[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"article:kjh-k2-h02-anzen-kanri-sochi":3},{"meta":4,"markdown":198,"quiz":199},{"type":5,"articleId":6,"slug":6,"title":7,"titleEn":8,"category":9,"order":10,"seriesLabel":11,"summary":12,"publishedAt":13,"image":14,"tags":15,"vocabulary":19,"quizId":194,"source":195},"article","kjh-k2-h02-anzen-kanri-sochi","課題Ⅱ 第２編② 組織的・人的セキュリティ ― 安全管理措置・委託先監督・事故対応","Subject II Part 2: Organizational & Human Security (Part 2) — Safety management measures, contractor oversight, and incident response","kojin-joho-hogo\u002Fkadai-2",2022,"課題Ⅱ 第２編②","Covers the five items of organizational safety management measures (Guideline 10-3: structure, operation, confirmation, incident response, review), human safety management measures (Guideline 10-4: broad definition of workers, education at multiple stages, NDAs, employment rules), contractor supervision (selection criteria, contract clauses, subcontracting chains), and incident\u002Fcomplaint response systems (Article 26 reporting obligations, two-stage reporting, complaint follow-up).","2026-04-26T00:00:00Z","https:\u002F\u002Fimages.yamiyomi.com\u002Fkjh-k2-h02-anzen-kanri-sochi.png",[16,17,18],"exam:個人情報保護士","topic:組織的安全管理","topic:人的安全管理",[20,25,29,33,38,42,46,50,54,58,62,66,70,74,78,82,86,90,94,98,102,106,110,114,118,122,126,130,134,138,142,146,150,154,158,162,166,170,174,178,182,186,190],{"word":21,"reading":22,"meaning":23,"level":24},"組織体制","そしきたいせい","organizational structure","N1",{"word":26,"reading":27,"meaning":28,"level":24},"統括","とうかつ","supervision, oversight",{"word":30,"reading":31,"meaning":32,"level":24},"監査","かんさ","audit, inspection",{"word":34,"reading":35,"meaning":36,"level":37},"独立","どくりつ","independence","N2",{"word":39,"reading":40,"meaning":41,"level":37},"規律","きりつ","discipline, rules",{"word":43,"reading":44,"meaning":45,"level":37},"追跡","ついせき","trace, tracking",{"word":47,"reading":48,"meaning":49,"level":24},"入退室","にゅうたいしつ","entry and exit (of rooms)",{"word":51,"reading":52,"meaning":53,"level":24},"事案","じあん","incident, case",{"word":55,"reading":56,"meaning":57,"level":24},"初動対応","しょどうたいおう","initial response",{"word":59,"reading":60,"meaning":61,"level":24},"証拠保全","しょうこほぜん","evidence preservation",{"word":63,"reading":64,"meaning":65,"level":24},"是正","ぜせい","corrective action",{"word":67,"reading":68,"meaning":69,"level":37},"検証","けんしょう","verification",{"word":71,"reading":72,"meaning":73,"level":24},"従業者","じゅうぎょうしゃ","worker (broad legal term)",{"word":75,"reading":76,"meaning":77,"level":37},"正社員","せいしゃいん","permanent employee",{"word":79,"reading":80,"meaning":81,"level":37},"派遣社員","はけんしゃいん","dispatched worker",{"word":83,"reading":84,"meaning":85,"level":37},"役員","やくいん","director, executive",{"word":87,"reading":88,"meaning":89,"level":24},"啓発","けいはつ","enlightenment, awareness-raising",{"word":91,"reading":92,"meaning":93,"level":24},"証跡","しょうせき","evidence trail, audit trail",{"word":95,"reading":96,"meaning":97,"level":24},"秘密保持","ひみつほじ","confidentiality",{"word":99,"reading":100,"meaning":101,"level":24},"誓約書","せいやくしょ","written pledge, oath",{"word":103,"reading":104,"meaning":105,"level":24},"懲戒処分","ちょうかいしょぶん","disciplinary action",{"word":107,"reading":108,"meaning":109,"level":24},"抑止力","よくしりょく","deterrent",{"word":111,"reading":112,"meaning":113,"level":37},"就業規則","しゅうぎょうきそく","employment rules",{"word":115,"reading":116,"meaning":117,"level":24},"委託先","いたくさき","contractor, outsourcing destination",{"word":119,"reading":120,"meaning":121,"level":24},"選定","せんてい","selection, designation",{"word":123,"reading":124,"meaning":125,"level":37},"実績","じっせき","track record, achievements",{"word":127,"reading":128,"meaning":129,"level":24},"再委託","さいいたく","subcontracting",{"word":131,"reading":132,"meaning":133,"level":24},"許諾","きょだく","permission, consent",{"word":135,"reading":136,"meaning":137,"level":24},"連鎖","れんさ","chain, sequence",{"word":139,"reading":140,"meaning":141,"level":37},"同等","どうとう","equivalent, equal",{"word":143,"reading":144,"meaning":145,"level":24},"立入調査","たちいりちょうさ","on-site investigation",{"word":147,"reading":148,"meaning":149,"level":24},"徴求","ちょうきゅう","request, demand (formal)",{"word":151,"reading":152,"meaning":153,"level":37},"返却","へんきゃく","return, giving back",{"word":155,"reading":156,"meaning":157,"level":24},"漏洩","ろうえい","leakage, disclosure",{"word":159,"reading":160,"meaning":161,"level":37},"速報","そくほう","preliminary report, flash report",{"word":163,"reading":164,"meaning":165,"level":24},"確報","かくほう","definitive\u002Fconfirmed report",{"word":167,"reading":168,"meaning":169,"level":24},"要配慮個人情報","ようはいりょこじんじょうほう","specially-care-required personal information",{"word":171,"reading":172,"meaning":173,"level":37},"苦情","くじょう","complaint",{"word":175,"reading":176,"meaning":177,"level":37},"迅速","じんそく","swift, prompt",{"word":179,"reading":180,"meaning":181,"level":37},"誠実","せいじつ","sincere, faithful",{"word":183,"reading":184,"meaning":185,"level":37},"蓄積","ちくせき","accumulation",{"word":187,"reading":188,"meaning":189,"level":37},"傾向","けいこう","trend, tendency",{"word":191,"reading":192,"meaning":193,"level":37},"義務化","ぎむか","making mandatory","kjh-k2-h02-quiz",{"name":196,"url":197},"個人情報保護士試験対策","https:\u002F\u002Fwww.joho-gakushu.or.jp\u002Fpiip\u002F","\n::para\n[組織的]{そしきてき:organizational:N1}[安全]{あんぜん:safety:N3}[管理]{かんり:management:N2}[措置]{そち:measures:N1}は、ガイドライン[通則編]{つうそくへん:general rules:N2}10-3に[規定]{きてい:stipulate:N3}されており、5つの[項目]{こうもく:item:N1}で[構成]{こうせい:compose:N3}されます。[第一]{だいいち:first:N1}は[組織]{そしき:organization:N1}[体制]{たいせい:system:N3}の[整備]{せいび:development:N1}です。[最]{もっと:most:N3}も[上位]{じょうい:high-ranking:N3}に[個人]{こじん:individual:N2}[情報]{じょうほう:information:N3}[保護]{ほご:protection:N1}[管理者]{かんりしゃ:administrator:N2}（CPO）を[置き]{おき:place:N3}、[組織]{そしき:organization:N1}[全体]{ぜんたい:entire:N3}の[個人]{こじん:individual:N2}[情報]{じょうほう:information:N3}[保護]{ほご:protection:N1}[体制]{たいせい:system:N3}を[統括]{とうかつ:oversee:N1}させます。その[下]{した:below:N5}に[個人]{こじん:individual:N2}[情報]{じょうほう:information:N3}[保護]{ほご:protection:N1}[監査]{かんさ:audit:N1}[責任者]{せきにんしゃ:person in charge:N3}を[配置]{はいち:assign:N3}し、CPOから[独立]{どくりつ:independent:N1}した[立場]{たちば:position:N4}で[監査]{かんさ:audit:N1}を[実施]{じっし:conduct:N1}します。さらに[各]{かく:each:N2}[部門]{ぶもん:division:N2}に[部門]{ぶもん:division:N2}[管理者]{かんりしゃ:manager:N2}を[配置]{はいち:assign:N3}し、[現場]{げんば:field:N3}レベルでの[個人]{こじん:individual:N2}[情報]{じょうほう:information:N3}の[取り扱い]{とりあつかい:handling:N1}を[監督]{かんとく:supervise:N1}させます。[最]{もっと:most:N3}も[下位]{かい:lower-ranking:N3}に[取扱]{とりあつかい:handling:N1}[担当者]{たんとうしゃ:person in charge:N2}がおり、[実際]{じっさい:actual:N3}に[個人]{こじん:individual:N2}[情報]{じょうほう:information:N3}を[操作]{そうさ:operate:N1}する[従業者]{じゅうぎょうしゃ:worker:N1}です。\n\n#en\nOrganizational safety management measures are stipulated in Guideline General Rules 10-3 and consist of five items. First is the development of an organizational structure. At the top, a Chief Privacy Officer (CPO) is placed to oversee the entire organization's personal information protection system. Below that, a personal information protection audit officer is assigned, conducting audits from a position independent of the CPO. Furthermore, division managers are assigned to each department to supervise personal information handling at the field level. At the lowest level are handling staff — the workers who actually operate on personal information.\n::\n\n::heading\n[規律]{きりつ:discipline:N2}に[従った]{したがった:in accordance with:N1}[運用]{うんよう:operation:N4}と[取扱]{とりあつかい:handling:N1}[状況]{じょうきょう:status:N2}の[確認]{かくにん:confirmation:N3}\n\n#en\nOperation in accordance with rules and confirmation of handling status\n::\n\n::para\n[第二]{だいに:second:N1}の[項目]{こうもく:item:N1}は、[個人]{こじん:individual:N2}データの[取扱い]{とりあつかい:handling:N1}に[係る]{かかる:related:N3}[規律]{きりつ:discipline:N2}に[従った]{したがった:in accordance with:N1}[運用]{うんよう:operation:N4}です。[策定]{さくてい:formulated:N1}した[規程]{きてい:regulation:N3}どおりに[業務]{ぎょうむ:operations:N3}が[行われて]{おこなわれて:carried out:N5}いるかを[日常的]{にちじょうてき:daily:N3}に[確認]{かくにん:confirm:N3}します。[第三]{だいさん:third:N1}は[取扱]{とりあつかい:handling:N1}[状況]{じょうきょう:status:N2}を[確認]{かくにん:confirm:N3}する[手段]{しゅだん:means:N3}の[整備]{せいび:development:N1}です。[具体的]{ぐたいてき:specifically:N3}には、[個人]{こじん:individual:N2}[情報]{じょうほう:information:N3}[管理]{かんり:management:N2}[台帳]{だいちょう:ledger:N1}の[整備]{せいび:development:N1}と[更新]{こうしん:update:N3}、[個人]{こじん:individual:N2}[情報]{じょうほう:information:N3}を[取り扱う]{とりあつかう:handle:N1}[情報]{じょうほう:information:N3}システムのアクセスログの[記録]{きろく:record:N2}・[保存]{ほぞん:retention:N1}、[入退室]{にゅうたいしつ:entry and exit:N3}[記録]{きろく:record:N2}の[管理]{かんり:management:N2}などが[挙げられ]{あげられ:cited:N1}ます。これにより「いつ」「[誰]{だれ:who:N3}が」「どの」[個人]{こじん:individual:N2}[情報]{じょうほう:information:N3}にアクセスしたかを[追跡]{ついせき:trace:N2}できる[仕組み]{しくみ:mechanism:N3}を[作り]{つくり:create:N4}ます。\n\n#en\nThe second item is operation in accordance with rules concerning personal data handling — daily confirmation that operations follow formulated regulations. Third is developing means to confirm handling status. Specifically, this includes developing and updating the personal information management ledger, recording and retaining access logs for information systems that handle personal information, and managing entry\u002Fexit records. This creates a mechanism that can trace \"when,\" \"who,\" and \"which\" personal information was accessed.\n::\n\n::heading\n[漏洩]{ろうえい:leakage:N1}[等]{とう:etc.:N3}の[事案]{じあん:incident:N1}に[対応]{たいおう:respond:N1}する[体制]{たいせい:system:N3}\n\n#en\nSystem for responding to leakage incidents\n::\n\n::para\n[第四]{だいよん:fourth:N1}は、[漏洩]{ろうえい:leakage:N1}[等]{とう:etc.:N3}の[事案]{じあん:incident:N1}に[対応]{たいおう:respond:N1}する[体制]{たいせい:system:N3}の[整備]{せいび:development:N1}です。[発見者]{はっけんしゃ:discoverer:N4}から[責任者]{せきにんしゃ:person in charge:N3}、[経営]{けいえい:management:N2}[層]{そう:level:N2}への[報告]{ほうこく:report:N3}[連絡]{れんらく:communication:N2}[体制]{たいせい:system:N3}を[事前]{じぜん:in advance:N4}に[定めて]{さだめて:establish:N3}おきます。[事案]{じあん:incident:N1}[発生]{はっせい:occurrence:N4}[時]{じ:time:N5}には、[原因]{げんいん:cause:N3}[究明]{きゅうめい:investigation:N4}、[影響]{えいきょう:impact:N1}[範囲]{はんい:scope:N1}の[確認]{かくにん:confirmation:N3}、[再発]{さいはつ:recurrence:N2}[防止策]{ぼうしさく:preventive measures:N1}の[策定]{さくてい:formulation:N1}を[迅速]{じんそく:swiftly:N1}に[行い]{おこない:carry out:N5}ます。[報告]{ほうこく:report:N3}ルートだけでなく、[初動]{しょどう:initial:N3}[対応]{たいおう:response:N1}の[手順]{てじゅん:procedure:N2}（[被害]{ひがい:damage:N2}[拡大]{かくだい:expansion:N1}の[阻止]{そし:prevention:N1}、[証拠]{しょうこ:evidence:N1}[保全]{ほぜん:preservation:N1}）もあらかじめ[策定]{さくてい:formulate:N1}しておく[必要]{ひつよう:necessity:N3}があります。\n\n#en\nFourth is developing a system for responding to incidents such as leaks. A reporting and communication system from the discoverer to the person in charge and management level is established in advance. When an incident occurs, cause investigation, confirmation of the scope of impact, and formulation of recurrence prevention measures are carried out swiftly. Not only reporting routes, but initial response procedures (preventing damage expansion, evidence preservation) must also be formulated in advance.\n::\n\n::heading\n[取扱]{とりあつかい:handling:N1}[状況]{じょうきょう:status:N2}の[把握]{はあく:grasp:N1}と[安全]{あんぜん:safety:N3}[管理]{かんり:management:N2}[措置]{そち:measures:N1}の[見直し]{みなおし:review:N3}\n\n#en\nGrasping handling status and reviewing safety management measures\n::\n\n::para\n[第五]{だいご:fifth:N1}は、[取扱]{とりあつかい:handling:N1}[状況]{じょうきょう:status:N2}の[把握]{はあく:grasp:N1}および[安全]{あんぜん:safety:N3}[管理]{かんり:management:N2}[措置]{そち:measures:N1}の[見直し]{みなおし:review:N3}です。[定期的]{ていきてき:periodic:N3}な[内部]{ないぶ:internal:N3}[監査]{かんさ:audit:N1}を[実施]{じっし:conduct:N1}し、[規程]{きてい:regulation:N3}どおりに[運用]{うんよう:operate:N4}されているかを[客観的]{きゃっかんてき:objectively:N3}に[検証]{けんしょう:verify:N1}します。[監査]{かんさ:audit:N1}[結果]{けっか:result:N1}は[経営]{けいえい:management:N2}[層]{そう:level:N2}に[報告]{ほうこく:report:N3}し、[必要]{ひつよう:necessary:N3}な[是正]{ぜせい:corrective:N1}[措置]{そち:measures:N1}を[講じ]{こうじ:take:N2}ます。PDCAサイクルの「Check」と「Act」に[該当]{がいとう:correspond:N1}し、[監査]{かんさ:audit:N1}は[年]{ねん:year:N5}に[一回]{いっかい:once:N3}[以上]{いじょう:or more:N4}[実施]{じっし:conduct:N1}することが[望まれ]{のぞまれ:desired:N3}ます。[外部]{がいぶ:external:N3}[環境]{かんきょう:environment:N1}の[変化]{へんか:change:N3}（[法令]{ほうれい:laws:N2}[改正]{かいせい:amendment:N2}、[新た]{あらた:new:N4}な[脅威]{きょうい:threat:N1}の[出現]{しゅつげん:emergence:N3}）にも[対応]{たいおう:respond:N1}して[見直し]{みなおし:review:N3}を[行い]{おこない:carry out:N5}ます。\n\n#en\nFifth is grasping the handling status and reviewing safety management measures. Periodic internal audits are conducted to objectively verify whether operations follow regulations. Audit results are reported to management, and necessary corrective measures are taken. This corresponds to \"Check\" and \"Act\" in the PDCA cycle, and audits should be conducted at least once per year. Reviews are also carried out in response to changes in the external environment (legal amendments, emergence of new threats).\n::\n\n::callout\n[試験]{しけん:exam:N4}では、[組織的]{そしきてき:organizational:N1}[安全]{あんぜん:safety:N3}[管理]{かんり:management:N2}[措置]{そち:measures:N1}の5[項目]{こうもく:item:N1}が[頻出]{ひんしゅつ:frequently appearing:N1}します。(a)[組織]{そしき:organization:N1}[体制]{たいせい:system:N3}の[整備]{せいび:development:N1}、(b)[規律]{きりつ:discipline:N2}に[従った]{したがった:in accordance with:N1}[運用]{うんよう:operation:N4}、(c)[取扱]{とりあつかい:handling:N1}[状況]{じょうきょう:status:N2}を[確認]{かくにん:confirm:N3}する[手段]{しゅだん:means:N3}の[整備]{せいび:development:N1}、(d)[漏洩]{ろうえい:leakage:N1}[等]{とう:etc.:N3}の[事案]{じあん:incident:N1}に[対応]{たいおう:respond:N1}する[体制]{たいせい:system:N3}の[整備]{せいび:development:N1}、(e)[取扱]{とりあつかい:handling:N1}[状況]{じょうきょう:status:N2}の[把握]{はあく:grasp:N1}および[見直し]{みなおし:review:N3}。[各]{かく:each:N2}[項目]{こうもく:item:N1}の[具体的]{ぐたいてき:specific:N3}な[内容]{ないよう:content:N3}と[区別]{くべつ:distinction:N2}を[正確]{せいかく:accurately:N3}に[覚え]{おぼえ:memorize:N3}ましょう。\n\n#en\nThe five items of organizational safety management measures appear frequently on the exam. (a) Development of organizational structure, (b) operation in accordance with rules, (c) development of means to confirm handling status, (d) development of a system for responding to leakage incidents, (e) grasping handling status and review. Memorize the specific content and distinctions of each item accurately.\n::\n\n::heading\n[人的]{じんてき:human:N4}[安全]{あんぜん:safety:N3}[管理]{かんり:management:N2}[措置]{そち:measures:N1}と「[従業者]{じゅうぎょうしゃ:worker:N1}」の[範囲]{はんい:scope:N1}\n\n#en\nHuman safety management measures and the scope of \"workers\"\n::\n\n::para\n[人的]{じんてき:human:N4}[安全]{あんぜん:safety:N3}[管理]{かんり:management:N2}[措置]{そち:measures:N1}（ガイドライン[通則編]{つうそくへん:general rules:N2}10-4）は、[従業者]{じゅうぎょうしゃ:worker:N1}に[対する]{たいする:regarding:N3}[教育]{きょういく:education:N3}・[啓発]{けいはつ:enlightenment:N1}が[中心]{ちゅうしん:center:N4}です。ここで[重要]{じゅうよう:important:N3}なのは「[従業者]{じゅうぎょうしゃ:worker:N1}」の[定義]{ていぎ:definition:N1}です。[従業者]{じゅうぎょうしゃ:worker:N1}とは、[正社員]{せいしゃいん:permanent employee:N4}だけでなく、[契約]{けいやく:contract:N1}[社員]{しゃいん:employee:N4}、パート・アルバイト、[派遣]{はけん:dispatch:N1}[社員]{しゃいん:employee:N4}、[役員]{やくいん:director\u002Fexecutive:N3}を[含む]{ふくむ:include:N2}[広い]{ひろい:broad:N4}[概念]{がいねん:concept:N1}です。[事業者]{じぎょうしゃ:business operator:N4}の[指揮]{しき:command:N1}[命令]{めいれい:order:N2}の[下]{もと:under:N5}で[業務]{ぎょうむ:operations:N3}に[従事]{じゅうじ:engage in:N1}するすべての[者]{もの:person:N4}が[対象]{たいしょう:target:N2}となります。\n\n#en\nHuman safety management measures (Guideline General Rules 10-4) center on education and awareness-raising for workers. What is important here is the definition of \"worker\" (従業者). Workers include not only permanent employees but also contract employees, part-time\u002Ftemporary workers, dispatched workers, and directors\u002Fexecutives — a broad concept. All persons who engage in operations under the command of the business operator are subject to these measures.\n::\n\n::heading\n[教育]{きょういく:education:N3}・[研修]{けんしゅう:training:N1}の[実施]{じっし:implementation:N1}\n\n#en\nConducting education and training\n::\n\n::para\n[教育]{きょういく:education:N3}・[研修]{けんしゅう:training:N1}は[複数]{ふくすう:multiple:N2}の[場面]{ばめん:occasion:N3}で[実施]{じっし:conduct:N1}します。[入社]{にゅうしゃ:joining the company:N4}[時]{じ:time:N5}[研修]{けんしゅう:training:N1}では、[個人]{こじん:individual:N2}[情報]{じょうほう:information:N3}[保護]{ほご:protection:N1}の[基礎]{きそ:basics:N1}[知識]{ちしき:knowledge:N3}と[社内]{しゃない:internal:N3}[規程]{きてい:regulation:N3}を[教え]{おしえ:teach:N4}ます。[定期]{ていき:regular:N3}[研修]{けんしゅう:training:N1}は[年]{ねん:year:N5}に[一回]{いっかい:once:N3}[以上]{いじょう:or more:N4}[実施]{じっし:conduct:N1}し、[法令]{ほうれい:laws and regulations:N2}[改正]{かいせい:amendment:N2}や[最新]{さいしん:latest:N3}の[事故]{じこ:incident:N1}[事例]{じれい:case:N3}を[共有]{きょうゆう:share:N3}します。eラーニングも[有効]{ゆうこう:effective:N2}な[手段]{しゅだん:means:N3}であり、[受講]{じゅこう:attendance:N2}[記録]{きろく:record:N2}を[残す]{のこす:leave:N3}ことで[教育]{きょういく:education:N3}[実施]{じっし:implementation:N1}の[証跡]{しょうせき:evidence trail:N1}とします。[研修]{けんしゅう:training:N1}[後]{ご:after:N5}にはテストを[実施]{じっし:conduct:N1}し、[理解度]{りかいど:level of understanding:N3}を[確認]{かくにん:confirm:N3}することが[望まれ]{のぞまれ:desired:N3}ます。\n\n#en\nEducation and training are conducted on multiple occasions. At the time of joining the company, basic knowledge of personal information protection and internal regulations are taught. Regular training is conducted at least once a year, sharing legal amendments and the latest incident cases. E-learning is also an effective means, and leaving attendance records serves as evidence of education implementation. After training, it is desirable to conduct tests to confirm the level of understanding.\n::\n\n::heading\n[秘密]{ひみつ:secret:N1}[保持]{ほじ:maintenance:N1}[契約]{けいやく:contract:N1}と[就業]{しゅうぎょう:employment:N1}[規則]{きそく:rules:N2}\n\n#en\nNon-disclosure agreements and employment rules\n::\n\n::para\n[秘密]{ひみつ:secret:N1}[保持]{ほじ:maintenance:N1}[契約]{けいやく:contract:N1}（NDA）は[複数]{ふくすう:multiple:N2}の[時点]{じてん:point in time:N3}で[締結]{ていけつ:conclude:N1}・[確認]{かくにん:confirm:N3}します。[入社]{にゅうしゃ:joining:N4}[時]{じ:time:N5}に[誓約書]{せいやくしょ:pledge\u002Foath:N1}を[提出]{ていしゅつ:submit:N1}させ、[部署]{ぶしょ:department:N2}[異動]{いどう:transfer:N1}[時]{じ:time:N5}にも[新た]{あらた:new:N4}な[取扱い]{とりあつかい:handling:N1}[範囲]{はんい:scope:N1}に[応じ]{おうじ:in response to:N1}て[再度]{さいど:again:N2}[確認]{かくにん:confirm:N3}します。[退職]{たいしょく:resignation:N3}[時]{じ:time:N5}には、[退職]{たいしょく:resignation:N3}[後]{ご:after:N5}も[秘密]{ひみつ:secret:N1}[保持]{ほじ:maintenance:N1}[義務]{ぎむ:obligation:N1}が[継続]{けいぞく:continue:N1}することを[書面]{しょめん:written document:N3}で[確認]{かくにん:confirm:N3}させます。[就業]{しゅうぎょう:employment:N1}[規則]{きそく:rules:N2}にも[個人]{こじん:individual:N2}[情報]{じょうほう:information:N3}[保護]{ほご:protection:N1}に[関する]{かんする:regarding:N3}[規定]{きてい:provision:N3}を[設け]{もうけ:establish:N2}、[違反]{いはん:violation:N3}[時]{じ:time:N5}の[懲戒]{ちょうかい:disciplinary:N1}[処分]{しょぶん:action:N3}を[明記]{めいき:clearly state:N3}することで、[抑止力]{よくしりょく:deterrent:N1}を[高め]{たかめ:raise:N5}ます。\n\n#en\nNon-disclosure agreements (NDAs) are concluded and confirmed at multiple points in time. At the time of joining, a written pledge is submitted; at the time of department transfer, it is re-confirmed according to the new scope of handling. At the time of resignation, the continuing obligation of confidentiality even after leaving is confirmed in writing. Provisions regarding personal information protection are also established in employment rules, and by clearly stating disciplinary action for violations, the deterrent effect is heightened.\n::\n\n::heading\n[委託]{いたく:outsourcing:N1}[先]{さき:destination:N5}の[選定]{せんてい:selection:N3}[基準]{きじゅん:criteria:N1}\n\n#en\nContractor selection criteria\n::\n\n::para\n[個人]{こじん:individual:N2}[情報]{じょうほう:information:N3}の[取扱い]{とりあつかい:handling:N1}を[外部]{がいぶ:external:N3}に[委託]{いたく:outsource:N1}する[場合]{ばあい:case:N3}、[委託]{いたく:outsourcing:N1}[元]{もと:original:N4}は[委託]{いたく:outsourcing:N1}[先]{さき:destination:N5}に[対する]{たいする:regarding:N3}[監督]{かんとく:supervision:N1}[責任]{せきにん:responsibility:N3}を[負い]{おい:bear:N3}ます（[法]{ほう:law:N3}[第]{だい:number:N1}25[条]{じょう:article:N1}）。[選定]{せんてい:selection:N3}[基準]{きじゅん:criteria:N1}として、[委託]{いたく:outsourcing:N1}[先]{さき:destination:N5}の[安全]{あんぜん:safety:N3}[管理]{かんり:management:N2}[措置]{そち:measures:N1}の[水準]{すいじゅん:standard:N2}、[個人]{こじん:individual:N2}[情報]{じょうほう:information:N3}[保護]{ほご:protection:N1}の[実績]{じっせき:track record:N2}、[財務]{ざいむ:financial:N3}[状況]{じょうきょう:status:N2}などを[事前]{じぜん:in advance:N4}に[評価]{ひょうか:evaluate:N1}します。プライバシーマークやISMS[認証]{にんしょう:certification:N1}の[取得]{しゅとく:acquisition:N3}[状況]{じょうきょう:status:N2}も[判断]{はんだん:judgment:N3}[材料]{ざいりょう:material:N2}となります。\n\n#en\nWhen outsourcing the handling of personal information to an external party, the outsourcer bears supervisory responsibility over the contractor (Article 25). As selection criteria, the contractor's level of safety management measures, track record of personal information protection, and financial status are evaluated in advance. Whether they have obtained the Privacy Mark or ISMS certification also serves as judgment material.\n::\n\n::heading\n[委託]{いたく:outsourcing:N1}[契約]{けいやく:contract:N1}の[必須]{ひっす:mandatory:N1}[条項]{じょうこう:clause:N1}と[実態]{じったい:actual situation:N1}[把握]{はあく:grasp:N1}\n\n#en\nMandatory contract clauses and grasping actual conditions\n::\n\n::para\n[委託]{いたく:outsourcing:N1}[契約]{けいやく:contract:N1}には[以下]{いか:following:N4}の[事項]{じこう:matters:N1}を[盛り込み]{もりこみ:incorporate:N1}ます。[秘密]{ひみつ:secret:N1}[保持]{ほじ:maintenance:N1}[義務]{ぎむ:obligation:N1}、[目的]{もくてき:purpose:N4}[外]{がい:outside:N5}[利用]{りよう:use:N3}の[禁止]{きんし:prohibition:N2}、[再]{さい:again:N2}[委託]{いたく:outsourcing:N1}の[制限]{せいげん:restriction:N3}（[事前]{じぜん:advance:N4}[承認]{しょうにん:approval:N2}[制]{せい:system:N3}）、[事故]{じこ:incident:N1}[発生]{はっせい:occurrence:N4}[時]{じ:time:N5}の[速やか]{すみやか:prompt:N3}な[報告]{ほうこく:report:N3}[義務]{ぎむ:obligation:N1}、[委託]{いたく:outsourcing:N1}[元]{もと:original:N4}による[監査]{かんさ:audit:N1}[権]{けん:right:N3}の[確保]{かくほ:securing:N1}、[契約]{けいやく:contract:N1}[終了]{しゅうりょう:termination:N2}[時]{じ:time:N5}の[個人]{こじん:individual:N2}[情報]{じょうほう:information:N3}の[返却]{へんきゃく:return:N1}・[廃棄]{はいき:disposal:N1}[義務]{ぎむ:obligation:N1}です。[契約]{けいやく:contract:N1}[締結]{ていけつ:conclusion:N1}[後]{ご:after:N5}も、[定期]{ていき:regular:N3}[報告]{ほうこく:report:N3}の[徴求]{ちょうきゅう:request:N1}、[立入]{たちいり:on-site:N4}[調査]{ちょうさ:investigation:N2}、[監査]{かんさ:audit:N1}の[実施]{じっし:conduct:N1}により[実態]{じったい:actual situation:N1}を[把握]{はあく:grasp:N1}します。\n\n#en\nThe outsourcing contract incorporates the following matters: confidentiality obligations, prohibition of use beyond the stated purpose, restrictions on subcontracting (advance approval system), obligation for prompt reporting when incidents occur, securing audit rights for the outsourcer, and the obligation to return or dispose of personal information at contract termination. Even after the contract is concluded, the actual situation is grasped through requesting periodic reports, on-site investigations, and conducting audits.\n::\n\n::heading\n[再]{さい:again:N2}[委託]{いたく:outsourcing:N1}の[管理]{かんり:management:N2}\n\n#en\nManaging subcontracting\n::\n\n::para\n[再]{さい:again:N2}[委託]{いたく:outsourcing:N1}については、[元]{もと:original:N4}の[委託者]{いたくしゃ:outsourcer:N1}の[許諾]{きょだく:permission:N1}が[必要]{ひつよう:necessary:N3}です。[再]{さい:again:N2}[委託]{いたく:outsourcing:N1}[先]{さき:destination:N5}に[対して]{たいして:regarding:N3}も、[委託]{いたく:outsourcing:N1}[先]{さき:destination:N5}と[同等]{どうとう:equivalent:N3}の[安全]{あんぜん:safety:N3}[管理]{かんり:management:N2}[措置]{そち:measures:N1}を[求め]{もとめ:require:N3}なければなりません。[再]{さい:again:N2}[委託]{いたく:outsourcing:N1}の[連鎖]{れんさ:chain:N1}（[再]{さい:again:N2}[々]{さい:repeated}[委託]{いたく:outsourcing:N1}）が[発生]{はっせい:occur:N4}する[場合]{ばあい:case:N3}もあり、[元]{もと:original:N4}の[委託者]{いたくしゃ:outsourcer:N1}が[最終的]{さいしゅうてき:ultimately:N3}な[監督]{かんとく:supervision:N1}[責任]{せきにん:responsibility:N3}を[負う]{おう:bear:N3}[点]{てん:point:N3}に[注意]{ちゅうい:attention:N4}が[必要]{ひつよう:necessary:N3}です。\n\n#en\nRegarding subcontracting, permission from the original outsourcer is required. The subcontractor must also be required to implement safety management measures equivalent to those of the contractor. Chains of subcontracting (sub-sub-contracting) can also occur, and it is important to note that the original outsourcer bears ultimate supervisory responsibility.\n::\n\n::heading\n[事故]{じこ:incident:N1}[対応]{たいおう:response:N1}フロー\n\n#en\nIncident response flow\n::\n\n::para\n[個人]{こじん:individual:N2}[情報]{じょうほう:information:N3}の[漏洩]{ろうえい:leakage:N1}[等]{とう:etc.:N3}の[事故]{じこ:incident:N1}が[発生]{はっせい:occur:N4}した[場合]{ばあい:case:N3}の[対応]{たいおう:response:N1}フローは[以下]{いか:following:N4}のとおりです。まず[発見者]{はっけんしゃ:discoverer:N4}が[速やか]{すみやか:promptly:N3}に[責任者]{せきにんしゃ:person in charge:N3}へ[報告]{ほうこく:report:N3}します。[次]{つぎ:next:N3}に[初動]{しょどう:initial:N3}[対応]{たいおう:response:N1}として、[被害]{ひがい:damage:N2}[拡大]{かくだい:expansion:N1}の[防止]{ぼうし:prevention:N2}と[証拠]{しょうこ:evidence:N1}[保全]{ほぜん:preservation:N1}を[行い]{おこない:carry out:N5}ます。その[後]{ご:after:N5}、[原因]{げんいん:cause:N3}[究明]{きゅうめい:investigation:N4}を[行い]{おこない:carry out:N5}、[影響]{えいきょう:impact:N1}[範囲]{はんい:scope:N1}を[確認]{かくにん:confirm:N3}します。[再発]{さいはつ:recurrence:N2}[防止策]{ぼうしさく:preventive measures:N1}を[策定]{さくてい:formulate:N1}し、[本人]{ほんにん:the person:N5}への[通知]{つうち:notification:N4}と[個人]{こじん:individual:N2}[情報]{じょうほう:information:N3}[保護]{ほご:protection:N1}[委員会]{いいんかい:commission:N2}（PPC）への[報告]{ほうこく:report:N3}を[行い]{おこない:carry out:N5}ます。\n\n#en\nThe response flow when a personal information leakage incident occurs is as follows. First, the discoverer promptly reports to the person in charge. Next, as an initial response, prevention of damage expansion and evidence preservation are carried out. After that, cause investigation is conducted and the scope of impact is confirmed. Recurrence prevention measures are formulated, and notification to the individual and reporting to the Personal Information Protection Commission (PPC) are carried out.\n::\n\n::heading\n[法]{ほう:law:N3}[第]{だい:number:N1}26[条]{じょう:article:N1}：[報告]{ほうこく:report:N3}[義務]{ぎむ:obligation:N1}のある[事案]{じあん:incident:N1}\n\n#en\nArticle 26: incidents requiring mandatory reporting\n::\n\n::para\n2022[年]{ねん:year:N5}4[月]{がつ:month:N5}[施行]{しこう:enforcement:N1}の[改正]{かいせい:amended:N2}[法]{ほう:law:N3}[第]{だい:number:N1}26[条]{じょう:article:N1}により、[一定]{いってい:certain:N3}の[要件]{ようけん:requirements:N3}に[該当]{がいとう:applicable:N1}する[漏洩]{ろうえい:leakage:N1}[等]{とう:etc.:N3}が[発生]{はっせい:occur:N4}した[場合]{ばあい:case:N3}は、PPC への[報告]{ほうこく:report:N3}と[本人]{ほんにん:the person:N5}への[通知]{つうち:notification:N4}が[義務]{ぎむ:obligation:N1}とされました。[報告]{ほうこく:report:N3}[義務]{ぎむ:obligation:N1}のある[事案]{じあん:incident:N1}の[判断]{はんだん:judgment:N3}[基準]{きじゅん:criteria:N1}は、[要配慮]{ようはいりょ:requiring special care:N1}[個人]{こじん:individual:N2}[情報]{じょうほう:information:N3}の[漏洩]{ろうえい:leakage:N1}、[不正]{ふせい:unauthorized:N4}に[利用]{りよう:use:N3}されることで[財産的]{ざいさんてき:property-related:N3}[被害]{ひがい:damage:N2}が[生じる]{しょうじる:arise:N5}おそれがある[漏洩]{ろうえい:leakage:N1}、[不正]{ふせい:unauthorized:N4}の[目的]{もくてき:purpose:N4}をもって[行われた]{おこなわれた:carried out:N5}おそれがある[漏洩]{ろうえい:leakage:N1}、1,000[人]{にん:person:N5}を[超える]{こえる:exceed:N2}[漏洩]{ろうえい:leakage:N1}です。[報告]{ほうこく:report:N3}は[速報]{そくほう:preliminary report:N3}（[事態]{じたい:situation:N1}[発覚]{はっかく:discovery:N3}から[概ね]{おおむね:roughly:N1}3～5[日]{にち:day:N5}[以内]{いない:within:N3}）と[確報]{かくほう:definitive report:N3}（30[日]{にち:day:N5}[以内]{いない:within:N3}、[不正]{ふせい:unauthorized:N4}[目的]{もくてき:purpose:N4}の[場合]{ばあい:case:N3}は60[日]{にち:day:N5}[以内]{いない:within:N3}）の2[段階]{だんかい:stage:N2}です。\n\n#en\nUnder Article 26 of the amended law enforced in April 2022, reporting to PPC and notification to the individual became mandatory when certain qualifying leaks occur. The criteria for incidents requiring reporting are: leakage of specially-care-required personal information, leakage that may cause property damage through unauthorized use, leakage suspected of being carried out for unauthorized purposes, and leakage exceeding 1,000 persons. Reporting is in two stages: a preliminary report (roughly within 3-5 days of discovery) and a definitive report (within 30 days; within 60 days for cases of unauthorized purpose).\n::\n\n::heading\n[苦情]{くじょう:complaint:N3}[対応]{たいおう:handling:N1}とフォローアップ\n\n#en\nComplaint handling and follow-up\n::\n\n::para\n[苦情]{くじょう:complaint:N3}[対応]{たいおう:handling:N1}については、[受付]{うけつけ:reception:N3}[窓口]{まどぐち:contact point:N3}を[明確]{めいかく:clearly:N3}に[設置]{せっち:establish:N2}し、[苦情]{くじょう:complaint:N3}の[内容]{ないよう:content:N3}、[対応]{たいおう:response:N1}[経過]{けいか:progress:N3}、[結果]{けっか:result:N1}を[記録]{きろく:record:N2}します。[誠実]{せいじつ:sincere:N1}かつ[迅速]{じんそく:swift:N1}な[対応]{たいおう:response:N1}が[求められ]{もとめられ:required:N3}、[対応]{たいおう:response:N1}[後]{ご:after:N5}のフォローアップ（[本人]{ほんにん:the person:N5}への[結果]{けっか:result:N1}[連絡]{れんらく:communication:N2}、[再発]{さいはつ:recurrence:N2}[防止]{ぼうし:prevention:N2}の[確認]{かくにん:confirmation:N3}）も[重要]{じゅうよう:important:N3}です。[苦情]{くじょう:complaint:N3}[記録]{きろく:record:N2}は[蓄積]{ちくせき:accumulate:N1}し、[傾向]{けいこう:trend:N2}[分析]{ぶんせき:analysis:N1}を[行う]{おこなう:carry out:N5}ことで、[組織]{そしき:organization:N1}の[弱点]{じゃくてん:weakness:N2}を[改善]{かいぜん:improve:N1}する[材料]{ざいりょう:material:N2}とします。\n\n#en\nFor complaint handling, a reception contact point is clearly established, and the content of complaints, response progress, and results are recorded. Sincere and swift responses are required, and follow-up after responses (communicating results to the individual, confirming recurrence prevention) is also important. Complaint records are accumulated and trend analysis is performed, using them as material for improving organizational weaknesses.\n::\n",{"id":194,"title":200,"titleEn":201,"topicPath":202,"questions":203},"第２編 組織的・人的セキュリティ 確認テスト","Chapter 2: Organizational & Human Security — Practice Test","software\u002Fkojin-joho-hogo\u002Fkadai-2\u002Fhen-02-soshikiteki-jinteki",[204,232,256,280,303,326,350,374,397,421,445,470,493],{"id":205,"articleId":206,"question":207,"options":210,"correctLabel":212,"explanation":227,"tags":230},"kjh-k2-h02-q01","kjh-k2-h02-soshiki-kiso",{"en":208,"jp":209},"Among the four risk treatment methods, what is it called when you stop the activity that causes the risk entirely?","リスク[対策]{たいさく:countermeasure}の4[手法]{しゅほう:methods}のうち、リスクの[原因]{げんいん:cause}となる[活動]{かつどう:activity}[自体]{じたい:itself}を[取]{と:take}りやめることを[何]{なに:what}というか。",[211,215,219,223],{"label":212,"jp":213,"en":214},"ア","リスク[回避]{かいひ:avoidance}","Risk avoidance",{"label":216,"jp":217,"en":218},"イ","リスク[低減]{ていげん:reduction}","Risk reduction",{"label":220,"jp":221,"en":222},"ウ","リスク[移転]{いてん:transfer}","Risk transfer",{"label":224,"jp":225,"en":226},"エ","リスク[受容]{じゅよう:acceptance}","Risk acceptance",{"en":228,"jp":229},"Risk avoidance means discontinuing the activity that causes the risk. Reduction lowers the probability or impact through security measures. Transfer shifts the risk to others via insurance or outsourcing. Acceptance means tolerating the risk as-is.","リスク[回避]{かいひ:avoidance}は、リスクの[原因]{げんいん:cause}となる[活動]{かつどう:activity}そのものを[中止]{ちゅうし:discontinue}する[方法]{ほうほう:method}。[低減]{ていげん:reduction}はセキュリティ[対策]{たいさく:countermeasure}で[発生]{はっせい:occurrence}[確率]{かくりつ:probability}や[影響]{えいきょう:impact}を[下]{さ:lower}げること、[移転]{いてん:transfer}は[保険]{ほけん:insurance}や[外部]{がいぶ:external}[委託]{いたく:outsourcing}でリスクを[他者]{たしゃ:others}に[移]{うつ:transfer}すこと、[受容]{じゅよう:acceptance}はリスクをそのまま[受]{う:accept}け[入]{い:accept}れることである。",[231],"risk-management",{"id":233,"articleId":234,"question":235,"options":238,"correctLabel":220,"explanation":251,"tags":254},"kjh-k2-h02-q02","kjh-k1-h04-anzen-kanri",{"en":236,"jp":237},"Which of the following is NOT included in the organizational safety management measures under the Personal Information Protection Act guidelines?","[個人情報]{こじんじょうほう:personal information}[保護法]{ほごほう:protection law}ガイドラインにおける[組織的]{そしきてき:organizational}[安全]{あんぜん:safety}[管理]{かんり:management}[措置]{そち:measures}に[含]{ふく:include}まれないものはどれか。",[239,242,245,248],{"label":212,"jp":240,"en":241},"[組織]{そしき:organization}[体制]{たいせい:structure}の[整備]{せいび:establishment}","Establishment of organizational structure",{"label":216,"jp":243,"en":244},"[個人]{こじん:personal}データの[取扱]{とりあつかい:handling}いに[係]{かか:related}る[規律]{きりつ:rules}の[整備]{せいび:establishment}","Establishment of rules for handling personal data",{"label":220,"jp":246,"en":247},"[従業者]{じゅうぎょうしゃ:employee}に対する[教育]{きょういく:education}・[訓練]{くんれん:training}の[実施]{じっし:implementation}","Implementation of education and training for employees",{"label":224,"jp":249,"en":250},"[取扱]{とりあつかい:handling}[状況]{じょうきょう:status}を[確認]{かくにん:confirm}する[手段]{しゅだん:means}の[整備]{せいび:establishment}","Establishment of means to confirm handling status",{"en":252,"jp":253},"Organizational safety management measures consist of 5 items: (1) organizational structure, (2) rules for handling, (3) means to confirm handling status, (4) incident response structure, and (5) review of handling status and safety measures. Education and training for employees falls under \"human safety management measures.\"","[組織的]{そしきてき:organizational}[安全]{あんぜん:safety}[管理]{かんり:management}[措置]{そち:measures}は、(1)[組織]{そしき:organization}[体制]{たいせい:structure}の[整備]{せいび:establishment}、(2)[規律]{きりつ:rules}の[整備]{せいび:establishment}、(3)[取扱]{とりあつかい:handling}[状況]{じょうきょう:status}の[確認]{かくにん:confirmation}[手段]{しゅだん:means}、(4)[漏]{ろう:leak}えい[事案]{じあん:incident}への[対応]{たいおう:response}[体制]{たいせい:structure}、(5)[取扱]{とりあつかい:handling}[状況]{じょうきょう:status}の[把握]{はあく:grasp}・[安全]{あんぜん:safety}[管理]{かんり:management}[措置]{そち:measures}の[見直]{みなお:review}しの5[項目]{こうもく:items}。[従業者]{じゅうぎょうしゃ:employee}への[教育]{きょういく:education}・[訓練]{くんれん:training}は「[人的]{じんてき:human}[安全]{あんぜん:safety}[管理]{かんり:management}[措置]{そち:measures}」に[該当]{がいとう:applicable}する。",[255],"organizational-measures",{"id":257,"articleId":234,"question":258,"options":261,"correctLabel":220,"explanation":274,"tags":277},"kjh-k2-h02-q03",{"en":259,"jp":260},"Which of the following correctly defines \"employee\" (juugyousha) under the Personal Information Protection Act?","[個人情報]{こじんじょうほう:personal information}[保護法]{ほごほう:protection law}における「[従業者]{じゅうぎょうしゃ:employee}」の[定義]{ていぎ:definition}として[正]{ただ:correct}しいものはどれか。",[262,265,268,271],{"label":212,"jp":263,"en":264},"[正]{せい:regular}[社員]{しゃいん:employee}のみを[指]{さ:refer to}す","Refers only to regular (full-time) employees",{"label":216,"jp":266,"en":267},"[正]{せい:regular}[社員]{しゃいん:employee}および[契約]{けいやく:contract}[社員]{しゃいん:employee}のみを[指]{さ:refer to}す","Refers only to regular and contract employees",{"label":220,"jp":269,"en":270},"[雇用]{こよう:employment}[関係]{かんけい:relationship}にある[従業員]{じゅうぎょういん:employee}のほか、[取締役]{とりしまりやく:director}、[派遣]{はけん:dispatch}[社員]{しゃいん:worker}[等]{とう:etc.}も[含]{ふく:include}む","Includes employees in an employment relationship, as well as directors, dispatched workers, etc.",{"label":224,"jp":272,"en":273},"[業務]{ぎょうむ:business}[委託先]{いたくさき:outsourcing partner}の[社員]{しゃいん:employee}も[含]{ふく:include}む","Also includes employees of outsourcing partners",{"en":275,"jp":276},"\"Employee\" under the Act includes all persons working under the command of the business operator: regular employees, directors, executive officers, trustees, auditors, dispatched workers, etc. However, employees of outsourcing partners are NOT included.","[個人情報]{こじんじょうほう:personal information}[保護法]{ほごほう:protection law}の「[従業者]{じゅうぎょうしゃ:employee}」は、[雇用]{こよう:employment}[関係]{かんけい:relationship}にある[従業員]{じゅうぎょういん:employee}だけでなく、[取締役]{とりしまりやく:director}、[執行役]{しっこうやく:executive officer}、[理事]{りじ:trustee}、[監査役]{かんさやく:auditor}、[派遣]{はけん:dispatch}[社員]{しゃいん:worker}[等]{とう:etc.}、[事業者]{じぎょうしゃ:business operator}の[指揮]{しき:command}[命令]{めいれい:order}の[下]{もと:under}で[業務]{ぎょうむ:business}に[従事]{じゅうじ:engage}する[者]{もの:person}すべてを[含]{ふく:include}む。ただし、[委託先]{いたくさき:outsourcing partner}の[社員]{しゃいん:employee}は[含]{ふく:include}まない。",[278,279],"human-measures","employee-definition",{"id":281,"articleId":6,"question":282,"options":285,"correctLabel":224,"explanation":298,"tags":301},"kjh-k2-h02-q04",{"en":283,"jp":284},"Which of the following is NOT included in the three elements of outsourcing partner supervision?","[委託先]{いたくさき:outsourcing partner}の[監督]{かんとく:supervision}における3[要素]{ようそ:elements}に[含]{ふく:include}まれないものはどれか。",[286,289,292,295],{"label":212,"jp":287,"en":288},"[適切]{てきせつ:appropriate}な[委託先]{いたくさき:outsourcing partner}の[選定]{せんてい:selection}","Appropriate selection of the outsourcing partner",{"label":216,"jp":290,"en":291},"[委託]{いたく:outsourcing}[契約]{けいやく:contract}の[締結]{ていけつ:conclusion}","Conclusion of an outsourcing contract",{"label":220,"jp":293,"en":294},"[委託先]{いたくさき:outsourcing partner}における[取扱]{とりあつかい:handling}[状況]{じょうきょう:status}の[把握]{はあく:grasp}","Monitoring the handling status at the outsourcing partner",{"label":224,"jp":296,"en":297},"[委託先]{いたくさき:outsourcing partner}[社員]{しゃいん:employee}への[直接]{ちょくせつ:direct}[指揮]{しき:command}[命令]{めいれい:order}","Direct command and control of the outsourcing partner's employees",{"en":299,"jp":300},"The three elements of outsourcing partner supervision are: (1) appropriate selection, (2) conclusion of a contract, and (3) monitoring handling status. Directly commanding the outsourcing partner's employees could constitute disguised contracting (gisou ukeoi) and is not part of proper supervision.","[委託先]{いたくさき:outsourcing partner}[監督]{かんとく:supervision}の3[要素]{ようそ:elements}は、(1)[適切]{てきせつ:appropriate}な[委託先]{いたくさき:outsourcing partner}の[選定]{せんてい:selection}、(2)[委託]{いたく:outsourcing}[契約]{けいやく:contract}の[締結]{ていけつ:conclusion}、(3)[委託先]{いたくさき:outsourcing partner}における[取扱]{とりあつかい:handling}[状況]{じょうきょう:status}の[把握]{はあく:grasp}。[委託先]{いたくさき:outsourcing partner}[社員]{しゃいん:employee}への[直接]{ちょくせつ:direct}[指揮]{しき:command}[命令]{めいれい:order}は[偽装]{ぎそう:fake}[請負]{うけおい:contracting}に[該当]{がいとう:applicable}する[恐]{おそ:fear}れがあり、[監督]{かんとく:supervision}の[要素]{ようそ:element}ではない。",[302],"outsourcing-supervision",{"id":304,"articleId":6,"question":305,"options":308,"correctLabel":224,"explanation":321,"tags":324},"kjh-k2-h02-q05",{"en":306,"jp":307},"What should be done FIRST when a personal data breach occurs?","[個人]{こじん:personal}データの[漏]{ろう:leak}えい[等]{とう:etc.}が[発生]{はっせい:occur}した[場合]{ばあい:case}の[対応]{たいおう:response}フローとして[最初]{さいしょ:first}に[行]{おこな:perform}うべきことはどれか。",[309,312,315,318],{"label":212,"jp":310,"en":311},"[個人情報]{こじんじょうほう:personal information}[保護]{ほご:protection}[委員会]{いいんかい:commission}への[報告]{ほうこく:report}","Reporting to the Personal Information Protection Commission",{"label":216,"jp":313,"en":314},"[本人]{ほんにん:the individual}への[通知]{つうち:notification}","Notifying the individual",{"label":220,"jp":316,"en":317},"[事実]{じじつ:fact}[関係]{かんけい:relationship}の[調査]{ちょうさ:investigation}および[原因]{げんいん:cause}の[究明]{きゅうめい:investigation}","Investigation of the facts and root cause analysis",{"label":224,"jp":319,"en":320},"[事業者]{じぎょうしゃ:business operator}[内部]{ないぶ:internal}における[報告]{ほうこく:report}および[被害]{ひがい:damage}[拡大]{かくだい:expansion}[防止]{ぼうし:prevention}","Internal reporting and prevention of further damage",{"en":322,"jp":323},"The breach response flow is: (1) internal reporting and damage containment, (2) fact-finding and root cause analysis, (3) scope identification, (4) recurrence prevention, and (5) reporting to the PPC and notifying the individual. Internal reporting and containment come first.","[漏]{ろう:leak}えい[等]{とう:etc.}[発生]{はっせい:occurrence}[時]{じ:time}のフローは、まず(1)[事業者]{じぎょうしゃ:business operator}[内部]{ないぶ:internal}での[報告]{ほうこく:report}・[被害]{ひがい:damage}[拡大]{かくだい:expansion}[防止]{ぼうし:prevention}、(2)[事実]{じじつ:fact}[関係]{かんけい:relationship}の[調査]{ちょうさ:investigation}・[原因]{げんいん:cause}[究明]{きゅうめい:investigation}、(3)[影響]{えいきょう:impact}[範囲]{はんい:scope}の[特定]{とくてい:identification}、(4)[再発]{さいはつ:recurrence}[防止策]{ぼうしさく:prevention measures}、(5)[個人情報]{こじんじょうほう:personal information}[保護]{ほご:protection}[委員会]{いいんかい:commission}への[報告]{ほうこく:report}・[本人]{ほんにん:the individual}への[通知]{つうち:notification}の[順]{じゅん:order}で[行]{おこな:perform}う。",[325],"incident-response",{"id":327,"articleId":6,"question":328,"options":331,"correctLabel":212,"explanation":344,"tags":347},"kjh-k2-h02-q06",{"en":329,"jp":330},"In establishing the organizational structure, which position oversees the entire personal information protection system of the business operator?","[組織]{そしき:organizational}[体制]{たいせい:structure}の[整備]{せいび:establishment}において、[事業者]{じぎょうしゃ:business operator}[全体]{ぜんたい:overall}の[個人]{こじん:personal}[情報]{じょうほう:information}[保護]{ほご:protection}[体制]{たいせい:system}を[統括]{とうかつ:oversee}する[役職]{やくしょく:position}はどれか。",[332,335,338,341],{"label":212,"jp":333,"en":334},"CPO（Chief Privacy Officer）","CPO (Chief Privacy Officer)",{"label":216,"jp":336,"en":337},"[個人]{こじん:personal}[情報]{じょうほう:information}[保護]{ほご:protection}[監査]{かんさ:audit}[責任者]{せきにんしゃ:officer}","Personal Information Protection Audit Officer",{"label":220,"jp":339,"en":340},"[部門]{ぶもん:division}[長]{ちょう:manager}","Division Manager",{"label":224,"jp":342,"en":343},"[取扱]{とりあつかい:handling}[担当者]{たんとうしゃ:staff}","Handling Staff",{"en":345,"jp":346},"The CPO (Chief Privacy Officer) sits at the top and oversees the entire organization's personal information protection system. The audit officer conducts audits from a position independent of the CPO. Division managers supervise at the field level, and handling staff are the workers who actually handle personal data.","CPO（Chief Privacy Officer）は[最]{もっと:most}[上位]{じょうい:top}に[配置]{はいち:placed}され、[組織]{そしき:organization}[全体]{ぜんたい:entire}の[個人]{こじん:personal}[情報]{じょうほう:information}[保護]{ほご:protection}[体制]{たいせい:system}を[統括]{とうかつ:oversee}する。[監査]{かんさ:audit}[責任者]{せきにんしゃ:officer}はCPOから[独立]{どくりつ:independent}した[立場]{たちば:position}で[監査]{かんさ:audit}を[行う]{おこなう:perform}。[部門]{ぶもん:division}[長]{ちょう:manager}は[現場]{げんば:field}[レベル]{レベル:level}での[監督]{かんとく:supervision}、[取扱]{とりあつかい:handling}[担当者]{たんとうしゃ:staff}は[実際]{じっさい:actual}に[個人]{こじん:personal}データを[扱う]{あつかう:handle}[者]{もの:persons}である。",[348,349],"organizational-structure","CPO",{"id":351,"articleId":6,"question":352,"options":355,"correctLabel":224,"explanation":368,"tags":371},"kjh-k2-h02-q07",{"en":353,"jp":354},"Which of the following is NOT a triggering condition for the leakage reporting obligation under Article 26 of the amended Personal Information Protection Act?","[改正]{かいせい:amended}[個人]{こじん:personal}[情報]{じょうほう:information}[保護法]{ほごほう:Protection Act}[第]{だい:Article}26[条]{じょう:article}における[漏]{ろう:leak}えい[等]{とう:etc.}[報告]{ほうこく:report}[義務]{ぎむ:obligation}の[対象]{たいしょう:subject}[要件]{ようけん:requirement}に[該当]{がいとう:applicable}しないものはどれか。",[356,359,362,365],{"label":212,"jp":357,"en":358},"[要]{よう:requiring}[配慮]{はいりょ:consideration}[個人]{こじん:personal}[情報]{じょうほう:information}の[漏]{ろう:leak}えい","Leakage of specially-care-required personal information",{"label":216,"jp":360,"en":361},"[不正]{ふせい:unauthorized}[利用]{りよう:use}による[財産的]{ざいさんてき:property}[被害]{ひがい:damage}の[恐]{おそ:fear}れがある[漏]{ろう:leak}えい","Leakage that may cause property damage through unauthorized use",{"label":220,"jp":363,"en":364},"[不正]{ふせい:unauthorized}な[目的]{もくてき:purpose}による[恐]{おそ:fear}れがある[漏]{ろう:leak}えい","Leakage suspected of being for unauthorized purposes",{"label":224,"jp":366,"en":367},"100[人]{にん:persons}を[超]{こ:exceed}える[漏]{ろう:leak}えい","Leakage exceeding 100 individuals",{"en":369,"jp":370},"The numerical threshold is \"leakage exceeding 1,000 persons,\" not 100. The other three are all conditions that mandate reporting to the PPC and notifying the individual. Reporting is in two stages: preliminary report (within 3-5 days of discovery) and definitive report (within 30 days; 60 days for unauthorized-purpose cases).","[数]{かず:numerical}[的]{てき:-ical}[要件]{ようけん:requirement}は「1,000[人]{にん:persons}を[超]{こ:exceed}える[漏]{ろう:leak}えい」であり、100[人]{にん:persons}ではない。[他]{ほか:other}の3つはすべてPPCへの[報告]{ほうこく:report}・[本人]{ほんにん:individual}[通知]{つうち:notification}が[義務]{ぎむ:mandatory}づけられる[要件]{ようけん:condition}。[報告]{ほうこく:report}は[速報]{そくほう:preliminary report}（[発見]{はっけん:discovery}から3〜5[日]{にち:days}[以内]{いない:within}）と[確報]{かくほう:definitive report}（30[日]{にち:days}[以内]{いない:within}、[不正]{ふせい:unauthorized}[目的]{もくてき:purpose}は60[日]{にち:days}）の2[段階]{だんかい:stages}で[行う]{おこなう:made}。",[372,373],"breach-reporting","article-26",{"id":375,"articleId":6,"question":376,"options":379,"correctLabel":224,"explanation":392,"tags":395},"kjh-k2-h02-q08",{"en":377,"jp":378},"Which of the following is NOT an appropriate point in time to conclude or confirm a non-disclosure agreement (NDA)?","[秘密]{ひみつ:secret}[保持]{ほじ:maintenance}[契約]{けいやく:contract}（NDA）の[締結]{ていけつ:conclusion}[時]{じ:time}[点]{てん:point}として[適切]{てきせつ:appropriate}でないものはどれか。",[380,383,386,389],{"label":212,"jp":381,"en":382},"[入社]{にゅうしゃ:joining the company}[時]{じ:time}に[誓約書]{せいやくしょ:pledge}を[提出]{ていしゅつ:submit}させる","Submitting a pledge upon joining the company",{"label":216,"jp":384,"en":385},"[部署]{ぶしょ:department}[異動]{いどう:transfer}[時]{じ:time}に[再度]{さいど:again}[確認]{かくにん:confirm}する","Re-confirming upon department transfer",{"label":220,"jp":387,"en":388},"[退職]{たいしょく:resignation}[時]{じ:time}に[退職]{たいしょく:after leaving}[後]{ご:after}も[継続]{けいぞく:continuing}する[守秘]{しゅひ:confidentiality}[義務]{ぎむ:obligation}を[書面]{しょめん:in writing}で[確認]{かくにん:confirm}する","Confirming the continuing post-resignation confidentiality obligation in writing at resignation",{"label":224,"jp":390,"en":391},"[採用]{さいよう:hiring}[面接]{めんせつ:interview}の[段階]{だんかい:stage}で[応募者]{おうぼしゃ:applicant}[全員]{ぜんいん:all}に[締結]{ていけつ:conclude}させる","Requiring all applicants to sign at the recruitment interview stage",{"en":393,"jp":394},"NDAs are concluded and confirmed at three points: joining, department transfer, and resignation. At the recruitment interview stage, no employment relationship exists yet, so it would lack effectiveness. Provisions should also be in employment rules, with disciplinary actions for violations clearly stated.","NDAは[入社]{にゅうしゃ:joining}[時]{じ:time}・[部署]{ぶしょ:department}[異動]{いどう:transfer}[時]{じ:time}・[退職]{たいしょく:resignation}[時]{じ:time}の3つの[時点]{じてん:points in time}で[締結]{ていけつ:concluded}・[確認]{かくにん:confirmed}する。[採用]{さいよう:recruitment}[面接]{めんせつ:interview}[段階]{だんかい:stage}では[雇用]{こよう:employment}[関係]{かんけい:relationship}が[成立]{せいりつ:established}しておらず[実効性]{じっこうせい:effectiveness}に[乏しい]{とぼしい:lacking}。[就業]{しゅうぎょう:employment}[規則]{きそく:rules}にも[規定]{きてい:provisions}を[設け]{もうけ:establish}、[違反]{いはん:violation}[時]{じ:case}の[懲戒]{ちょうかい:disciplinary}[処分]{しょぶん:action}を[明記]{めいき:state}する。",[396,97],"NDA",{"id":398,"articleId":6,"question":399,"options":402,"correctLabel":216,"explanation":415,"tags":418},"kjh-k2-h02-q09",{"en":400,"jp":401},"Which of the following correctly describes internal audits?","[内部]{ないぶ:internal}[監査]{かんさ:audit}についての[説明]{せつめい:explanation}として[正]{ただ:correct}しいものはどれか。",[403,406,409,412],{"label":212,"jp":404,"en":405},"[監査]{かんさ:audit}は[被]{ひ:audited}[監査]{かんさ:audit}[部門]{ぶもん:department}と[同]{おな:same}じ[部門]{ぶもん:department}が[実施]{じっし:conduct}する","Audits are conducted by the same department as the audited department",{"label":216,"jp":407,"en":408},"PDCAサイクルの「Check」と「Act」に[該当]{がいとう:correspond}し、[年]{ねん:year}に1[回]{かい:time}[以上]{いじょう:or more}[実施]{じっし:conduct}するのが[望]{のぞ:desirable}ましい","Corresponds to \"Check\" and \"Act\" in the PDCA cycle and is desirable to conduct at least once per year",{"label":220,"jp":410,"en":411},"[監査]{かんさ:audit}[結果]{けっか:results}は[機密]{きみつ:confidential}[性]{せい:-ity}[保持]{ほじ:maintenance}のため[経営]{けいえい:management}[層]{そう:level}には[報告]{ほうこく:report}しない","Audit results are not reported to management for confidentiality reasons",{"label":224,"jp":413,"en":414},"[外部]{がいぶ:external}[環境]{かんきょう:environment}の[変化]{へんか:change}は[監査]{かんさ:audit}や[見直し]{みなおし:review}には[影響]{えいきょう:influence}しない","External environment changes do not affect audits or reviews",{"en":416,"jp":417},"Internal audits correspond to \"Check\" and \"Act\" in PDCA and are desirably conducted at least once a year. Audits must be conducted objectively from an independent position (audit officer independent of the CPO). Results are reported to management, with corrective measures taken. Reviews are conducted in response to legal amendments and new threats.","[内部]{ないぶ:internal}[監査]{かんさ:audit}はPDCAの「Check（[点検]{てんけん:check}）」「Act（[改善]{かいぜん:improvement}）」に[該当]{がいとう:corresponds}し、[年]{ねん:year}1[回]{かい:time}[以上]{いじょう:or more}が[望]{のぞ:desired}ましい。[監査]{かんさ:audit}は[独立]{どくりつ:independent}した[立場]{たちば:position}（CPOから[独立]{どくりつ:independent}した[監査]{かんさ:audit}[責任者]{せきにんしゃ:officer}）から[客観的]{きゃっかんてき:objectively}に[行う]{おこなう:conducted}必要があり、[結果]{けっか:results}は[経営]{けいえい:management}[層]{そう:level}に[報告]{ほうこく:report}し[是正]{ぜせい:corrective}[措置]{そち:measures}を[講]{こう:take}じる。[法令]{ほうれい:legal}[改正]{かいせい:amendments}や[新た]{あらた:new}な[脅威]{きょうい:threats}に[応]{おう:in response to}じて[見直]{みなお:review}しを[行う]{おこなう:conducted}。",[419,420],"internal-audit","PDCA",{"id":422,"articleId":206,"question":423,"options":426,"correctLabel":216,"explanation":439,"tags":442},"kjh-k2-h02-q10",{"en":424,"jp":425},"In the hierarchical document structure for personal information protection, which document is at the highest level?","[個人]{こじん:personal}[情報]{じょうほう:information}[保護]{ほご:protection}に[関]{かん:related}する[規程]{きてい:regulation}[文書]{ぶんしょ:documents}の[階層]{かいそう:hierarchy}[構造]{こうぞう:structure}において、[最上位]{さいじょうい:highest level}に[位置]{いち:positioned}するのはどれか。",[427,430,433,436],{"label":212,"jp":428,"en":429},"[実施]{じっし:implementation}[手順書]{てじゅんしょ:procedure manual}・マニュアル","Implementation procedure manuals",{"label":216,"jp":431,"en":432},"[基本]{きほん:basic}[方針]{ほうしん:policy}（プライバシーポリシー）","Basic policy (privacy policy)",{"label":220,"jp":434,"en":435},"[個人]{こじん:personal}[情報]{じょうほう:information}[保護]{ほご:protection}[規程]{きてい:regulation}（[管理]{かんり:management}[規程]{きてい:regulation}）","Personal information protection regulations (management regulations)",{"label":224,"jp":437,"en":438},"[様式]{ようしき:forms}・[記録]{きろく:records}（[申請書]{しんせいしょ:application forms}・[台帳]{だいちょう:ledgers}）","Forms and records (application forms, ledgers)",{"en":440,"jp":441},"The document system has 4 tiers: highest = basic policy (privacy policy); second = protection regulations; third = implementation procedure manuals; fourth = forms and records. Higher-level documents show organizational intent; lower-level documents stipulate concrete operations.","[文書]{ぶんしょ:document}[体系]{たいけい:system}は4[層]{そう:tiers}：[最上位]{さいじょうい:highest}＝[基本]{きほん:basic}[方針]{ほうしん:policy}（プライバシーポリシー）、[第二]{だいに:second}[層]{そう:layer}＝[保護]{ほご:protection}[規程]{きてい:regulation}、[第三]{だいさん:third}[層]{そう:layer}＝[実施]{じっし:implementation}[手順書]{てじゅんしょ:procedure manual}、[第四]{だいよん:fourth}[層]{そう:layer}＝[様式]{ようしき:forms}・[記録]{きろく:records}。[上位]{じょうい:higher}[文書]{ぶんしょ:documents}は[組織]{そしき:organization}の[意思]{いし:intent}を[示し]{しめし:show}、[下位]{かい:lower}[文書]{ぶんしょ:documents}は[具体的]{ぐたいてき:concrete}な[運用]{うんよう:operation}を[規定]{きてい:stipulate}する。",[443,444],"policy-hierarchy","privacy-policy",{"id":446,"articleId":206,"question":447,"options":450,"correctLabel":216,"explanation":463,"tags":466},"kjh-k2-h02-q11",{"en":448,"jp":449},"Which is the correct formula for calculating ALE (Annual Loss Expectancy) in quantitative risk analysis?","[定量的]{ていりょうてき:quantitative}リスク[分析]{ぶんせき:analysis}における ALE（Annual Loss Expectancy）の[計算]{けいさん:calculation}[式]{しき:formula}として[正]{ただ:correct}しいものはどれか。",[451,454,457,460],{"label":212,"jp":452,"en":453},"ALE ＝ [脅威]{きょうい:threat} × [脆弱性]{ぜいじゃくせい:vulnerability}","ALE = Threat x Vulnerability",{"label":216,"jp":455,"en":456},"ALE ＝ SLE × ARO","ALE = SLE x ARO",{"label":220,"jp":458,"en":459},"ALE ＝ [資産]{しさん:asset}[価値]{かち:value} ÷ [発生]{はっせい:occurrence}[頻度]{ひんど:frequency}","ALE = Asset Value \u002F Occurrence Frequency",{"label":224,"jp":461,"en":462},"ALE ＝ [被害]{ひがい:damage}[額]{がく:amount} ＋ [対策]{たいさく:countermeasure}[費用]{ひよう:cost}","ALE = Damage Amount + Countermeasure Cost",{"en":464,"jp":465},"ALE (Annual Loss Expectancy) = SLE (Single Loss Expectancy) x ARO (Annualized Rate of Occurrence). Example: if a single leak causes 5 million yen damage and occurs 0.1 times\u002Fyear, ALE = 500,000 yen. Qualitative analysis uses level ratings like \"high\u002Fmedium\u002Flow.\"","ALE（Annual Loss Expectancy、[年間]{ねんかん:annual}[予想]{よそう:expected}[損失額]{そんしつがく:loss amount}）＝SLE（Single Loss Expectancy、1[回]{かい:one}[当]{あ:per}たりの[損失額]{そんしつがく:loss amount}）×ARO（Annualized Rate of Occurrence、[年間]{ねんかん:annual}[発生]{はっせい:occurrence}[頻度]{ひんど:frequency}）。[例]{れい:example}：1[回]{かい:one}の[漏]{ろう:leak}えいで500[万]{まん:10,000}[円]{えん:yen}の[被害]{ひがい:damage}が[予想]{よそう:expected}され、[年]{ねん:year}0.1[回]{かい:times}[発生]{はっせい:occur}するなら、ALE＝50[万]{まん:10,000}[円]{えん:yen}。[定性的]{ていせいてき:qualitative}[分析]{ぶんせき:analysis}は「[高]{こう:high}・[中]{ちゅう:medium}・[低]{てい:low}」のレベル[評価]{ひょうか:evaluation}である。",[467,468,469],"risk-analysis","quantitative","ALE",{"id":471,"articleId":6,"question":472,"options":475,"correctLabel":216,"explanation":488,"tags":491},"kjh-k2-h02-q12",{"en":473,"jp":474},"What may a situation be considered when an outsourcer directly commands the outsourcing partner's employees?","[委託先]{いたくさき:outsourcing partner}[社員]{しゃいん:employee}を[委託元]{いたくもと:outsourcer}[企業]{きぎょう:company}が[直接]{ちょくせつ:directly}[指揮]{しき:command}[命令]{めいれい:order}した[場合]{ばあい:case}に[該当]{がいとう:applicable}する[恐]{おそ:concern}れがあるものはどれか。",[476,479,482,485],{"label":212,"jp":477,"en":478},"[適法]{てきほう:legal}な[業務]{ぎょうむ:business}[委託]{いたく:outsourcing}","Legal business outsourcing",{"label":216,"jp":480,"en":481},"[偽装]{ぎそう:disguised}[請負]{うけおい:contracting}","Disguised contracting (gisou ukeoi)",{"label":220,"jp":483,"en":484},"[再]{さい:sub-}[委託]{いたく:outsourcing}","Subcontracting",{"label":224,"jp":486,"en":487},"[労働]{ろうどう:labor}[者]{しゃ:worker}[派遣]{はけん:dispatch}","Worker dispatch",{"en":489,"jp":490},"Under a business outsourcing (contracting) agreement, command and control of the outsourcing partner's employees should be performed by the outsourcing partner company. If the outsourcer directly commands them, the actual situation is no different from worker dispatch and may constitute \"disguised contracting\" (gisou ukeoi), which violates the Worker Dispatch Act.","[業務]{ぎょうむ:business}[委託]{いたく:outsourcing}（[請負]{うけおい:contracting}）[契約]{けいやく:contract}では、[委託先]{いたくさき:outsourcing partner}[社員]{しゃいん:employee}への[指揮]{しき:command}[命令]{めいれい:order}は[委託先]{いたくさき:outsourcing partner}[企業]{きぎょう:company}が[行う]{おこなう:perform}べき。[委託元]{いたくもと:outsourcer}が[直接]{ちょくせつ:directly}[指揮]{しき:command}[命令]{めいれい:order}すると[実態]{じったい:reality}は[労働]{ろうどう:labor}[者]{しゃ:worker}[派遣]{はけん:dispatch}と[変]{か:change}わらず、「[偽装]{ぎそう:disguised}[請負]{うけおい:contracting}」に[該当]{がいとう:applicable}する[恐]{おそ:fear}れがあり、[労働]{ろうどう:labor}[者]{しゃ:worker}[派遣法]{はけんほう:Dispatch Act}[違反]{いはん:violation}となる。",[302,492],"gisou-ukeoi",{"id":494,"articleId":6,"question":495,"options":498,"correctLabel":216,"explanation":511,"tags":514},"kjh-k2-h02-q13",{"en":496,"jp":497},"Which is the correct deadline (in principle) for submitting the \"definitive report\" (kakuhou) under the amended Personal Information Protection Act after a leak?","[改正]{かいせい:amended}[個人]{こじん:personal}[情報]{じょうほう:information}[保護法]{ほごほう:Protection Act}における[漏]{ろう:leak}えい[時]{じ:time}の「[確報]{かくほう:definitive report}」の[提出]{ていしゅつ:submission}[期限]{きげん:deadline}（[原則]{げんそく:in principle}）として[正]{ただ:correct}しいものはどれか。",[499,502,505,508],{"label":212,"jp":500,"en":501},"[発見]{はっけん:discovery}から3〜5[日]{にち:days}[以内]{いない:within}","Within 3-5 days of discovery",{"label":216,"jp":503,"en":504},"[発見]{はっけん:discovery}から30[日]{にち:days}[以内]{いない:within}","Within 30 days of discovery",{"label":220,"jp":506,"en":507},"[発見]{はっけん:discovery}から60[日]{にち:days}[以内]{いない:within}","Within 60 days of discovery",{"label":224,"jp":509,"en":510},"[発見]{はっけん:discovery}から90[日]{にち:days}[以内]{いない:within}","Within 90 days of discovery",{"en":512,"jp":513},"Reporting to the PPC after a leak is in two stages: preliminary report = within 3-5 days of discovery (outline), definitive report = within 30 days (including cause and recurrence prevention measures). However, for leaks with unauthorized purposes, the deadline is extended to within 60 days.","[漏]{ろう:leak}えい[時]{じ:time}のPPCへの[報告]{ほうこく:report}は2[段階]{だんかい:stages}：[速報]{そくほう:preliminary report}＝[発見]{はっけん:discovery}から3〜5[日]{にち:days}[以内]{いない:within}（[概要]{がいよう:outline}）、[確報]{かくほう:definitive report}＝30[日]{にち:days}[以内]{いない:within}（[原因]{げんいん:cause}・[再発]{さいはつ:recurrence}[防止]{ぼうし:prevention}[策]{さく:measures}まで[含]{ふく:include}む）。ただし[不正]{ふせい:unauthorized}な[目的]{もくてき:purpose}による[漏]{ろう:leak}えいは60[日]{にち:days}[以内]{いない:within}と[期限]{きげん:deadline}が[延長]{えんちょう:extended}される。",[372,515],"kakuhou"]