[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"article:anzen-kanri":3},{"meta":4,"markdown":390,"quiz":391},{"type":5,"articleId":6,"slug":7,"title":8,"titleEn":9,"category":10,"order":11,"seriesLabel":12,"summary":13,"publishedAt":14,"image":15,"tags":16,"vocabulary":20,"quizId":387,"source":388},"article","kjh-k1-h04-anzen-kanri","anzen-kanri","課題Ⅰ 第４編① 個人データに関する義務 ― 正確性の確保・安全管理措置・漏えい報告","Obligations Regarding Personal Data — Accuracy, Safety Management Measures, and Breach Reporting","kojin-joho-hogo\u002Fkadai-1",1041,"課題Ⅰ 第４編①","Self-contained study article covering Articles 22-26 of Japan's APPI: data accuracy (best-effort), the six categories of safety management measures (guideline 10-1 through 10-6), employee supervision, outsourcing supervision, and the 2022-amended mandatory breach reporting system.","2026-04-26T00:00:00Z","https:\u002F\u002Fimages.yamiyomi.com\u002Fkjh-k1-h04-anzen-kanri.png",[17,18,19],"exam:個人情報保護士","topic:安全管理措置","topic:漏えい報告",[21,26,30,34,38,42,46,50,55,59,63,67,71,75,79,83,87,91,95,99,103,107,111,115,119,123,127,131,135,139,143,147,151,155,159,163,167,171,175,179,183,187,191,195,199,203,207,211,215,219,223,227,231,235,239,243,247,251,255,259,263,267,271,275,279,283,287,291,295,299,303,307,311,315,319,323,327,331,335,339,343,347,351,355,359,363,367,371,375,379,383],{"word":22,"reading":23,"meaning":24,"level":25},"取扱","とりあつかい","handling","N2",{"word":27,"reading":28,"meaning":29,"level":25},"事業者","じぎょうしゃ","business operator",{"word":31,"reading":32,"meaning":33,"level":25},"達成","たっせい","achievement",{"word":35,"reading":36,"meaning":37,"level":25},"範囲","はんい","scope, range",{"word":39,"reading":40,"meaning":41,"level":25},"正確","せいかく","accurate",{"word":43,"reading":44,"meaning":45,"level":25},"最新","さいしん","latest, up-to-date",{"word":47,"reading":48,"meaning":49,"level":25},"保つ","たもつ","to maintain",{"word":51,"reading":52,"meaning":53,"level":54},"当該","とうがい","the relevant","N1",{"word":56,"reading":57,"meaning":58,"level":54},"遅滞","ちたい","delay",{"word":60,"reading":61,"meaning":62,"level":54},"消去","しょうきょ","deletion, erasure",{"word":64,"reading":65,"meaning":66,"level":25},"義務","ぎむ","obligation, duty",{"word":68,"reading":69,"meaning":70,"level":25},"違反","いはん","violation",{"word":72,"reading":73,"meaning":74,"level":54},"罰則","ばっそく","penalty",{"word":76,"reading":77,"meaning":78,"level":54},"措置","そち","measure",{"word":80,"reading":81,"meaning":82,"level":54},"講じる","こうじる","to take (measures)",{"word":84,"reading":85,"meaning":86,"level":54},"類型","るいけい","type, category",{"word":88,"reading":89,"meaning":90,"level":25},"分類","ぶんるい","classification",{"word":92,"reading":93,"meaning":94,"level":25},"組織的","そしきてき","organizational",{"word":96,"reading":97,"meaning":98,"level":54},"人的","じんてき","human, personnel-related",{"word":100,"reading":101,"meaning":102,"level":25},"物理的","ぶつりてき","physical",{"word":104,"reading":105,"meaning":106,"level":25},"技術的","ぎじゅつてき","technical",{"word":108,"reading":109,"meaning":110,"level":25},"体制","たいせい","structure, system",{"word":112,"reading":113,"meaning":114,"level":25},"整備","せいび","maintenance, development",{"word":116,"reading":117,"meaning":118,"level":54},"規程","きてい","rules, regulations",{"word":120,"reading":121,"meaning":122,"level":54},"策定","さくてい","formulation",{"word":124,"reading":125,"meaning":126,"level":25},"点検","てんけん","inspection",{"word":128,"reading":129,"meaning":130,"level":25},"従業者","じゅうぎょうしゃ","employee, worker",{"word":132,"reading":133,"meaning":134,"level":25},"訓練","くんれん","training",{"word":136,"reading":137,"meaning":138,"level":25},"秘密","ひみつ","secrecy, confidentiality",{"word":140,"reading":141,"meaning":142,"level":54},"保持","ほじ","retention, maintaining",{"word":144,"reading":145,"meaning":146,"level":25},"就業","しゅうぎょう","employment",{"word":148,"reading":149,"meaning":150,"level":54},"盛り込む","もりこむ","to include, incorporate",{"word":152,"reading":153,"meaning":154,"level":25},"区域","くいき","area, zone",{"word":156,"reading":157,"meaning":158,"level":25},"機器","きき","equipment, devices",{"word":160,"reading":161,"meaning":162,"level":54},"媒体","ばいたい","media",{"word":164,"reading":165,"meaning":166,"level":25},"盗難","とうなん","theft",{"word":168,"reading":169,"meaning":170,"level":25},"防止","ぼうし","prevention",{"word":172,"reading":173,"meaning":174,"level":54},"制御","せいぎょ","control",{"word":176,"reading":177,"meaning":178,"level":25},"監視","かんし","monitoring",{"word":180,"reading":181,"meaning":182,"level":25},"対策","たいさく","countermeasure",{"word":184,"reading":185,"meaning":186,"level":25},"監督","かんとく","supervision",{"word":188,"reading":189,"meaning":190,"level":25},"派遣","はけん","dispatch, temporary",{"word":192,"reading":193,"meaning":194,"level":54},"取締役","とりしまりやく","director, board member",{"word":196,"reading":197,"meaning":198,"level":54},"委託","いたく","outsourcing, entrustment",{"word":200,"reading":201,"meaning":202,"level":54},"明記","めいき","to clearly state",{"word":204,"reading":205,"meaning":206,"level":25},"定期的","ていきてき","periodically",{"word":208,"reading":209,"meaning":210,"level":54},"漏えい","ろうえい","leakage, data breach",{"word":212,"reading":213,"meaning":214,"level":54},"要配慮","ようはいりょ","requiring special care",{"word":216,"reading":217,"meaning":218,"level":54},"財産的","ざいさんてき","financial, property-related",{"word":220,"reading":221,"meaning":222,"level":25},"被害","ひがい","damage",{"word":224,"reading":225,"meaning":226,"level":54},"速報","そくほう","preliminary report",{"word":228,"reading":229,"meaning":230,"level":54},"確報","かくほう","detailed report",{"word":232,"reading":233,"meaning":234,"level":25},"提出","ていしゅつ","submission",{"word":236,"reading":237,"meaning":238,"level":25},"通知","つうち","notification",{"word":240,"reading":241,"meaning":242,"level":54},"代替","だいたい","alternative",{"word":244,"reading":245,"meaning":246,"level":25},"保護","ほご","protection",{"word":248,"reading":249,"meaning":250,"level":25},"委員会","いいんかい","commission, committee",{"word":252,"reading":253,"meaning":254,"level":54},"勧告","かんこく","recommendation",{"word":256,"reading":257,"meaning":258,"level":25},"命令","めいれい","order, command",{"word":260,"reading":261,"meaning":262,"level":54},"滅失","めっしつ","loss, destruction",{"word":264,"reading":265,"meaning":266,"level":54},"毀損","きそん","damage, impairment",{"word":268,"reading":269,"meaning":270,"level":25},"改正","かいせい","amendment, revision",{"word":272,"reading":273,"meaning":274,"level":54},"格上げ","かくあげ","upgrade, elevation",{"word":276,"reading":277,"meaning":278,"level":54},"選定","せんてい","selection",{"word":280,"reading":281,"meaning":282,"level":54},"締結","ていけつ","conclusion, execution",{"word":284,"reading":285,"meaning":286,"level":54},"再委託","さいいたく","sub-outsourcing",{"word":288,"reading":289,"meaning":290,"level":54},"許諾","きょだく","permission, approval",{"word":292,"reading":293,"meaning":294,"level":54},"帰属","きぞく","attribution, belonging",{"word":296,"reading":297,"meaning":298,"level":54},"監査","かんさ","audit",{"word":300,"reading":301,"meaning":302,"level":54},"徴求","ちょうきゅう","demanding, requesting",{"word":304,"reading":305,"meaning":306,"level":54},"施錠","せじょう","locking",{"word":308,"reading":309,"meaning":310,"level":25},"暗号化","あんごうか","encryption",{"word":312,"reading":313,"meaning":314,"level":25},"廃棄","はいき","disposal",{"word":316,"reading":317,"meaning":318,"level":54},"復元","ふくげん","restoration",{"word":320,"reading":321,"meaning":322,"level":54},"識別","しきべつ","identification",{"word":324,"reading":325,"meaning":326,"level":54},"認証","にんしょう","authentication",{"word":328,"reading":329,"meaning":330,"level":25},"侵入","しんにゅう","intrusion",{"word":332,"reading":333,"meaning":334,"level":54},"検知","けんち","detection",{"word":336,"reading":337,"meaning":338,"level":25},"導入","どうにゅう","introduction, installation",{"word":340,"reading":341,"meaning":342,"level":25},"公表","こうひょう","public announcement",{"word":344,"reading":345,"meaning":346,"level":54},"連鎖","れんさ","chain",{"word":348,"reading":349,"meaning":350,"level":54},"消滅","しょうめつ","extinction, disappearance",{"word":352,"reading":353,"meaning":354,"level":54},"拘束力","こうそくりょく","binding force",{"word":356,"reading":357,"meaning":358,"level":54},"遵守","じゅんしゅ","compliance",{"word":360,"reading":361,"meaning":362,"level":25},"苦情","くじょう","complaint",{"word":364,"reading":365,"meaning":366,"level":25},"規律","きりつ","discipline, rules",{"word":368,"reading":369,"meaning":370,"level":25},"研修","けんしゅう","training, workshop",{"word":372,"reading":373,"meaning":374,"level":54},"留意","りゅうい","attention, heed",{"word":376,"reading":377,"meaning":378,"level":54},"入退室","にゅうたいしつ","entry and exit",{"word":380,"reading":381,"meaning":382,"level":54},"執行役員","しっこうやくいん","executive officer",{"word":384,"reading":385,"meaning":386,"level":54},"監査役","かんさやく","auditor","kjh-k1-h04-quiz",{"name":389},"個人情報保護士試験対策","\n::para\n[個人情報]{こじんじょうほう:personal information:N2}[取扱]{とりあつかい:handling:N1}[事業者]{じぎょうしゃ:business operator:N4}は、[利用]{りよう:use:N3}[目的]{もくてき:purpose:N4}の[達成]{たっせい:achievement:N3}に[必要]{ひつよう:necessary:N3}な[範囲]{はんい:scope, range:N1}[内]{ない:within:N3}において、[個人]{こじん:individual:N2}データを[正確]{せいかく:accurate:N3}かつ[最新]{さいしん:latest, up-to-date:N3}の[内容]{ないよう:content:N3}に[保つ]{たもつ:to maintain:N1}よう[努め]{つとめ:to endeavor:N3}なければならない（[法]{ほう:law:N3}22[条]{じょう:article:N1}[前段]{ぜんだん:first part:N3}）。ここで[重要]{じゅうよう:important:N3}なのは、「[努め]{つとめ:to endeavor:N3}なければならない」という[表現]{ひょうげん:expression:N3}であり、これは[努力]{どりょく:effort:N3}[義務]{ぎむ:obligation:N1}を[意味]{いみ:meaning:N4}する。[努力]{どりょく:effort:N3}[義務]{ぎむ:obligation:N1}とは、[違反]{いはん:violation:N3}しても[直]{ただ:direct:N3}ちに[罰則]{ばっそく:penalty:N1}の[対象]{たいしょう:subject, target:N2}にはならないが、[適切]{てきせつ:appropriate:N3}な[対応]{たいおう:response:N1}が[求め]{もとめ:to require:N3}られるという[性質]{せいしつ:nature:N3}の[義務]{ぎむ:obligation:N1}である。\n\n#en\nA business operator handling personal information must endeavor to keep personal data accurate and up-to-date within the scope necessary to achieve the purpose of use (Article 22, first part). The key point here is the expression \"must endeavor\" — this signifies a best-effort obligation. A best-effort obligation means that a violation does not directly result in penalties, but appropriate action is nonetheless required.\n::\n\n::heading\n[法]{ほう:law:N3}22[条]{じょう:article:N1}：データ[内容]{ないよう:content:N3}の[正確性]{せいかくせい:accuracy:N3}の[確保]{かくほ:assurance:N1}[等]{とう:etc.:N3}\n\n#en\nArticle 22: Ensuring Accuracy of Data Content\n::\n\n::para\nさらに[法]{ほう:law:N3}22[条]{じょう:article:N1}[後段]{こうだん:latter part:N3}では、[利用]{りよう:use:N3}する[必要]{ひつよう:necessity:N3}がなくなった[個人]{こじん:individual:N2}データについて、[遅滞]{ちたい:delay:N1}なく[消去]{しょうきょ:deletion, erasure:N3}するよう[努め]{つとめ:to endeavor:N3}なければならないと[規定]{きてい:provision:N3}している。[注意]{ちゅうい:attention:N4}すべきは、[消去]{しょうきょ:deletion:N3}もまた[努力]{どりょく:effort:N3}[義務]{ぎむ:obligation:N1}であるという[点]{てん:point:N3}である。ガイドラインでは、「[努める]{つとめる:to endeavor:N3}」という[文言]{もんごん:wording:N4}は[法的]{ほうてき:legal:N3}[拘束力]{こうそくりょく:binding force:N1}のある[絶対的]{ぜったいてき:absolute:N3}[義務]{ぎむ:obligation:N1}ではなく、[合理的]{ごうりてき:rational, reasonable:N3}な[範囲]{はんい:scope:N1}で[対応]{たいおう:response:N1}すべきものとされている。なお、[他]{ほか:other:N3}の[法令]{ほうれい:laws and regulations:N2}で[保存]{ほぞん:storage:N1}[期間]{きかん:period:N3}が[定め]{さだめ:to establish:N3}られている[場合]{ばあい:case:N3}は、その[期間]{きかん:period:N3}[中]{ちゅう:during:N5}は[消去]{しょうきょ:deletion:N3}[義務]{ぎむ:obligation:N1}は[発生]{はっせい:occurrence:N4}しない。\n\n#en\nFurthermore, Article 22 (latter part) stipulates that personal data that is no longer needed must be deleted without delay on a best-effort basis. Note that deletion is also a best-effort obligation. The guidelines clarify that the wording \"must endeavor\" is not an absolute legally binding obligation, but rather requires reasonable action within a rational scope. If other laws prescribe a retention period, the deletion obligation does not arise during that period.\n::\n\n::callout\n[試験]{しけん:exam:N4}のポイント：[法]{ほう:law:N3}22[条]{じょう:article:N1}の[正確性]{せいかくせい:accuracy:N3}[確保]{かくほ:assurance:N1}と[消去]{しょうきょ:deletion:N3}はいずれも「[努力]{どりょく:effort:N3}[義務]{ぎむ:obligation:N1}」である。[法]{ほう:law:N3}23[条]{じょう:article:N1}の[安全]{あんぜん:safety:N3}[管理]{かんり:management:N2}[措置]{そち:measure:N1}は「[義務]{ぎむ:obligation:N1}」であるため、この[違い]{ちがい:difference:N3}を[問]{と:to ask:N4}う[問題]{もんだい:question:N4}が[頻出]{ひんしゅつ:frequently appearing:N1}する。「[努め]{つとめ:to endeavor:N3}なければならない」＝[努力]{どりょく:effort:N3}[義務]{ぎむ:obligation:N1}、「[講じ]{こうじ:to take (measures):N2}なければならない」＝[法的]{ほうてき:legal:N3}[義務]{ぎむ:obligation:N1}。\n\n#en\nExam point: Both the accuracy requirement and the deletion requirement under Article 22 are \"best-effort obligations.\" Article 23's safety management measures are a \"legal obligation\" — questions testing this distinction appear frequently. \"Must endeavor\" = best-effort obligation; \"must take measures\" = legal obligation.\n::\n\n::heading\n[法]{ほう:law:N3}23[条]{じょう:article:N1}：[安全]{あんぜん:safety:N3}[管理]{かんり:management:N2}[措置]{そち:measure:N1}\n\n#en\nArticle 23: Safety Management Measures\n::\n\n::para\n[法]{ほう:law:N3}23[条]{じょう:article:N1}は、[個人情報]{こじんじょうほう:personal information:N2}[取扱]{とりあつかい:handling:N1}[事業者]{じぎょうしゃ:business operator:N4}に[対]{たい:against:N3}し、[個人]{こじん:individual:N2}データの[漏]{ろう:leak:N1}えい、[滅失]{めっしつ:loss, destruction:N1}または[毀損]{きそん:damage:N1}の[防止]{ぼうし:prevention:N2}その[他]{た:other:N3}の[安全]{あんぜん:safety:N3}[管理]{かんり:management:N2}のために、[必要]{ひつよう:necessary:N3}かつ[適切]{てきせつ:appropriate:N3}な[措置]{そち:measure:N1}を[講じ]{こうじ:to take (measures):N2}なければならないと[定]{さだ:to establish:N3}めている。[法]{ほう:law:N3}22[条]{じょう:article:N1}が[努力]{どりょく:effort:N3}[義務]{ぎむ:obligation:N1}であるのに[対]{たい:against:N3}し、[法]{ほう:law:N3}23[条]{じょう:article:N1}は[法的]{ほうてき:legal:N3}[義務]{ぎむ:obligation:N1}である。[違反]{いはん:violation:N3}した[場合]{ばあい:case:N3}には[個人情報]{こじんじょうほう:personal information:N2}[保護]{ほご:protection:N1}[委員会]{いいんかい:commission:N2}から[勧告]{かんこく:recommendation:N1}・[命令]{めいれい:order:N2}の[対象]{たいしょう:subject:N2}となりうる。\n\n#en\nArticle 23 stipulates that business operators handling personal information must take necessary and appropriate measures for safety management to prevent leakage, loss, or damage of personal data. Unlike Article 22 which is a best-effort obligation, Article 23 is a legal obligation. Violations may result in recommendations or orders from the Personal Information Protection Commission.\n::\n\n::heading\n10-1 [基本]{きほん:basic:N1}[方針]{ほうしん:policy:N2}の[策定]{さくてい:formulation:N1}・10-2 [規律]{きりつ:rules:N2}の[整備]{せいび:development:N1}\n\n#en\n10-1 Formulation of Basic Policy & 10-2 Development of Rules\n::\n\n::para\nガイドライン[通則]{つうそく:general rules:N2}[編]{へん:volume:N2}では、[安全]{あんぜん:safety:N3}[管理]{かんり:management:N2}[措置]{そち:measure:N1}の[具体的]{ぐたいてき:specific:N3}な[内容]{ないよう:content:N3}を10-1から10-6に[分]{わ:to divide:N5}けて[規定]{きてい:provision:N3}している。まず10-1として[基本]{きほん:basic:N1}[方針]{ほうしん:policy:N2}の[策定]{さくてい:formulation:N1}がある。これは[義務]{ぎむ:obligation:N1}ではないが、[個人]{こじん:individual:N2}データの[適正]{てきせい:proper:N3}な[取扱]{とりあつかい:handling:N1}いの[確保]{かくほ:assurance:N1}のため、[基本]{きほん:basic:N1}[方針]{ほうしん:policy:N2}を[策定]{さくてい:formulation:N1}することが[重要]{じゅうよう:important:N3}であるとされている。[基本]{きほん:basic:N1}[方針]{ほうしん:policy:N2}には、[事業者]{じぎょうしゃ:business operator:N4}の[名称]{めいしょう:name, title:N1}、[関係]{かんけい:related:N3}[法令]{ほうれい:laws:N2}の[遵守]{じゅんしゅ:compliance:N1}、[安全]{あんぜん:safety:N3}[管理]{かんり:management:N2}に[関]{かん:related:N3}する[事項]{じこう:matters:N1}、[苦情]{くじょう:complaint:N3}[処理]{しょり:handling:N3}の[窓口]{まどぐち:counter, contact point:N3}などを[含める]{ふくめる:to include:N2}ことが[望ましい]{のぞましい:desirable:N3}。\n\n#en\nThe General Rules Guidelines specify the concrete contents of safety management measures in sections 10-1 through 10-6. First, section 10-1 covers the formulation of a basic policy. While this is not mandatory, it is considered important for ensuring proper handling of personal data. A basic policy should desirably include the operator's name, compliance with related laws, matters regarding safety management, and a complaints handling contact point.\n::\n\n::para\n10-2では、[個人]{こじん:individual:N2}データの[取扱]{とりあつかい:handling:N1}いに[係]{かか:related:N3}る[規律]{きりつ:discipline, rules:N2}の[整備]{せいび:development:N1}が[求め]{もとめ:to require:N3}られる。[具体的]{ぐたいてき:specifically:N3}には、[取得]{しゅとく:acquisition:N3}、[利用]{りよう:use:N3}、[保存]{ほぞん:storage:N1}、[提供]{ていきょう:provision:N1}、[削除]{さくじょ:deletion:N1}・[廃棄]{はいき:disposal:N1}の[各]{かく:each:N2}[段階]{だんかい:stage:N2}における[取扱]{とりあつかい:handling:N1}[方法]{ほうほう:method:N3}、[責任者]{せきにんしゃ:person in charge:N3}・[担当者]{たんとうしゃ:person responsible:N2}、その[任務]{にんむ:duties:N3}などについて[規程]{きてい:rules, regulations:N3}を[整備]{せいび:development:N1}する[必要]{ひつよう:necessity:N3}がある。\n\n#en\nSection 10-2 requires the development of rules governing the handling of personal data. Specifically, it is necessary to develop regulations covering handling methods at each stage — acquisition, use, storage, provision, and deletion\u002Fdisposal — as well as the responsible persons, persons in charge, and their duties.\n::\n\n::heading\n10-3 [組織的]{そしきてき:organizational:N1}[安全]{あんぜん:safety:N3}[管理]{かんり:management:N2}[措置]{そち:measure:N1}\n\n#en\n10-3 Organizational Safety Management Measures\n::\n\n::para\n10-3は[組織的]{そしきてき:organizational:N1}[安全]{あんぜん:safety:N3}[管理]{かんり:management:N2}[措置]{そち:measure:N1}であり、5つの[項目]{こうもく:items:N1}から[構成]{こうせい:composition:N3}される。（a）[組織]{そしき:organization:N1}[体制]{たいせい:structure:N3}の[整備]{せいび:development:N1}として、[個人]{こじん:individual:N2}データの[取扱]{とりあつかい:handling:N1}いに[関]{かん:related:N3}する[責任者]{せきにんしゃ:person in charge:N3}の[設置]{せっち:establishment:N2}、[取扱]{とりあつかい:handling:N1}う[従業者]{じゅうぎょうしゃ:employee:N1}の[明確化]{めいかくか:clarification:N3}、[報告]{ほうこく:report:N3}[連絡]{れんらく:communication:N2}[体制]{たいせい:structure:N3}の[整備]{せいび:development:N1}などを[行]{おこな:to carry out:N5}う。（b）[規律]{きりつ:rules:N2}に[従]{したが:to follow:N1}った[運用]{うんよう:operation:N4}として、[個人]{こじん:individual:N2}データの[取扱]{とりあつかい:handling:N1}いの[記録]{きろく:record:N2}や[利用]{りよう:use:N3}[状況]{じょうきょう:situation:N2}の[記録]{きろく:record:N2}を[行]{おこな:to carry out:N5}う。\n\n#en\nSection 10-3 covers organizational safety management measures, consisting of five items. (a) Development of organizational structure: establishing a person responsible for personal data handling, clarifying which employees handle data, and developing reporting and communication systems. (b) Operation in accordance with rules: recording the handling of personal data and logging usage status.\n::\n\n::para\n（c）[取扱]{とりあつかい:handling:N1}[状況]{じょうきょう:situation:N2}を[確認]{かくにん:confirmation:N3}する[手段]{しゅだん:means:N3}の[整備]{せいび:development:N1}として、[個人]{こじん:individual:N2}データの[取扱]{とりあつかい:handling:N1}[状況]{じょうきょう:situation:N2}を[一覧]{いちらん:list, overview:N1}できる[手段]{しゅだん:means:N3}を[整備]{せいび:development:N1}する。（d）[漏]{ろう:leak:N1}えい[等]{とう:etc.:N3}[事案]{じあん:incident:N1}に[対応]{たいおう:response:N1}する[体制]{たいせい:structure:N3}の[整備]{せいび:development:N1}として、[漏]{ろう:leak:N1}えい[等]{とう:etc.:N3}が[発生]{はっせい:occurrence:N4}した[場合]{ばあい:case:N3}の[対応]{たいおう:response:N1}[手順]{てじゅん:procedure:N2}をあらかじめ[定]{さだ:to establish:N3}める。（e）[取扱]{とりあつかい:handling:N1}[状況]{じょうきょう:situation:N2}の[把握]{はあく:grasp, understanding:N1}および[安全]{あんぜん:safety:N3}[管理]{かんり:management:N2}[措置]{そち:measure:N1}の[見直し]{みなおし:review:N3}として、[定期的]{ていきてき:periodically:N3}に[安全]{あんぜん:safety:N3}[管理]{かんり:management:N2}[措置]{そち:measure:N1}を[評価]{ひょうか:evaluation:N1}し、[必要]{ひつよう:necessary:N3}に[応じ]{おうじ:in response:N1}て[改善]{かいぜん:improvement:N1}する。\n\n#en\n(c) Development of means to verify handling status: developing means to provide an overview of personal data handling status. (d) Development of a system to respond to breach incidents: establishing response procedures in advance in case of leakage. (e) Monitoring handling status and reviewing safety management measures: periodically evaluating safety management measures and improving them as necessary.\n::\n\n::heading\n10-4 [人的]{じんてき:human:N4}[安全]{あんぜん:safety:N3}[管理]{かんり:management:N2}[措置]{そち:measure:N1}\n\n#en\n10-4 Human Safety Management Measures\n::\n\n::para\n10-4は[人的]{じんてき:human, personnel-related:N4}[安全]{あんぜん:safety:N3}[管理]{かんり:management:N2}[措置]{そち:measure:N1}である。[主]{おも:main:N4}な[内容]{ないよう:content:N3}は[従業者]{じゅうぎょうしゃ:employee:N1}に[対]{たい:toward:N3}する[教育]{きょういく:education:N3}の[実施]{じっし:implementation:N1}である。[個人]{こじん:individual:N2}データの[適正]{てきせい:proper:N3}な[取扱]{とりあつかい:handling:N1}いに[関]{かん:related:N3}する[留意]{りゅうい:attention, heed:N3}[事項]{じこう:matters:N1}について、[従業者]{じゅうぎょうしゃ:employee:N1}に[定期的]{ていきてき:periodically:N3}な[研修]{けんしゅう:training, workshop:N1}や[教育]{きょういく:education:N3}を[実施]{じっし:implementation:N1}しなければならない。また、[秘密]{ひみつ:secrecy:N1}[保持]{ほじ:retention:N1}に[関]{かん:related:N3}する[事項]{じこう:matters:N1}を[就業]{しゅうぎょう:employment:N1}[規則]{きそく:rules:N2}に[盛り込む]{もりこむ:to include, incorporate:N1}ことも[含]{ふく:to include:N2}まれる。\n\n#en\nSection 10-4 covers human safety management measures. The main content is providing education to employees. Regular training and education regarding points to be mindful of in the proper handling of personal data must be carried out. This also includes incorporating confidentiality provisions into employment regulations.\n::\n\n::heading\n10-5 [物理的]{ぶつりてき:physical:N4}[安全]{あんぜん:safety:N3}[管理]{かんり:management:N2}[措置]{そち:measure:N1}\n\n#en\n10-5 Physical Safety Management Measures\n::\n\n::para\n10-5は[物理的]{ぶつりてき:physical:N4}[安全]{あんぜん:safety:N3}[管理]{かんり:management:N2}[措置]{そち:measure:N1}である。（a）[個人]{こじん:individual:N2}データを[取]{と:to handle:N3}り[扱]{あつか:to handle:N1}う[区域]{くいき:area, zone:N2}の[管理]{かんり:management:N2}：[取扱]{とりあつかい:handling:N1}[区域]{くいき:area:N2}への[入退室]{にゅうたいしつ:entry and exit:N3}[管理]{かんり:management:N2}、[権限]{けんげん:authority:N3}のない[者]{もの:person:N4}の[立]{た:to stand:N4}ち[入り]{いり:entry:N5}[制限]{せいげん:restriction:N3}などを[行]{おこな:to carry out:N5}う。（b）[機器]{きき:equipment:N1}および[電子]{でんし:electronic:N5}[媒体]{ばいたい:media:N1}[等]{とう:etc.:N3}の[盗難]{とうなん:theft:N3}[等]{とう:etc.:N3}の[防止]{ぼうし:prevention:N2}：[個人]{こじん:individual:N2}データを[取]{と:to handle:N3}り[扱]{あつか:to handle:N1}う[機器]{きき:equipment:N1}、[電子]{でんし:electronic:N5}[媒体]{ばいたい:media:N1}[等]{とう:etc.:N3}を[施錠]{せじょう:locking:N1}できる[場所]{ばしょ:place:N3}に[保管]{ほかん:storage:N1}する。\n\n#en\nSection 10-5 covers physical safety management measures. (a) Management of areas where personal data is handled: managing entry and exit to handling areas and restricting access by unauthorized persons. (b) Prevention of theft of equipment and electronic media: storing equipment and electronic media that handle personal data in lockable locations.\n::\n\n::para\n（c）[電子]{でんし:electronic:N5}[媒体]{ばいたい:media:N1}[等]{とう:etc.:N3}を[持ち運ぶ]{もちはこぶ:to carry, transport:N4}[場合]{ばあい:case:N3}の[漏]{ろう:leak:N1}えい[等]{とう:etc.:N3}の[防止]{ぼうし:prevention:N2}：[暗号化]{あんごうか:encryption:N3}、パスワード[設定]{せってい:setting:N2}などにより[移送]{いそう:transport:N2}[中]{ちゅう:during:N5}の[安全]{あんぜん:safety:N3}を[確保]{かくほ:to assure:N1}する。（d）[個人]{こじん:individual:N2}データの[削除]{さくじょ:deletion:N1}および[機器]{きき:equipment:N1}、[電子]{でんし:electronic:N5}[媒体]{ばいたい:media:N1}[等]{とう:etc.:N3}の[廃棄]{はいき:disposal:N1}：[個人]{こじん:individual:N2}データが[記録]{きろく:record:N2}された[機器]{きき:equipment:N1}や[媒体]{ばいたい:media:N1}を[廃棄]{はいき:disposal:N1}する[場合]{ばあい:case:N3}は、[復元]{ふくげん:restoration:N2}[不可能]{ふかのう:impossible:N3}な[手段]{しゅだん:means:N3}で[削除]{さくじょ:deletion:N1}・[廃棄]{はいき:disposal:N1}しなければならない。\n\n#en\n(c) Prevention of leakage when transporting electronic media: ensuring safety during transport through encryption, password protection, etc. (d) Deletion of personal data and disposal of equipment\u002Felectronic media: when disposing of equipment or media containing personal data, it must be deleted\u002Fdisposed of using methods that make restoration impossible.\n::\n\n::heading\n10-6 [技術的]{ぎじゅつてき:technical:N2}[安全]{あんぜん:safety:N3}[管理]{かんり:management:N2}[措置]{そち:measure:N1}\n\n#en\n10-6 Technical Safety Management Measures\n::\n\n::para\n10-6は[技術的]{ぎじゅつてき:technical:N2}[安全]{あんぜん:safety:N3}[管理]{かんり:management:N2}[措置]{そち:measure:N1}である。（a）アクセス[制御]{せいぎょ:control:N3}：[担当者]{たんとうしゃ:person responsible:N2}および[取]{と:to handle:N3}り[扱]{あつか:to handle:N1}う[個人]{こじん:individual:N2}[情報]{じょうほう:information:N3}データベース[等]{とう:etc.:N3}の[範囲]{はんい:scope:N1}を[限定]{げんてい:limitation:N3}する。（b）アクセス[者]{しゃ:person:N4}の[識別]{しきべつ:identification:N3}と[認証]{にんしょう:authentication:N1}：ID・パスワード、[生体]{せいたい:biometric:N4}[認証]{にんしょう:authentication:N1}等により[正当]{せいとう:legitimate:N3}な[利用者]{りようしゃ:user:N3}であることを[確認]{かくにん:confirmation:N3}する。（c）[外部]{がいぶ:external:N3}からの[不正]{ふせい:unauthorized:N4}アクセス[等]{とう:etc.:N3}の[防止]{ぼうし:prevention:N2}：ファイアウォール、[侵入]{しんにゅう:intrusion:N1}[検知]{けんち:detection:N1}システム[等]{とう:etc.:N3}を[導入]{どうにゅう:introduction, installation:N2}する。（d）[情報]{じょうほう:information:N3}システムの[使用]{しよう:use:N4}に[伴]{ともな:to accompany:N1}う[漏]{ろう:leak:N1}えい[等]{とう:etc.:N3}の[防止]{ぼうし:prevention:N2}：メール[送信]{そうしん:transmission:N3}[時]{じ:at the time of:N5}の[暗号化]{あんごうか:encryption:N3}や[添付]{てんぷ:attachment:N1}ファイルの[保護]{ほご:protection:N1}を[行]{おこな:to carry out:N5}う。\n\n#en\nSection 10-6 covers technical safety management measures. (a) Access control: limiting the scope of persons in charge and the personal information databases they may access. (b) Identification and authentication of access users: confirming legitimate users through IDs\u002Fpasswords, biometric authentication, etc. (c) Prevention of unauthorized external access: installing firewalls, intrusion detection systems, etc. (d) Prevention of leakage associated with information system use: encrypting emails and protecting file attachments.\n::\n\n::callout\n[試験]{しけん:exam:N4}のポイント：[中小]{ちゅうしょう:small and medium:N5}[規模]{きぼ:scale:N1}[事業者]{じぎょうしゃ:business operator:N4}（[従業員]{じゅうぎょういん:employee:N1}100[人]{にん:people:N5}[以下]{いか:or fewer:N4}）に[対]{たい:toward:N3}しては、ガイドラインで[安全]{あんぜん:safety:N3}[管理]{かんり:management:N2}[措置]{そち:measure:N1}の[軽減]{けいげん:reduction, alleviation:N2}[措置]{そち:measure:N1}が[認め]{みとめ:to permit:N3}られている。[例]{たと:for example:N3}えば、[組織的]{そしきてき:organizational:N1}[安全]{あんぜん:safety:N3}[管理]{かんり:management:N2}[措置]{そち:measure:N1}では[代表者]{だいひょうしゃ:representative:N3}が[責任者]{せきにんしゃ:person in charge:N3}を[兼ねる]{かねる:to serve concurrently:N1}ことが[許容]{きょよう:allowance:N3}される。[物理的]{ぶつりてき:physical:N4}[安全]{あんぜん:safety:N3}[管理]{かんり:management:N2}[措置]{そち:measure:N1}では[専用]{せんよう:dedicated, exclusive:N2}の[管理]{かんり:management:N2}[区域]{くいき:area:N2}の[設置]{せっち:establishment:N2}が[困難]{こんなん:difficult:N3}な[場合]{ばあい:case:N3}、[書類]{しょるい:documents:N3}の[施錠]{せじょう:locking:N1}[管理]{かんり:management:N2}で[代替]{だいたい:alternative:N2}できる。[試験]{しけん:exam:N4}では、[中小]{ちゅうしょう:small and medium:N5}[規模]{きぼ:scale:N1}[事業者]{じぎょうしゃ:business operator:N4}に[特有]{とくゆう:unique:N4}の[軽減]{けいげん:reduction:N2}[措置]{そち:measure:N1}が[問]{と:to ask:N4}われることがある。\n\n#en\nExam point: For small-to-medium-scale business operators (100 or fewer employees), the guidelines permit simplified safety management measures. For example, in organizational measures the representative may concurrently serve as the responsible person. In physical measures, if establishing a dedicated management area is difficult, locked document storage may serve as an alternative. The exam may test simplified measures specific to small-to-medium operators.\n::\n\n::heading\n[法]{ほう:law:N3}24[条]{じょう:article:N1}：[従業者]{じゅうぎょうしゃ:employee:N1}の[監督]{かんとく:supervision:N1}\n\n#en\nArticle 24: Employee Supervision\n::\n\n::para\n[法]{ほう:law:N3}24[条]{じょう:article:N1}は、[個人情報]{こじんじょうほう:personal information:N2}[取扱]{とりあつかい:handling:N1}[事業者]{じぎょうしゃ:business operator:N4}に[対]{たい:against:N3}し、[従業者]{じゅうぎょうしゃ:employee:N1}に[個人]{こじん:individual:N2}データを[取]{と:to handle:N3}り[扱]{あつか:to handle:N1}わせるにあたり、[安全]{あんぜん:safety:N3}[管理]{かんり:management:N2}が[図]{はか:to plan:N4}られるよう[必要]{ひつよう:necessary:N3}かつ[適切]{てきせつ:appropriate:N3}な[監督]{かんとく:supervision:N1}を[行]{おこな:to carry out:N5}う[義務]{ぎむ:obligation:N1}を[課]{か:to impose:N2}している。ここで「[従業者]{じゅうぎょうしゃ:employee:N1}」とは、[正]{せい:regular:N4}[社員]{しゃいん:company employee:N4}のみならず、[契約]{けいやく:contract:N1}[社員]{しゃいん:employee:N4}、パート、アルバイト、[派遣]{はけん:dispatch, temporary:N1}[社員]{しゃいん:employee:N4}、[取締役]{とりしまりやく:director:N1}、[執行]{しっこう:execution:N1}[役員]{やくいん:officer:N3}、[監査役]{かんさやく:auditor:N1}なども[含]{ふく:to include:N2}む[広い]{ひろい:broad:N4}[概念]{がいねん:concept:N1}である。\n\n#en\nArticle 24 imposes on business operators handling personal information the obligation to carry out necessary and appropriate supervision so that safety management is ensured when having employees handle personal data. Here, \"employee\" is a broad concept that includes not only regular employees but also contract workers, part-timers, temporary staff, dispatched employees, directors, executive officers, and auditors.\n::\n\n::para\n[従業者]{じゅうぎょうしゃ:employee:N1}が[個人]{こじん:individual:N2}データを[漏]{ろう:leak:N1}えいさせた[場合]{ばあい:case:N3}、[事業者]{じぎょうしゃ:business operator:N4}が[監督]{かんとく:supervision:N1}[義務]{ぎむ:obligation:N1}を[果]{は:to fulfill:N3}たしていなければ、その[責任]{せきにん:responsibility:N3}は[事業者]{じぎょうしゃ:business operator:N4}に[帰属]{きぞく:attribution, belonging:N1}する。[具体的]{ぐたいてき:specific:N3}な[監督]{かんとく:supervision:N1}[措置]{そち:measure:N1}としては、[秘密]{ひみつ:secrecy:N1}[保持]{ほじ:retention:N1}[契約]{けいやく:contract:N1}（NDA）の[締結]{ていけつ:conclusion, execution:N1}、[定期的]{ていきてき:periodic:N3}な[研修]{けんしゅう:training:N1}の[実施]{じっし:implementation:N1}、アクセス[権限]{けんげん:authority:N3}の[適切]{てきせつ:appropriate:N3}な[設定]{せってい:setting:N2}・[管理]{かんり:management:N2}などが[挙げ]{あげ:to cite:N1}られる。[退職]{たいしょく:retirement, resignation:N3}[時]{じ:at the time of:N5}においても[秘密]{ひみつ:secrecy:N1}[保持]{ほじ:retention:N1}[義務]{ぎむ:obligation:N1}を[課す]{かす:to impose:N2}ことが[望ましい]{のぞましい:desirable:N3}とされている。\n\n#en\nIf an employee leaks personal data and the business operator has not fulfilled their supervisory obligation, responsibility is attributed to the business operator. Specific supervisory measures include executing non-disclosure agreements (NDAs), conducting periodic training, and appropriately setting and managing access permissions. It is also considered desirable to impose confidentiality obligations even upon resignation or retirement.\n::\n\n::callout\n[試験]{しけん:exam:N4}のポイント：「[従業者]{じゅうぎょうしゃ:employee:N1}」の[範囲]{はんい:scope:N1}は[一般的]{いっぱんてき:general:N2}な「[社員]{しゃいん:employee:N4}」より[広い]{ひろい:broad:N4}。[派遣]{はけん:dispatch:N1}[社員]{しゃいん:employee:N4}や[取締役]{とりしまりやく:director:N1}も[含]{ふく:to include:N2}まれる[点]{てん:point:N3}が[試験]{しけん:exam:N4}で[問]{と:to ask:N4}われやすい。また、[従業者]{じゅうぎょうしゃ:employee:N1}の[行為]{こうい:act:N1}による[漏]{ろう:leak:N1}えいは[事業者]{じぎょうしゃ:business operator:N4}の[責任]{せきにん:responsibility:N3}となることも[重要]{じゅうよう:important:N3}。\n\n#en\nExam point: The scope of \"employee\" is broader than the common sense of \"company employee.\" The fact that dispatched workers and directors are included is frequently tested. Also important: a breach caused by an employee's actions is the business operator's responsibility.\n::\n\n::heading\n[法]{ほう:law:N3}25[条]{じょう:article:N1}：[委託]{いたく:outsourcing:N1}[先]{さき:party:N5}の[監督]{かんとく:supervision:N1}\n\n#en\nArticle 25: Outsourcing Supervision\n::\n\n::para\n[法]{ほう:law:N3}25[条]{じょう:article:N1}は、[個人]{こじん:individual:N2}データの[取扱]{とりあつかい:handling:N1}いの[全部]{ぜんぶ:entirety:N3}または[一部]{いちぶ:part:N3}を[委託]{いたく:outsourcing, entrustment:N1}する[場合]{ばあい:case:N3}、[委託]{いたく:outsourcing:N1}[先]{さき:destination, party:N5}に[対]{たい:toward:N3}し[必要]{ひつよう:necessary:N3}かつ[適切]{てきせつ:appropriate:N3}な[監督]{かんとく:supervision:N1}を[行]{おこな:to carry out:N5}わなければならないと[定]{さだ:to establish:N3}めている。ガイドラインでは、[委託]{いたく:outsourcing:N1}[先]{さき:party:N5}の[監督]{かんとく:supervision:N1}として3つの[重要]{じゅうよう:important:N3}な[措置]{そち:measure:N1}が[示]{しめ:to indicate:N3}されている。\n\n#en\nArticle 25 stipulates that when outsourcing all or part of the handling of personal data, necessary and appropriate supervision of the outsourcing party must be carried out. The guidelines identify three key supervisory measures for outsourcing partners.\n::\n\n::para\n[第]{だい:number:N1}[一]{いち:one:N5}に、[適切]{てきせつ:appropriate:N3}な[委託]{いたく:outsourcing:N1}[先]{さき:party:N5}の[選定]{せんてい:selection:N3}である。[委託]{いたく:outsourcing:N1}[先]{さき:party:N5}が[十分]{じゅうぶん:sufficient:N5}な[安全]{あんぜん:safety:N3}[管理]{かんり:management:N2}[措置]{そち:measure:N1}を[講じ]{こうじ:to take (measures):N2}ているかどうかを[事前]{じぜん:prior, advance:N4}に[確認]{かくにん:confirmation:N3}しなければならない。[第]{だい:number:N1}[二]{に:two:N5}に、[委託]{いたく:outsourcing:N1}[契約]{けいやく:contract:N1}の[締結]{ていけつ:conclusion:N1}である。[契約]{けいやく:contract:N1}には、[安全]{あんぜん:safety:N3}[管理]{かんり:management:N2}[措置]{そち:measure:N1}の[内容]{ないよう:content:N3}、[再]{さい:re-:N2}[委託]{いたく:outsourcing:N1}の[制限]{せいげん:restriction:N3}、[事故]{じこ:accident, incident:N1}[発生]{はっせい:occurrence:N4}[時]{じ:at the time of:N5}の[報告]{ほうこく:report:N3}[義務]{ぎむ:obligation:N1}、[契約]{けいやく:contract:N1}[終了]{しゅうりょう:termination:N2}[時]{じ:at the time of:N5}の[個人]{こじん:individual:N2}データの[返還]{へんかん:return:N1}・[消去]{しょうきょ:deletion:N3}などを[盛り込む]{もりこむ:to include:N1}。[第]{だい:number:N1}[三]{さん:three:N5}に、[委託]{いたく:outsourcing:N1}[先]{さき:party:N5}における[個人]{こじん:individual:N2}データの[取扱]{とりあつかい:handling:N1}[状況]{じょうきょう:situation:N2}の[把握]{はあく:grasp, understanding:N1}である。[定期的]{ていきてき:periodically:N3}な[監査]{かんさ:audit:N1}や[報告]{ほうこく:report:N3}[徴求]{ちょうきゅう:demanding, requesting:N1}によって[実態]{じったい:actual conditions:N1}を[把握]{はあく:understanding:N1}する。\n\n#en\nFirst, appropriate selection of the outsourcing party. One must verify in advance whether the outsourcing party has sufficient safety management measures. Second, execution of an outsourcing contract. The contract should include the content of safety management measures, restrictions on sub-outsourcing, reporting obligations in case of incidents, and return\u002Fdeletion of personal data upon contract termination. Third, monitoring the outsourcing party's handling of personal data. Actual conditions are monitored through periodic audits and requesting reports.\n::\n\n::para\n[再]{さい:re-:N2}[委託]{いたく:outsourcing:N1}については、[委託]{いたく:outsourcing:N1}[元]{もと:origin, original:N4}の[許諾]{きょだく:permission, approval:N1}を[得]{え:to obtain:N3}なければならない。[再]{さい:re-:N2}[委託]{いたく:outsourcing:N1}[先]{さき:party:N5}に[対]{たい:toward:N3}しても、[委託]{いたく:outsourcing:N1}[元]{もと:original:N4}は[間接的]{かんせつてき:indirect:N2}に[監督]{かんとく:supervision:N1}[責任]{せきにん:responsibility:N3}を[負]{お:to bear:N3}う。つまり、[委託]{いたく:outsourcing:N1}→[再]{さい:re-:N2}[委託]{いたく:outsourcing:N1}→[再]{さい:re-:N2}[再]{さい:re-:N2}[委託]{いたく:outsourcing:N1}と[連鎖]{れんさ:chain:N1}する[場合]{ばあい:case:N3}でも、[最初]{さいしょ:first:N3}の[委託]{いたく:outsourcing:N1}[元]{もと:original:N4}の[監督]{かんとく:supervision:N1}[義務]{ぎむ:obligation:N1}は[消滅]{しょうめつ:extinction, disappearance:N1}しない。\n\n#en\nRegarding sub-outsourcing, permission from the original outsourcer must be obtained. The original outsourcer bears indirect supervisory responsibility even toward the sub-outsourcing party. In other words, even if the chain extends from outsourcing to sub-outsourcing to sub-sub-outsourcing, the original outsourcer's supervisory obligation does not disappear.\n::\n\n::callout\n[試験]{しけん:exam:N4}のポイント：[委託]{いたく:outsourcing:N1}は[法]{ほう:law:N3}27[条]{じょう:article:N1}5[項]{こう:paragraph:N1}1[号]{ごう:item:N3}により[第三者]{だいさんしゃ:third party:N1}[提供]{ていきょう:provision:N1}には[該当]{がいとう:to correspond, to apply:N1}しない。しかし、[委託]{いたく:outsourcing:N1}[先]{さき:party:N5}が[委託]{いたく:outsourcing:N1}された[業務]{ぎょうむ:business, work:N3}の[範囲]{はんい:scope:N1}を[超え]{こえ:to exceed:N2}て[個人]{こじん:individual:N2}データを[利用]{りよう:use:N3}した[場合]{ばあい:case:N3}は、[委託]{いたく:outsourcing:N1}[先]{さき:party:N5}[自身]{じしん:oneself:N4}が[個人情報]{こじんじょうほう:personal information:N2}[取扱]{とりあつかい:handling:N1}[事業者]{じぎょうしゃ:business operator:N4}として[法的]{ほうてき:legal:N3}[責任]{せきにん:responsibility:N3}を[負]{お:to bear:N3}う。[委託]{いたく:outsourcing:N1}＝[第三者]{だいさんしゃ:third party:N1}[提供]{ていきょう:provision:N1}ではない、という[点]{てん:point:N3}は[頻出]{ひんしゅつ:frequently appearing:N1}。\n\n#en\nExam point: Outsourcing does NOT constitute third-party provision under Article 27, Paragraph 5, Item 1. However, if the outsourcing party uses personal data beyond the scope of the outsourced work, the outsourcing party itself bears legal responsibility as a business operator handling personal information. The point that outsourcing ≠ third-party provision is frequently tested.\n::\n\n::heading\n[法]{ほう:law:N3}26[条]{じょう:article:N1}：[漏]{ろう:leak:N1}えい[等]{とう:etc.:N3}の[報告]{ほうこく:report:N3}[等]{とう:etc.:N3}（2022[年]{ねん:year:N5}[改正]{かいせい:amendment:N2}）\n\n#en\nArticle 26: Breach Reporting (2022 Amendment)\n::\n\n::para\n[法]{ほう:law:N3}26[条]{じょう:article:N1}は、[漏]{ろう:leak:N1}えい、[滅失]{めっしつ:loss:N1}または[毀損]{きそん:damage:N1}（[以下]{いか:the following:N4}「[漏]{ろう:leak:N1}えい[等]{とう:etc.:N3}」）が[発生]{はっせい:occurrence:N4}し、[個人]{こじん:individual:N2}の[権利]{けんり:rights:N3}[利益]{りえき:interests:N1}を[害]{がい:to harm:N3}するおそれが[大きい]{おおきい:large:N5}[場合]{ばあい:case:N3}に、[個人情報]{こじんじょうほう:personal information:N2}[保護]{ほご:protection:N1}[委員会]{いいんかい:commission:N2}（PPC）への[報告]{ほうこく:report:N3}と[本人]{ほんにん:the individual:N5}への[通知]{つうち:notification:N4}を[義務]{ぎむ:obligation:N1}づけている。2022[年]{ねん:year:N5}4[月]{がつ:month:N5}の[改正]{かいせい:amendment, revision:N2}により、[従来]{じゅうらい:previously:N1}の[努力]{どりょく:effort:N3}[義務]{ぎむ:obligation:N1}から[法的]{ほうてき:legal:N3}[義務]{ぎむ:obligation:N1}に[格上げ]{かくあげ:upgrade:N3}された。これは[試験]{しけん:exam:N4}[頻出]{ひんしゅつ:frequently appearing:N1}の[改正]{かいせい:amendment:N2}[点]{てん:point:N3}である。\n\n#en\nArticle 26 mandates reporting to the Personal Information Protection Commission (PPC) and notification to the affected individual when leakage, loss, or damage (collectively \"leakage, etc.\") occurs and there is a significant risk of harming individual rights and interests. The April 2022 amendment upgraded this from a best-effort obligation to a legal obligation. This is a frequently tested amendment point.\n::\n\n::para\n[報告]{ほうこく:report:N3}[義務]{ぎむ:obligation:N1}が[発生]{はっせい:occurrence:N4}する[要件]{ようけん:requirements:N3}は、[以下]{いか:the following:N4}の4つのいずれかに[該当]{がいとう:to correspond:N1}する[場合]{ばあい:case:N3}である。（1）[要配慮]{ようはいりょ:requiring special care:N1}[個人情報]{こじんじょうほう:personal information:N2}の[漏]{ろう:leak:N1}えい[等]{とう:etc.:N3}が[発生]{はっせい:occurrence:N4}し、または[発生]{はっせい:occurrence:N4}したおそれがある[場合]{ばあい:case:N3}。（2）[不正]{ふせい:unauthorized:N4}に[利用]{りよう:use:N3}されることにより[財産的]{ざいさんてき:financial:N3}[被害]{ひがい:damage:N2}が[生じる]{しょうじる:to arise:N5}おそれがある[個人]{こじん:individual:N2}データの[漏]{ろう:leak:N1}えい[等]{とう:etc.:N3}。（3）[不正]{ふせい:unauthorized:N4}の[目的]{もくてき:purpose:N4}をもって[行]{おこな:to carry out:N5}われたおそれがある[個人]{こじん:individual:N2}データの[漏]{ろう:leak:N1}えい[等]{とう:etc.:N3}（[不正]{ふせい:unauthorized:N4}アクセスを[含]{ふく:to include:N2}む）。（4）[漏]{ろう:leak:N1}えい[等]{とう:etc.:N3}した[個人]{こじん:individual:N2}データの[本人]{ほんにん:the individual:N5}の[数]{かず:number:N3}が1,000[人]{にん:people:N5}を[超える]{こえる:to exceed:N2}[場合]{ばあい:case:N3}。\n\n#en\nThe reporting obligation is triggered when any one of the following four conditions is met: (1) Leakage of specially handled personal information (sensitive data) has occurred or is suspected. (2) Leakage of personal data where unauthorized use may cause financial harm. (3) Leakage of personal data that appears to have been carried out with malicious intent (including unauthorized access). (4) The number of affected individuals exceeds 1,000.\n::\n\n::para\n[報告]{ほうこく:report:N3}は[二]{に:two:N5}[段階]{だんかい:stage:N2}で[行]{おこな:to carry out:N5}う。まず[速報]{そくほう:preliminary report:N3}として、[事態]{じたい:situation:N1}を[知]{し:to know:N4}った[日]{ひ:day:N5}から3～5[営業]{えいぎょう:business:N2}[日]{び:day:N5}[以内]{いない:within:N3}にPPCに[速報]{そくほう:preliminary report:N3}を[行]{おこな:to carry out:N5}う。[速報]{そくほう:preliminary report:N3}の[時点]{じてん:point in time:N3}では[全]{すべ:all:N3}ての[事項]{じこう:matters:N1}が[判明]{はんめい:to become clear:N3}していなくても、[把握]{はあく:understanding:N1}している[範囲]{はんい:scope:N1}で[報告]{ほうこく:report:N3}すればよい。[次]{つぎ:next:N3}に[確報]{かくほう:detailed report:N3}として、[事態]{じたい:situation:N1}を[知]{し:to know:N4}った[日]{ひ:day:N5}から30[日]{にち:days:N5}[以内]{いない:within:N3}に[確報]{かくほう:detailed report:N3}を[提出]{ていしゅつ:submission:N1}する。ただし、[上記]{じょうき:above-mentioned:N3}（3）の[不正]{ふせい:unauthorized:N4}の[目的]{もくてき:purpose:N4}によるおそれがある[場合]{ばあい:case:N3}は、[確報]{かくほう:detailed report:N3}の[期限]{きげん:deadline:N3}が60[日]{にち:days:N5}[以内]{いない:within:N3}に[延長]{えんちょう:extension:N2}される。\n\n#en\nReporting is carried out in two stages. First, a preliminary report must be submitted to the PPC within 3-5 business days of becoming aware of the incident. At the preliminary report stage, not all details need to be confirmed — reporting within the scope of what is known is sufficient. Next, a detailed report must be submitted within 30 days of becoming aware of the incident. However, in case (3) — where the breach appears to have been carried out with malicious intent — the detailed report deadline is extended to 60 days.\n::\n\n::para\n[本人]{ほんにん:the individual:N5}への[通知]{つうち:notification:N4}も[義務]{ぎむ:obligation:N1}である。[漏]{ろう:leak:N1}えい[等]{とう:etc.:N3}の[事態]{じたい:situation:N1}が[発生]{はっせい:occurrence:N4}した[場合]{ばあい:case:N3}、[事業者]{じぎょうしゃ:business operator:N4}は[本人]{ほんにん:the individual:N5}に[対]{たい:toward:N3}しても[速]{すみ:swift:N3}やかに[事態]{じたい:situation:N1}の[概要]{がいよう:overview:N1}、[漏]{ろう:leak:N1}えいした[個人]{こじん:individual:N2}データの[項目]{こうもく:items:N1}、[原因]{げんいん:cause:N3}、[二次]{にじ:secondary:N3}[被害]{ひがい:damage:N2}の[防止]{ぼうし:prevention:N2}のための[措置]{そち:measure:N1}などを[通知]{つうち:notification:N4}しなければならない。ただし、[本人]{ほんにん:the individual:N5}への[通知]{つうち:notification:N4}が[困難]{こんなん:difficult:N3}な[場合]{ばあい:case:N3}であって、[本人]{ほんにん:the individual:N5}の[権利]{けんり:rights:N3}[利益]{りえき:interests:N1}を[保護]{ほご:protection:N1}するため[必要]{ひつよう:necessary:N3}な[代替]{だいたい:alternative:N2}[措置]{そち:measure:N1}を[講じる]{こうじる:to take (measures):N2}ときは、[個別]{こべつ:individual:N2}の[通知]{つうち:notification:N4}に[代える]{かえる:to replace:N4}ことができる。[代替]{だいたい:alternative:N2}[措置]{そち:measure:N1}の[例]{れい:example:N3}としては、ホームページでの[公表]{こうひょう:public announcement:N3}や[問い合わせ]{といあわせ:inquiry:N3}[窓口]{まどぐち:contact point:N3}の[設置]{せっち:establishment:N2}がある。\n\n#en\nNotification to the individual is also mandatory. When a breach occurs, the business operator must promptly notify the individual of the outline of the incident, the categories of leaked personal data, the cause, and measures to prevent secondary damage. However, if notification to the individual is difficult and necessary alternative measures are taken to protect the individual's rights and interests, individual notification may be replaced. Examples of alternative measures include publishing on a website and establishing an inquiry contact point.\n::\n\n::callout\n[試験]{しけん:exam:N4}のポイント：「[漏]{ろう:leak:N1}えい」＝[情報]{じょうほう:information:N3}が[外部]{がいぶ:outside:N3}に[流出]{りゅうしゅつ:outflow:N3}すること、「[滅失]{めっしつ:loss:N1}」＝データが[失]{うしな:to lose:N3}われること（[復元]{ふくげん:restoration:N2}[不能]{ふのう:impossible:N3}）、「[毀損]{きそん:damage:N1}」＝データの[内容]{ないよう:content:N3}が[意図]{いと:intention:N4}せず[改変]{かいへん:alteration:N2}されること。この3つの[区別]{くべつ:distinction:N2}は[試験]{しけん:exam:N4}で[問]{と:to ask:N4}われる。また、[速報]{そくほう:preliminary report:N3}は3～5[営業]{えいぎょう:business:N2}[日]{び:day:N5}、[確報]{かくほう:detailed report:N3}は[原則]{げんそく:principle:N2}30[日]{にち:days:N5}（[不正]{ふせい:unauthorized:N4}アクセスは60[日]{にち:days:N5}）という[数字]{すうじ:number:N3}は[必]{かなら:certainly:N3}ず[覚える]{おぼえる:to memorize:N3}こと。2022[年]{ねん:year:N5}[改正]{かいせい:amendment:N2}で[努力]{どりょく:effort:N3}[義務]{ぎむ:obligation:N1}→[法的]{ほうてき:legal:N3}[義務]{ぎむ:obligation:N1}になった[点]{てん:point:N3}も[超]{ちょう:super:N2}[重要]{じゅうよう:important:N3}。\n\n#en\nExam point: \"Leakage\" = information flowing outside; \"loss\" = data being lost (unrecoverable); \"damage\" = data content being unintentionally altered. The exam tests the distinction between these three. Also, memorize the numbers: preliminary report within 3-5 business days, detailed report within 30 days as a rule (60 days for unauthorized access). The 2022 amendment upgrading this from best-effort to legal obligation is also critically important.\n::\n",{"id":387,"title":392,"titleEn":393,"topicPath":394,"questions":395},"第４編 個人データに関する義務 確認テスト","Chapter 4: Obligations Regarding Personal Data — Practice Test","software\u002Fkojin-joho-hogo\u002Fkadai-1\u002Fhen-04-kojin-data-gimu",[396,423,447,472,495,518],{"id":397,"articleId":6,"question":398,"options":401,"correctLabel":411,"explanation":418,"tags":421},"kjh-k1-h04-q01",{"en":399,"jp":400},"Which of the following is NOT one of the four types of safety management measures?","[安全]{あんぜん:safety}[管理]{かんり:management}[措置]{そち:measures}の4[種類]{しゅるい:types}に[該当]{がいとう:applicable}しないものはどれか。",[402,406,410,414],{"label":403,"jp":404,"en":405},"ア","[組織的]{そしきてき:organizational}[安全]{あんぜん:safety}[管理]{かんり:management}[措置]{そち:measures}","Organizational safety management measures",{"label":407,"jp":408,"en":409},"イ","[人的]{じんてき:human}[安全]{あんぜん:safety}[管理]{かんり:management}[措置]{そち:measures}","Human safety management measures",{"label":411,"jp":412,"en":413},"ウ","[財務的]{ざいむてき:financial}[安全]{あんぜん:safety}[管理]{かんり:management}[措置]{そち:measures}","Financial safety management measures",{"label":415,"jp":416,"en":417},"エ","[技術的]{ぎじゅつてき:technical}[安全]{あんぜん:safety}[管理]{かんり:management}[措置]{そち:measures}","Technical safety management measures",{"en":419,"jp":420},"The four types of safety management measures are organizational, human, physical, and technical. \"Financial\" is not included.","[安全]{あんぜん:safety}[管理]{かんり:management}[措置]{そち:measures}は、[組織的]{そしきてき:organizational}、[人的]{じんてき:human}、[物理的]{ぶつりてき:physical}、[技術的]{ぎじゅつてき:technical}の4[種類]{しゅるい:types}である。「[財務的]{ざいむてき:financial}」は[含]{ふく:included}まれない。",[422],"安全管理措置",{"id":424,"articleId":6,"question":425,"options":428,"correctLabel":411,"explanation":441,"tags":444},"kjh-k1-h04-q02",{"en":426,"jp":427},"Which of the following is INCORRECT as a requirement for mandatory breach reporting (Article 26)?","[漏]{ろう:leak}えい[報告]{ほうこく:report}（[法]{ほう:law}[第]{だい:article}26[条]{じょう:article}）が[義務]{ぎむ:obligation}づけられる[要件]{ようけん:requirement}として[誤]{あやま:incorrect}っているものはどれか。",[429,432,435,438],{"label":403,"jp":430,"en":431},"[要]{よう:requiring}[配慮]{はいりょ:consideration}[個人]{こじん:personal}[情報]{じょうほう:information}の[漏]{ろう:leak}えい","Leakage of special care-required personal information",{"label":407,"jp":433,"en":434},"[不正]{ふせい:unauthorized}アクセスによる[漏]{ろう:leak}えいのおそれ","Risk of leakage due to unauthorized access",{"label":411,"jp":436,"en":437},"1[件]{けん:case}でも[漏]{ろう:leak}えいがあれば[必]{かなら:always}ず[報告]{ほうこく:report}が[必要]{ひつよう:necessary}","Reporting is always required even for a single case of leakage",{"label":415,"jp":439,"en":440},"[財産的]{ざいさんてき:financial}[被害]{ひがい:damage}が[生]{しょう:occur}じるおそれがある[漏]{ろう:leak}えい","Leakage where financial damage may occur",{"en":442,"jp":443},"Mandatory breach reporting applies to four categories: leakage of special care-required information, unauthorized access, risk of financial damage, and leakage exceeding 1,000 persons. A single case of leakage does not always trigger reporting obligations.","[漏]{ろう:leak}えい[報告]{ほうこく:report}が[義務]{ぎむ:obligation}づけられるのは、[要]{よう:requiring}[配慮]{はいりょ:consideration}[個人]{こじん:personal}[情報]{じょうほう:information}の[漏]{ろう:leak}えい、[不正]{ふせい:unauthorized}アクセス、[財産的]{ざいさんてき:financial}[被害]{ひがい:damage}のおそれ、1,000[人]{にん:persons}[超]{ちょう:exceeding}の[漏]{ろう:leak}えいの4[類型]{るいけい:types}である。1[件]{けん:case}の[漏]{ろう:leak}えいでも[必]{かなら:always}ず[報告]{ほうこく:report}[義務]{ぎむ:obligation}が[生]{しょう:occur}じるわけではない。",[445,446],"漏えい報告","26条",{"id":448,"articleId":449,"question":450,"options":453,"correctLabel":411,"explanation":466,"tags":469},"kjh-k1-h04-q03","kjh-k1-h04-daisan-sha-teikyou",{"en":451,"jp":452},"Which of the following is NOT an exception allowing third-party provision without the individual's consent?","[第三者]{だいさんしゃ:third party}[提供]{ていきょう:provision}の[例外]{れいがい:exception}（[本人]{ほんにん:individual}の[同意]{どうい:consent}なく[提供]{ていきょう:provision}できる[場合]{ばあい:case}）に[該当]{がいとう:applicable}しないものはどれか。",[454,457,460,463],{"label":403,"jp":455,"en":456},"[法令]{ほうれい:laws}に[基]{もと:based}づく[場合]{ばあい:case}","Cases based on laws and regulations",{"label":407,"jp":458,"en":459},"[委託]{いたく:entrustment}に[伴]{ともな:accompanying}う[提供]{ていきょう:provision}","Provision accompanying entrustment",{"label":411,"jp":461,"en":462},"グループ[会社]{がいしゃ:company}[間]{かん:between}の[情報]{じょうほう:information}[共有]{きょうゆう:sharing}","Information sharing between group companies",{"label":415,"jp":464,"en":465},"[事業]{じぎょう:business}[承継]{しょうけい:succession}に[伴]{ともな:accompanying}う[提供]{ていきょう:provision}","Provision accompanying business succession",{"en":467,"jp":468},"Entrustment, business succession, and joint use are stipulated as cases not constituting third-party provision. Merely being between group companies does not create an exception — the requirements for joint use must be satisfied.","[委託]{いたく:entrustment}、[事業]{じぎょう:business}[承継]{しょうけい:succession}、[共同]{きょうどう:joint}[利用]{りよう:use}は[第三者]{だいさんしゃ:third party}に[該当]{がいとう:applicable}しない[場合]{ばあい:case}として[規定]{きてい:stipulated}されている。グループ[会社]{がいしゃ:company}[間]{かん:between}というだけでは[例外]{れいがい:exception}にならず、[共同]{きょうどう:joint}[利用]{りよう:use}の[要件]{ようけん:requirements}を[満]{み:satisfy}たす[必要]{ひつよう:necessary}がある。",[470,471],"第三者提供","例外",{"id":473,"articleId":449,"question":474,"options":477,"correctLabel":411,"explanation":490,"tags":493},"kjh-k1-h04-q04",{"en":475,"jp":476},"Which of the following is correct about third-party provision through opt-out?","オプトアウトによる[第三者]{だいさんしゃ:third party}[提供]{ていきょう:provision}について[正]{ただ:correct}しいものはどれか。",[478,481,484,487],{"label":403,"jp":479,"en":480},"[要]{よう:requiring}[配慮]{はいりょ:consideration}[個人]{こじん:personal}[情報]{じょうほう:information}もオプトアウトで[提供]{ていきょう:provision}できる","Special care-required personal information can also be provided through opt-out",{"label":407,"jp":482,"en":483},"[個人]{こじん:personal}[情報]{じょうほう:information}[保護]{ほご:protection}[委員会]{いいんかい:commission}への[届出]{とどけで:notification}は[不要]{ふよう:unnecessary}である","Notification to the PPC is unnecessary",{"label":411,"jp":485,"en":486},"オプトアウトには[個人]{こじん:personal}[情報]{じょうほう:information}[保護]{ほご:protection}[委員会]{いいんかい:commission}への[届出]{とどけで:notification}が[必要]{ひつよう:necessary}である","Opt-out requires notification to the PPC",{"label":415,"jp":488,"en":489},"[不正]{ふせい:illegally}に[取得]{しゅとく:acquired}した[個人]{こじん:personal}データもオプトアウトで[提供]{ていきょう:provision}できる","Illegally acquired personal data can also be provided through opt-out",{"en":491,"jp":492},"Third-party provision through opt-out requires notification to the PPC. The 2020 amendment prohibited opt-out provision of special care-required information, illegally acquired data, and data obtained through opt-out.","オプトアウトによる[第三者]{だいさんしゃ:third party}[提供]{ていきょう:provision}にはPPCへの[届出]{とどけで:notification}が[必要]{ひつよう:necessary}。2020[年]{ねん:year}[改正]{かいせい:amendment}で、[要]{よう:requiring}[配慮]{はいりょ:consideration}[個人]{こじん:personal}[情報]{じょうほう:information}や[不正]{ふせい:illegally}[取得]{しゅとく:acquired}データ、オプトアウトで[取得]{しゅとく:acquired}したデータはオプトアウト[提供]{ていきょう:provision}が[禁止]{きんし:prohibited}された。",[494],"オプトアウト",{"id":496,"articleId":449,"question":497,"options":500,"correctLabel":407,"explanation":513,"tags":516},"kjh-k1-h04-q05",{"en":498,"jp":499},"Which of the following is correct about joint use?","[共同]{きょうどう:joint}[利用]{りよう:use}について[正]{ただ:correct}しいものはどれか。",[501,504,507,510],{"label":403,"jp":502,"en":503},"[共同]{きょうどう:joint}[利用]{りよう:use}[者]{しゃ:user}の[範囲]{はんい:scope}を[本人]{ほんにん:individual}に[通知]{つうち:notify}する[必要]{ひつよう:necessary}はない","There is no need to notify the individual of the scope of joint users",{"label":407,"jp":505,"en":506},"[共同]{きょうどう:joint}[利用]{りよう:use}[者]{しゃ:user}の[範囲]{はんい:scope}、[利用]{りよう:use}[目的]{もくてき:purpose}、[管理]{かんり:management}[責任者]{せきにんしゃ:responsible person}を[本人]{ほんにん:individual}に[通知]{つうち:notify}または[公表]{こうひょう:publicize}する[必要]{ひつよう:necessary}がある","The scope of joint users, purpose of use, and responsible manager must be notified or publicized to the individual",{"label":411,"jp":508,"en":509},"[共同]{きょうどう:joint}[利用]{りよう:use}はPPCへの[届出]{とどけで:notification}が[必要]{ひつよう:necessary}","Joint use requires notification to the PPC",{"label":415,"jp":511,"en":512},"[共同]{きょうどう:joint}[利用]{りよう:use}では[安全]{あんぜん:safety}[管理]{かんり:management}[措置]{そち:measures}の[義務]{ぎむ:obligation}は[免除]{めんじょ:exempt}される","Joint use exempts the obligation for safety management measures",{"en":514,"jp":515},"Joint use requires notifying or publicizing the scope of joint users, purpose of use, data items, and the name\u002Ftitle of the responsible manager. Notification to the PPC is not required.","[共同]{きょうどう:joint}[利用]{りよう:use}には、[共同]{きょうどう:joint}[利用]{りよう:use}[者]{しゃ:user}の[範囲]{はんい:scope}、[利用]{りよう:use}[目的]{もくてき:purpose}、データ[項目]{こうもく:items}、[管理]{かんり:management}[責任者]{せきにんしゃ:responsible person}の[氏名]{しめい:name}・[名称]{めいしょう:title}を[本人]{ほんにん:individual}に[通知]{つうち:notify}または[公表]{こうひょう:publicize}する[必要]{ひつよう:necessary}がある。PPCへの[届出]{とどけで:notification}は[不要]{ふよう:unnecessary}。",[517],"共同利用",{"id":519,"articleId":520,"question":521,"options":524,"correctLabel":411,"explanation":537,"tags":540},"kjh-k1-h04-q06","kjh-k1-h01-hotaikei",{"en":522,"jp":523},"Which of the following is correct about provision to third parties in foreign countries?","[外国]{がいこく:foreign}にある[第三者]{だいさんしゃ:third party}への[提供]{ていきょう:provision}について[正]{ただ:correct}しいものはどれか。",[525,528,531,534],{"label":403,"jp":526,"en":527},"[本人]{ほんにん:individual}の[同意]{どうい:consent}[取得]{しゅとく:acquisition}[時]{じ:time}に[外国]{がいこく:foreign}の[個人]{こじん:personal}[情報]{じょうほう:information}[保護]{ほご:protection}[制度]{せいど:system}に[関]{かん:related}する[情報]{じょうほう:information}[提供]{ていきょう:provision}は[不要]{ふよう:unnecessary}","Information about the foreign country's personal information protection system is unnecessary when obtaining consent",{"label":407,"jp":529,"en":530},"EU[加盟国]{かめいこく:member states}への[提供]{ていきょう:provision}は[常]{つね:always}に[同意]{どうい:consent}が[必要]{ひつよう:necessary}","Provision to EU member states always requires consent",{"label":411,"jp":532,"en":533},"2020[年]{ねん:year}[改正]{かいせい:amendment}で[本人]{ほんにん:individual}への[情報]{じょうほう:information}[提供]{ていきょう:provision}[義務]{ぎむ:obligation}が[強化]{きょうか:strengthened}された","The 2020 amendment strengthened the obligation to provide information to the individual",{"label":415,"jp":535,"en":536},"[外国]{がいこく:foreign}への[提供]{ていきょう:provision}は[一律]{いちりつ:uniformly}[禁止]{きんし:prohibited}されている","Provision to foreign countries is uniformly prohibited",{"en":538,"jp":539},"The 2020 amendment mandated providing information about the destination country's system when obtaining consent for foreign third-party provision. EU member states and the UK are PPC-approved countries, enabling provision without consent.","2020[年]{ねん:year}[改正]{かいせい:amendment}により、[外国]{がいこく:foreign}[第三者]{だいさんしゃ:third party}[提供]{ていきょう:provision}の[同意]{どうい:consent}[取得]{しゅとく:acquisition}[時]{じ:time}に[移転先]{いてんさき:transfer destination}[国]{くに:country}の[制度]{せいど:system}[情報]{じょうほう:information}[提供]{ていきょう:provision}が[義務化]{ぎむか:mandatory}された。EU[加盟国]{かめいこく:member states}や[英国]{えいこく:UK}はPPCが[認定]{にんてい:approved}した[国]{くに:country}であり、[同意]{どうい:consent}なしでの[提供]{ていきょう:provision}が[可能]{かのう:possible}。",[541],"外国第三者提供"]