communication:N3}の[秘密]{ひみつ:secret:N1}を[侵して]{おかして:to violate:N1}はならないと[規定]{きてい:provision:N3}し、[違反]{いはん:violation:N3}には[懲役]{ちょうえき:imprisonment:N1}[又は]{または:or:N1}[罰金]{ばっきん:fine:N1}が[科される]{かされる:to be imposed:N3}。2022[年]{ねん:year:N5}[改正]{かいせい:amendment:N2}では、[利用者]{りようしゃ:user:N3}[情報]{じょうほう:information:N3}の[外部]{がいぶ:external:N3}[送信]{そうしん:transmission:N3}に[関する]{かんする:related to:N3}[規律]{きりつ:discipline:N2}（いわゆる「Cookie[規制]{きせい:regulation:N3}」）が[追加]{ついか:addition:N3}された。「[刑法]{けいほう:criminal law:N1}」の[不正]{ふせい:unauthorized:N4}[指令]{しれい:directive:N2}[電磁的]{でんじてき:electromagnetic:N1}[記録]{きろく:record:N2}に[関する]{かんする:related to:N3}[罪]{つみ:crime:N3}（[第]{だい:number:N1}168[条]{じょう:article:N1}の2・3）は、コンピュータウイルスの[作成]{さくせい:creation:N3}・[提供]{ていきょう:provision:N1}・[使用]{しよう:use:N4}を[処罰]{しょばつ:punishment:N1}する。「[特定]{とくてい:specific:N3}[電子]{でんし:electronic:N5}メールの[送信]{そうしん:transmission:N3}の[適正化]{てきせいか:optimization:N3}[等]{とう:etc.:N3}に[関する]{かんする:related to:N3}[法律]{ほうりつ:law:N2}」（[特定]{とくてい:specific:N3}[電子]{でんし:electronic:N5}メール[法]{ほう:law:N3}）はオプトイン[方式]{ほうしき:method:N3}を[採用]{さいよう:adoption:N2}し、[事前]{じぜん:in advance:N4}[同意]{どうい:consent:N4}なき[広告]{こうこく:advertisement:N3}メールの[送信]{そうしん:transmission:N3}を[禁止]{きんし:prohibition:N2}する。\n\n#en\nThe \"Telecommunications Business Act\" is an important law establishing the protection of communications secrecy. Article 4 provides that the secrecy of communications must not be violated, with violations subject to imprisonment or fines. The 2022 amendment added regulations on the external transmission of user information (so-called \"Cookie regulations\"). The Criminal Code's provisions on unauthorized electromagnetic records (Articles 168-2 and 168-3) punish the creation, provision, and use of computer viruses. The \"Act on Regulation of Transmission of Specified Electronic Mail\" (Specified Electronic Mail Act) adopts an opt-in method and prohibits the sending of advertising emails without prior consent.\n::\n\n::callout\n[試験]{しけん:examination:N4}のポイント：[営業]{えいぎょう:business:N2}[秘密]{ひみつ:secret:N1}の3[要件]{ようけん:requirements:N3}（[秘密]{ひみつ:secret:N1}[管理性]{かんりせい:manageability:N2}・[有用性]{ゆうようせい:usefulness:N3}・[非]{ひ:non-:N3}[公知性]{こうちせい:public knowledge:N3}）は[必ず]{かならず:always:N3}[出題]{しゅつだい:exam question:N4}される。マイナンバーの[利用]{りよう:use:N3}[範囲]{はんい:scope:N1}（[社会]{しゃかい:society:N4}[保障]{ほしょう:security:N1}・[税]{ぜい:tax:N2}・[災害]{さいがい:disaster:N1}[対策]{たいさく:countermeasure:N1}の3[分野]{ぶんや:field:N4}）も[頻出]{ひんしゅつ:frequent:N1}。[不正]{ふせい:unauthorized:N4}アクセス[禁止]{きんし:prohibition:N2}[法]{ほう:law:N3}は「アクセス[制御]{せいぎょ:control:N3}[機能]{きのう:function:N3}がないコンピュータは[対象外]{たいしょうがい:outside the scope:N2}」というひっかけ[問題]{もんだい:question:N4}に[注意]{ちゅうい:caution:N4}。\n\n#en\nExam Tip: The 3 requirements for trade secrets (secrecy management, usefulness, non-public knowledge) are always tested. The scope of My Number use (3 fields: social security, taxation, disaster countermeasures) is also frequent. Watch out for the trap question about the Unauthorized Access Prohibition Act: \"computers without access control functions are outside its scope.\"\n::\n\n::heading\nプライバシーマーク[制度]{せいど:system:N3}とJIS Q 15001:2023\n\n#en\nThe Privacy Mark System and JIS Q 15001:2023\n::\n\n::para\nプライバシーマーク（Pマーク）[制度]{せいど:system:N3}は、JIS Q 15001:2023「[個人]{こじん:individual:N2}[情報]{じょうほう:information:N3}[保護]{ほご:protection:N1}マネジメントシステム—[要求]{ようきゅう:requirement:N3}[事項]{じこう:matter:N1}」に[基づく]{もとづく:based on:N1}[認定]{にんてい:certification:N3}[制度]{せいど:system:N3}である。[一般]{いっぱん:general:N2}[財団]{ざいだん:foundation:N2}[法人]{ほうじん:corporation:N3}[日本]{にほん:Japan:N5}[情報]{じょうほう:information:N3}[経済]{けいざい:economy:N3}[社会]{しゃかい:society:N4}[推進]{すいしん:promotion:N1}[協会]{きょうかい:association:N2}（JIPDEC）が[制度]{せいど:system:N3}[全体]{ぜんたい:whole:N3}を[運営]{うんえい:operation:N2}し、[審査]{しんさ:examination:N1}はJIPDECまたは[指定]{してい:designation:N3}[審査]{しんさ:examination:N1}[機関]{きかん:institution:N3}が[行う]{おこなう:to carry out:N5}。[対象]{たいしょう:target:N2}は[国内]{こくない:domestic:N3}に[活動]{かつどう:activity:N3}[拠点]{きょてん:base:N1}を[持つ]{もつ:to have:N4}[事業者]{じぎょうしゃ:business operator:N4}（[法人]{ほうじん:corporation:N3}[単位]{たんい:unit:N3}）であり、[個人]{こじん:individual:N2}や[部門]{ぶもん:department:N2}[単位]{たんい:unit:N3}では[取得]{しゅとく:acquisition:N3}できない。[有効]{ゆうこう:validity:N2}[期間]{きかん:period:N3}は2[年]{ねん:year:N5}で、[更新]{こうしん:renewal:N3}の[際]{さい:occasion:N3}は[有効]{ゆうこう:validity:N2}[期間]{きかん:period:N3}[満了]{まんりょう:expiration:N2}の8[か月]{かげつ:months:N5}[前]{まえ:before:N5}から4[か月]{かげつ:months:N5}[前]{まえ:before:N5}までに[申請]{しんせい:application:N1}が[必要]{ひつよう:necessary:N3}である。Pマーク[取得]{しゅとく:acquisition:N3}[事業者]{じぎょうしゃ:business operator:N4}は[個人]{こじん:individual:N2}[情報]{じょうほう:information:N3}[保護]{ほご:protection:N1}マネジメントシステム（PMS）を[構築]{こうちく:building:N2}・[運用]{うんよう:operation:N4}し、[全]{ぜん:all:N3}[従業者]{じゅうぎょうしゃ:employee:N1}への[教育]{きょういく:education:N3}、[内部]{ないぶ:internal:N3}[監査]{かんさ:audit:N1}、[マネジメント]{まねじめんと:management}レビューを[実施]{じっし:implementation:N1}する[義務]{ぎむ:obligation:N1}がある。\n\n#en\nThe Privacy Mark (P-Mark) system is a certification system based on JIS Q 15001:2023 \"Personal Information Protection Management System—Requirements.\" The Japan Institute for Promotion of Digital Economy and Community (JIPDEC) operates the entire system, with examinations conducted by JIPDEC or designated examination bodies. The target is business operators with domestic activity bases (on a corporate unit basis), and it cannot be obtained by individuals or department-level units. The validity period is 2 years, and for renewal, the application must be submitted between 8 months and 4 months before the expiration of the validity period. P-Mark certified business operators are obligated to build and operate a Personal Information Protection Management System (PMS) and conduct education for all employees, internal audits, and management reviews.\n::\n\n::heading\nISMS[認証]{にんしょう:certification:N1}[制度]{せいど:system:N3}（ISO\u002FIEC 27001 \u002F JIS Q 27001）\n\n#en\nThe ISMS Certification System (ISO\u002FIEC 27001 \u002F JIS Q 27001)\n::\n\n::para\nISMS（[情報]{じょうほう:information:N3}セキュリティマネジメントシステム）[適合性]{てきごうせい:conformity:N3}[評価]{ひょうか:evaluation:N1}[制度]{せいど:system:N3}は、[国際]{こくさい:international:N3}[規格]{きかく:standard:N3}ISO\u002FIEC 27001（[国内]{こくない:domestic:N3}[規格]{きかく:standard:N3}JIS Q 27001）に[基づく]{もとづく:based on:N1}[認証]{にんしょう:certification:N1}[制度]{せいど:system:N3}である。[情報]{じょうほう:information:N3}セキュリティの3[要素]{ようそ:element:N1}（[機密性]{きみつせい:confidentiality:N1}・[完全性]{かんぜんせい:integrity:N3}・[可用性]{かようせい:availability:N3}：CIA）を[維持]{いじ:maintenance:N1}・[改善]{かいぜん:improvement:N1}するための[仕組み]{しくみ:mechanism:N3}を[構築]{こうちく:building:N2}することを[求める]{もとめる:to request:N3}。ISMSはPDCA（Plan-Do-Check-Act）サイクルに[基づく]{もとづく:based on:N1}[継続的]{けいぞくてき:continuous:N1}[改善]{かいぜん:improvement:N1}を[重視]{じゅうし:emphasis:N1}し、リスクアセスメントにより[組織]{そしき:organization:N1}[固有]{こゆう:unique:N2}のリスクを[特定]{とくてい:identification:N3}して[対策]{たいさく:countermeasure:N1}を[講じる]{こうじる:to take:N2}。[認証]{にんしょう:certification:N1}[範囲]{はんい:scope:N1}は[組織]{そしき:organization:N1}の[特定]{とくてい:specific:N3}の[部門]{ぶもん:department:N2}やサービス[単位]{たんい:unit:N3}で[取得]{しゅとく:acquisition:N3}できる（Pマークとの[大きな]{おおきな:major:N5}[違い]{ちがい:difference:N3}）。[有効]{ゆうこう:validity:N2}[期間]{きかん:period:N3}は3[年]{ねん:year:N5}で、[毎年]{まいとし:every year:N5}[維持]{いじ:maintenance:N1}[審査]{しんさ:examination:N1}（サーベイランス）が[行われる]{おこなわれる:to be carried out:N5}。[認証]{にんしょう:certification:N1}[機関]{きかん:institution:N3}は[認定]{にんてい:accreditation:N3}[機関]{きかん:institution:N3}（[日本]{にほん:Japan:N5}ではISMS-AC: [情報]{じょうほう:information:N3}マネジメントシステム[認定]{にんてい:accreditation:N3}センター）により[認定]{にんてい:accreditation:N3}を[受けた]{うけた:received:N3}[第三者]{だいさんしゃ:third party:N1}[機関]{きかん:institution:N3}が[行う]{おこなう:to carry out:N5}。\n\n#en\nThe ISMS (Information Security Management System) conformity assessment system is a certification system based on the international standard ISO\u002FIEC 27001 (domestic standard JIS Q 27001). It requires building a mechanism to maintain and improve the three elements of information security (Confidentiality, Integrity, and Availability: CIA). ISMS emphasizes continuous improvement based on the PDCA (Plan-Do-Check-Act) cycle, identifying organization-specific risks through risk assessment and taking countermeasures. The certification scope can be obtained for specific departments or service units of an organization (a major difference from P-Mark). The validity period is 3 years, with annual maintenance audits (surveillance). Certification is performed by third-party organizations accredited by accreditation bodies (in Japan, ISMS-AC: Information Security Management System Accreditation Center).\n::\n\n::heading\nPマーク vs. ISMS：[試験]{しけん:examination:N4}[頻出]{ひんしゅつ:frequent:N1}の[比較]{ひかく:comparison:N1}\n\n#en\nP-Mark vs. ISMS: Frequently Tested Comparison\n::\n\n::para\nPマークと ISMSの[違い]{ちがい:difference:N3}は[試験]{しけん:examination:N4}で[最も]{もっとも:most:N3}[頻出]{ひんしゅつ:frequent:N1}のテーマの[一つ]{ひとつ:one:N5}である。[対象]{たいしょう:target:N2}[範囲]{はんい:scope:N1}：Pマークは[個人]{こじん:individual:N2}[情報]{じょうほう:information:N3}の[保護]{ほご:protection:N1}に[特化]{とっか:specialization:N3}し、ISMSは[情報]{じょうほう:information:N3}セキュリティ[全般]{ぜんぱん:overall:N2}（[個人]{こじん:individual:N2}[情報]{じょうほう:information:N3}に[限らない]{かぎらない:not limited to:N3}）を[対象]{たいしょう:target:N2}とする。[準拠]{じゅんきょ:compliance:N1}[規格]{きかく:standard:N3}：PマークはJIS Q 15001（[国内]{こくない:domestic:N3}[規格]{きかく:standard:N3}）、ISMSはISO\u002FIEC 27001（[国際]{こくさい:international:N3}[規格]{きかく:standard:N3}）に[準拠]{じゅんきょ:compliance:N1}する。[認証]{にんしょう:certification:N1}[単位]{たんい:unit:N3}：Pマークは[法人]{ほうじん:corporation:N3}[全体]{ぜんたい:whole:N3}、ISMSは[部門]{ぶもん:department:N2}・サービス[単位]{たんい:unit:N3}でも[取得]{しゅとく:acquisition:N3}[可能]{かのう:possible:N3}。[有効]{ゆうこう:validity:N2}[期間]{きかん:period:N3}：Pマークは2[年]{ねん:year:N5}、ISMSは3[年]{ねん:year:N5}。[運営]{うんえい:operation:N2}[主体]{しゅたい:main body:N4}：PマークはJIPDEC、ISMSはISMS-ACが[認定]{にんてい:accreditation:N3}する[複数]{ふくすう:multiple:N2}の[認証]{にんしょう:certification:N1}[機関]{きかん:institution:N3}。[審査]{しんさ:examination:N1}[頻度]{ひんど:frequency:N1}：Pマークは2[年]{ねん:year:N5}[毎]{ごと:every:N5}の[更新]{こうしん:renewal:N3}[審査]{しんさ:examination:N1}のみ、ISMSは[毎年]{まいとし:every year:N5}の[維持]{いじ:maintenance:N1}[審査]{しんさ:examination:N1}+3[年]{ねん:year:N5}[毎]{ごと:every:N5}の[更新]{こうしん:renewal:N3}[審査]{しんさ:examination:N1}。[国際的]{こくさいてき:international:N3}[通用性]{つうようせい:validity:N3}：Pマークは[日本]{にほん:Japan:N5}[国内]{こくない:domestic:N3}のみ、ISMSは[国際的]{こくさいてき:international:N3}に[通用]{つうよう:valid:N4}する。\n\n#en\nThe difference between P-Mark and ISMS is one of the most frequently tested themes on the exam. Scope: P-Mark specializes in personal information protection, while ISMS covers information security as a whole (not limited to personal information). Compliance standard: P-Mark complies with JIS Q 15001 (domestic standard), while ISMS complies with ISO\u002FIEC 27001 (international standard). Certification unit: P-Mark applies to the entire corporation, while ISMS can be obtained at the department or service unit level. Validity period: P-Mark is 2 years, ISMS is 3 years. Operating body: P-Mark is operated by JIPDEC, while ISMS is certified by multiple certification bodies accredited by ISMS-AC. Audit frequency: P-Mark has renewal audits only every 2 years, while ISMS has annual maintenance audits plus renewal audits every 3 years. International validity: P-Mark is valid only within Japan, while ISMS is internationally recognized.\n::\n\n::callout\n[試験]{しけん:examination:N4}のポイント：Pマーク＝[個人]{こじん:individual:N2}[情報]{じょうほう:information:N3}[保護]{ほご:protection:N1}に[特化]{とっか:specialization:N3}・[法人]{ほうじん:corporation:N3}[全体]{ぜんたい:whole:N3}・[国内]{こくない:domestic:N3}[規格]{きかく:standard:N3}・2[年]{ねん:year:N5}。ISMS＝[情報]{じょうほう:information:N3}セキュリティ[全般]{ぜんぱん:overall:N2}・[部門]{ぶもん:department:N2}[単位]{たんい:unit:N3}OK・[国際]{こくさい:international:N3}[規格]{きかく:standard:N3}・3[年]{ねん:year:N5}。この[対比]{たいひ:contrast:N2}は[毎回]{まいかい:every time:N3}[出題]{しゅつだい:exam question:N4}されるといっても[過言]{かごん:exaggeration:N3}ではない。[特に]{とくに:especially:N4}「[認証]{にんしょう:certification:N1}[単位]{たんい:unit:N3}」と「[有効]{ゆうこう:validity:N2}[期間]{きかん:period:N3}」のひっかけに[注意]{ちゅうい:caution:N4}。\n\n#en\nExam Tip: P-Mark = specializes in personal info protection, whole corporation, domestic standard, 2 years. ISMS = overall info security, department-level OK, international standard, 3 years. It is no exaggeration to say this comparison appears on every exam. Pay special attention to trick questions about \"certification unit\" and \"validity period.\"\n::\n\n::heading\nその[他]{ほか:other:N3}の[認証]{にんしょう:certification:N1}[制度]{せいど:system:N3}：TRUSTe・SOC 2・ISO\u002FIEC 27701\n\n#en\nOther Certification Systems: TRUSTe, SOC 2, ISO\u002FIEC 27701\n::\n\n::para\nその[他]{ほか:other:N3}の[認証]{にんしょう:certification:N1}・[認定]{にんてい:accreditation:N3}[制度]{せいど:system:N3}として[以下]{いか:the following:N4}がある。TRUSTe（トラストイー）は、ウェブサイトにおけるプライバシー[保護]{ほご:protection:N1}の[認証]{にんしょう:certification:N1}[制度]{せいど:system:N3}であり、[主に]{おもに:mainly:N4}オンラインでの[個人]{こじん:individual:N2}[情報]{じょうほう:information:N3}の[取り扱い]{とりあつかい:handling:N1}に[焦点]{しょうてん:focus:N1}を[当てる]{あてる:to apply:N3}。SOC 2（Service Organization Control 2）は、クラウドサービス[提供者]{ていきょうしゃ:provider:N1}[等]{とう:etc.:N3}の[内部]{ないぶ:internal:N3}[統制]{とうせい:control:N1}を[評価]{ひょうか:evaluation:N1}する[制度]{せいど:system:N3}で、セキュリティ・[可用性]{かようせい:availability:N3}・[処理]{しょり:processing:N3}の[完全性]{かんぜんせい:integrity:N3}・[機密性]{きみつせい:confidentiality:N1}・プライバシーの5つのトラストサービス[基準]{きじゅん:criteria:N1}に[基づく]{もとづく:based on:N1}。ISO\u002FIEC 27701は、ISO\u002FIEC 27001の[拡張]{かくちょう:extension:N1}としてプライバシー[情報]{じょうほう:information:N3}マネジメントシステム（PIMS）を[規定]{きてい:provision:N3}し、ISMSとPマークの[橋渡し]{はしわたし:bridge:N2}となりうる[国際]{こくさい:international:N3}[規格]{きかく:standard:N3}である。[試験]{しけん:examination:N4}ではPマークとISMSの[比較]{ひかく:comparison:N1}が[中心]{ちゅうしん:center:N4}であるが、これらの[制度]{せいど:system:N3}の[名称]{めいしょう:name:N1}と[概要]{がいよう:overview:N1}も[把握]{はあく:understanding:N1}しておくとよい。\n\n#en\nOther certification and accreditation systems include the following. TRUSTe is a certification system for privacy protection on websites, focusing primarily on the handling of personal information online. SOC 2 (Service Organization Control 2) is a system for evaluating the internal controls of cloud service providers and others, based on five trust service criteria: security, availability, processing integrity, confidentiality, and privacy. ISO\u002FIEC 27701 is an international standard that specifies a Privacy Information Management System (PIMS) as an extension of ISO\u002FIEC 27001, potentially serving as a bridge between ISMS and P-Mark. While the exam focuses mainly on the comparison between P-Mark and ISMS, it is also good to understand the names and overviews of these systems.\n::\n\n::heading\n[日]{にち:Japan:N5}EU[相互]{そうご:mutual:N3}[認証]{にんしょう:authentication:N1}と[補完的]{ほかんてき:supplementary:N2}ルール\n\n#en\nJapan-EU Mutual Adequacy Decision and Supplementary Rules\n::\n\n::para\n[日]{にち:Japan:N5}EU[相互]{そうご:mutual:N3}[認証]{にんしょう:authentication:N1}は、[世界]{せかい:world:N4}[最大]{さいだい:largest:N3}[規模]{きぼ:scale:N1}のデータ[流通]{りゅうつう:distribution:N3}[圏]{けん:sphere:N1}を[形成]{けいせい:formation:N3}した。この[枠組み]{わくぐみ:framework:N1}のもと、[日本]{にほん:Japan:N5}の[個人]{こじん:individual:N2}[情報]{じょうほう:information:N3}[保護]{ほご:protection:N1}[委員会]{いいんかい:commission:N2}は「[個人]{こじん:individual:N2}[情報]{じょうほう:information:N3}の[保護]{ほご:protection:N1}に[関する]{かんする:related to:N3}[法律]{ほうりつ:law:N2}に[係る]{かかる:pertaining to:N3}EU[域内]{いきない:within the territory:N2}から[十分性]{じゅうぶんせい:adequacy:N3}[認定]{にんてい:certification:N3}により[移転]{いてん:transfer:N2}を[受ける]{うける:to receive:N3}[個人]{こじん:individual:N2}データの[取扱い]{とりあつかい:handling:N1}に[関する]{かんする:related to:N3}[補完的]{ほかんてき:supplementary:N2}ルール」を[策定]{さくてい:formulation:N1}した。[試験]{しけん:examination:N4}では「[日]{にち:Japan:N5}EU[相互]{そうご:mutual:N3}[認証]{にんしょう:authentication:N1}」の[発効]{はっこう:taking effect:N2}[年]{ねん:year:N5}（2019[年]{ねん:year:N5}）、[補完的]{ほかんてき:supplementary:N2}ルールの[存在]{そんざい:existence:N3}、そして[十分性]{じゅうぶんせい:adequacy:N3}[認定]{にんてい:certification:N3}の[意味]{いみ:meaning:N4}（[個人]{こじん:individual:N2}データの[自由]{じゆう:free:N3}な[移転]{いてん:transfer:N2}が[可能]{かのう:possible:N3}になること）が[問われる]{とわれる:to be asked:N4}。\n\n#en\nThe Japan-EU mutual recognition formed the world's largest data circulation sphere. Under this framework, Japan's Personal Information Protection Commission formulated the \"Supplementary Rules under the Act on the Protection of Personal Information for the Handling of Personal Data Transferred from the EU Based on an Adequacy Decision.\" On the exam, questions may ask about the year the Japan-EU mutual recognition took effect (2019), the existence of supplementary rules, and the meaning of an adequacy decision (that the free transfer of personal data becomes possible).\n::\n",{"id":1106,"title":1112,"titleEn":1113,"topicPath":1114,"questions":1115},"第１編 個人情報保護法総説 確認テスト","Chapter 1: Overview of Personal Information Protection Law — Practice Test","software\u002Fkojin-joho-hogo\u002Fkadai-1\u002Fhen-01-soussetsu",[1116,1143,1166,1190,1213],{"id":1117,"articleId":6,"question":1118,"options":1121,"correctLabel":1131,"explanation":1138,"tags":1141},"kjh-k1-h01-q01",{"en":1119,"jp":1120},"Which of the following is NOT one of the eight principles in the OECD Privacy Guidelines adopted in 1980?","OECDが1980[年]{ねん:year}に[採択]{さいたく:adoption}した「プライバシーガイドライン」に[含]{ふく:include}まれる8[原則]{げんそく:principles}に[該当]{がいとう:applicable}しないものはどれか。",[1122,1126,1130,1134],{"label":1123,"jp":1124,"en":1125},"ア","[収集]{しゅうしゅう:collection}[制限]{せいげん:limitation}の[原則]{げんそく:principle}","Collection Limitation Principle",{"label":1127,"jp":1128,"en":1129},"イ","[利用]{りよう:use}[制限]{せいげん:limitation}の[原則]{げんそく:principle}","Use Limitation Principle",{"label":1131,"jp":1132,"en":1133},"ウ","[暗号化]{あんごうか:encryption}の[原則]{げんそく:principle}","Encryption Principle",{"label":1135,"jp":1136,"en":1137},"エ","[個人]{こじん:individual}[参加]{さんか:participation}の[原則]{げんそく:principle}","Individual Participation Principle",{"en":1139,"jp":1140},"The OECD 8 Principles are: Collection Limitation, Data Quality, Purpose Specification, Use Limitation, Security Safeguards, Openness, Individual Participation, and Accountability. \"Encryption Principle\" is not among them.","OECD8[原則]{げんそく:principles}は、[収集]{しゅうしゅう:collection}[制限]{せいげん:limitation}、データ[内容]{ないよう:content}、[目的]{もくてき:purpose}[明確化]{めいかくか:clarification}、[利用]{りよう:use}[制限]{せいげん:limitation}、[安全]{あんぜん:safety}[保護]{ほご:protection}、[公開]{こうかい:openness}、[個人]{こじん:individual}[参加]{さんか:participation}、[責任]{せきにん:accountability}の8つである。「[暗号化]{あんごうか:encryption}の[原則]{げんそく:principle}」は[含]{ふく:include}まれない。",[1142],"OECD8原則",{"id":1144,"articleId":6,"question":1145,"options":1148,"correctLabel":1127,"explanation":1161,"tags":1164},"kjh-k1-h01-q02",{"en":1146,"jp":1147},"When was the Act on the Protection of Personal Information first enacted?","[個人]{こじん:personal}[情報]{じょうほう:information}[保護]{ほご:protection}[法]{ほう:law}が[最初]{さいしょ:first}に[制定]{せいてい:enacted}されたのはいつか。",[1149,1152,1155,1158],{"label":1123,"jp":1150,"en":1151},"1999[年]{ねん:year}","1999",{"label":1127,"jp":1153,"en":1154},"2003[年]{ねん:year}","2003",{"label":1131,"jp":1156,"en":1157},"2005[年]{ねん:year}","2005",{"label":1135,"jp":1159,"en":1160},"2015[年]{ねん:year}","2015",{"en":1162,"jp":1163},"The Act on the Protection of Personal Information was enacted in 2003 and fully enforced in 2005. Major amendments were made in 2015 and 2020.","[個人]{こじん:personal}[情報]{じょうほう:information}[保護]{ほご:protection}[法]{ほう:law}は2003[年]{ねん:year}に[制定]{せいてい:enacted}され、2005[年]{ねん:year}に[全面]{ぜんめん:fully}[施行]{しこう:enforcement}された。2015[年]{ねん:year}と2020[年]{ねん:year}に[大]{おお:major}きな[改正]{かいせい:amendment}が[行]{おこな:carried out}われた。",[1165],"改正履歴",{"id":1167,"articleId":6,"question":1168,"options":1171,"correctLabel":1131,"explanation":1184,"tags":1187},"kjh-k1-h01-q03",{"en":1169,"jp":1170},"Which of the following correctly describes a difference between the Privacy Mark system and ISMS certification?","プライバシーマーク[制度]{せいど:system}とISMS[認証]{にんしょう:certification}の[違]{ちが:difference}いとして[正]{ただ:correct}しいものはどれか。",[1172,1175,1178,1181],{"label":1123,"jp":1173,"en":1174},"プライバシーマークは[情報]{じょうほう:information}セキュリティ[全般]{ぜんぱん:overall}を[対象]{たいしょう:subject}とする","Privacy Mark covers information security in general",{"label":1127,"jp":1176,"en":1177},"ISMSは[個人]{こじん:personal}[情報]{じょうほう:information}[保護]{ほご:protection}に[特化]{とっか:specialized}している","ISMS is specialized in personal information protection",{"label":1131,"jp":1179,"en":1180},"プライバシーマークは[個人]{こじん:personal}[情報]{じょうほう:information}の[適切]{てきせつ:appropriate}な[取]{と:handling}り[扱]{あつか:handling}いを[認定]{にんてい:certification}する[制度]{せいど:system}である","Privacy Mark is a system that certifies appropriate handling of personal information",{"label":1135,"jp":1182,"en":1183},"[両者]{りょうしゃ:both}はISO 27001に[基]{もと:based}づいている","Both are based on ISO 27001",{"en":1185,"jp":1186},"Privacy Mark is a certification system specialized in personal information protection based on JIS Q 15001. ISMS covers information security in general based on ISO 27001. Options A and B have the descriptions reversed.","プライバシーマークはJIS Q 15001に[基]{もと:based}づき[個人]{こじん:personal}[情報]{じょうほう:information}[保護]{ほご:protection}に[特化]{とっか:specialized}した[認定]{にんてい:certification}[制度]{せいど:system}である。ISMSはISO 27001に[基]{もと:based}づき[情報]{じょうほう:information}セキュリティ[全般]{ぜんぱん:overall}を[対象]{たいしょう:subject}とする。アとイは[逆]{ぎゃく:reversed}である。",[1188,1189],"プライバシーマーク","ISMS",{"id":1191,"articleId":6,"question":1192,"options":1195,"correctLabel":1131,"explanation":1208,"tags":1211},"kjh-k1-h01-q04",{"en":1193,"jp":1194},"Which of the following is INCORRECT about the Personal Information Protection Commission (PPC)?","[個人]{こじん:personal}[情報]{じょうほう:information}[保護]{ほご:protection}[委員会]{いいんかい:commission}（PPC）について[誤]{あやま:incorrect}っているものはどれか。",[1196,1199,1202,1205],{"label":1123,"jp":1197,"en":1198},"[内閣]{ないかく:cabinet}[府]{ふ:office}の[外局]{がいきょく:external bureau}として[設置]{せっち:established}されている","It is established as an external bureau of the Cabinet Office",{"label":1127,"jp":1200,"en":1201},"[独立性]{どくりつせい:independence}の[高]{たか:high}い、いわゆる「3[条]{じょう:article}[委員会]{いいんかい:commission}」である","It is a highly independent so-called \"Article 3 Commission\"",{"label":1131,"jp":1203,"en":1204},"[各]{かく:each}[省庁]{しょうちょう:ministry}が[所管]{しょかん:jurisdiction}する[分野]{ぶんや:field}の[個人]{こじん:personal}[情報]{じょうほう:information}はPPCの[監督]{かんとく:supervision}[対象]{たいしょう:subject}[外]{がい:outside}である","Personal information in fields under each ministry's jurisdiction is outside PPC supervision",{"label":1135,"jp":1206,"en":1207},"2015[年]{ねん:year}[改正]{かいせい:amendment}で[設立]{せつりつ:establishment}された","It was established by the 2015 amendment",{"en":1209,"jp":1210},"With the 2015 amendment, the PPC was established and supervisory authority over personal information protection was centralized regardless of private or public sector. Fields under each ministry are also under PPC supervision.","2015[年]{ねん:year}[改正]{かいせい:amendment}によりPPCが[設立]{せつりつ:established}され、[民間]{みんかん:private sector}・[行政]{ぎょうせい:public sector}を[問]{と:regardless}わず[個人]{こじん:personal}[情報]{じょうほう:information}[保護]{ほご:protection}に[関]{かん:related}する[監督]{かんとく:supervision}[権限]{けんげん:authority}が[一元化]{いちげんか:centralized}された。[各]{かく:each}[省庁]{しょうちょう:ministry}の[所管]{しょかん:jurisdiction}[分野]{ぶんや:field}もPPCの[監督]{かんとく:supervision}[下]{か:under}にある。",[1212],"個人情報保護委員会",{"id":1214,"articleId":1215,"question":1216,"options":1219,"correctLabel":1131,"explanation":1232,"tags":1235},"kjh-k1-h01-q05","kjh-k1-h04-anzen-kanri",{"en":1217,"jp":1218},"Which of the following is NOT a guideline formulated by the PPC?","[個人]{こじん:personal}[情報]{じょうほう:information}[保護]{ほご:protection}[委員会]{いいんかい:commission}が[策定]{さくてい:formulation}するガイドラインとして[存在]{そんざい:exist}しないものはどれか。",[1220,1223,1226,1229],{"label":1123,"jp":1221,"en":1222},"[通則編]{つうそくへん:general provisions}","General Provisions",{"label":1127,"jp":1224,"en":1225},"[外国]{がいこく:foreign}にある[第三者]{だいさんしゃ:third party}への[提供]{ていきょう:provision}[編]{へん:volume}","Provision to Third Parties in Foreign Countries",{"label":1131,"jp":1227,"en":1228},"データベース[設計]{せっけい:design}[編]{へん:volume}","Database Design Volume",{"label":1135,"jp":1230,"en":1231},"[仮名]{かめい:pseudonymized}[加工]{かこう:processed}[情報]{じょうほう:information}・[匿名]{とくめい:anonymized}[加工]{かこう:processed}[情報]{じょうほう:information}[編]{へん:volume}","Pseudonymized\u002FAnonymized Information Volume",{"en":1233,"jp":1234},"PPC guidelines include General Provisions, Foreign Third-Party Provision, Confirmation\u002FRecord Obligations, and Pseudonymized\u002FAnonymized Information volumes. \"Database Design Volume\" does not exist.","PPCのガイドラインには[通則編]{つうそくへん:general provisions}、[外国]{がいこく:foreign}[第三者]{だいさんしゃ:third party}[提供]{ていきょう:provision}[編]{へん:volume}、[確認]{かくにん:confirmation}[記録]{きろく:record}[義務]{ぎむ:obligation}[編]{へん:volume}、[仮名]{かめい:pseudonymized}[加工]{かこう:processed}[情報]{じょうほう:information}・[匿名]{とくめい:anonymized}[加工]{かこう:processed}[情報]{じょうほう:information}[編]{へん:volume}がある。「データベース[設計]{せっけい:design}[編]{へん:volume}」は[存在]{そんざい:exist}しない。",[1236],"ガイドライン"]