課題Ⅰ 第11編① マイナンバー法 ― 総則・個人番号・個人番号カード（法1条〜18条の5）

The My Number Act (formal name: Act on the Use of Numbers to Identify Specific Individuals in Administrative Procedures) was enacted to manage information efficiently using individual numbers in three fields — social security, taxation, and disaster countermeasures — aiming to streamline government operations and improve convenience for citizens. This law is positioned as a special law relative to the Act on the Protection of Personal Information, and also aims to prevent the improper use of specific personal information. This article provides exhaustive coverage of Articles 1 through 18-5, which form the exam scope for the Certified Personal Information Protection Specialist exam.

Article 1 is the purpose provision. By utilizing individual numbers, government agencies can swiftly and accurately identify individuals, enabling the optimization of social security benefits and simplification of tax procedures. At the same time, it stipulates that measures must be taken to ensure the proper handling of specific personal information. In other words, balancing efficiency and protection is the foundation of this law.

Article 2 defines key terms. Paragraph 1 broadly defines "individual number," and paragraph 5 provides a detailed definition. An individual number is a 12-digit number derived by converting the resident register code, assigned to every individual with a resident register in Japan (including foreign residents). Paragraph 3 defines the "My Number card" as an IC chip-equipped card displaying the holder's name, address, date of birth, gender, individual number, and photograph.

Article 2, paragraph 8 defines "specific personal information" — personal information that includes an individual number, requiring far stricter protection than ordinary personal information. Even a combination of just a name and individual number qualifies. Paragraph 9 defines "specific personal information files," referring to databases containing individual numbers. Stricter regulations apply than those for "personal information files" under the Personal Information Protection Act.

Article 2, paragraph 10 defines "individual number-related administrative affairs" — tasks requiring entry of individual numbers in notifications/applications, mainly handled by private-sector operators (employers, financial institutions). Paragraph 11 defines "individual number use affairs" — tasks where government agencies process work using individual numbers based on laws (pension eligibility verification, tax levy/collection, etc.). Paragraph 12 defines the "information provision network system," a mechanism for safely querying and providing specific personal information between government agencies.

Article 3 establishes the basic principles. The use of individual numbers must be carried out properly based on law, and the article declares the importance of ensuring citizens' trust regarding the use of individual numbers. The core principle is balancing two values: pursuing administrative streamlining and citizen convenience while giving sufficient consideration to the protection of personal information.

Article 4 prescribes the state's duty to take necessary measures for the proper operation of the individual number system. Article 5 prescribes local government duties, imposing an obligation to ensure proper handling of individual numbers in cooperation with the state. Article 6 sets a "best-effort obligation" for business operators, requiring them to endeavor to cooperate with national and local government policies. Being an "effort obligation," it has weaker legal binding force, but compliance is expected in practice.

Article 7 governs the assignment and notification of individual numbers. The mayor of the municipality assigns an individual number based on the resident register code and notifies the person. Previously, notification was via "notification cards," but these were abolished in May 2020; now notification is via an "individual number notification document." When a resident register is created through a birth registration, a number is automatically assigned. As a rule, the number is unchangeable throughout one's lifetime.

Article 8 governs how individual numbers are generated. The Local Authorities Systems Development Center (J-LIS) converts the resident register code to generate the number. Of the 12 digits, 11 are the main number and the last digit is a check digit for detecting input errors. The flow is: the mayor requests J-LIS to generate a number, then the mayor assigns the J-LIS-generated number to the individual.

Article 9 strictly enumerates the scope of use for individual numbers. First, the "social security" field: pensions (welfare pension and national pension notifications), medical insurance (qualification acquisition/loss notifications), nursing care insurance, employment insurance (insured person qualification notifications), public assistance applications, and child allowance claims.

Second, the "taxation" field: entry on final tax returns, withholding tax slips, and statutory records is mandatory. Third, the "disaster countermeasures" field: used for creating disaster victim registers and paying reconstruction support funds. Local governments can also use numbers for affairs specified by ordinance. Article 9, paragraph 4 establishes a special provision for severe disasters, allowing financial institutions to use individual numbers to verify savings/deposit accounts.

Article 10 restricts re-outsourcing. A party that receives outsourcing of individual number-related or use affairs may only re-outsource with the consigner's consent. The same restriction applies to further levels of re-outsourcing. Unauthorized re-outsourcing is prohibited.

Article 11 requires the party outsourcing individual number affairs to exercise necessary and appropriate supervision over the outsourcing destination to ensure proper management of specific personal information. If a leak occurs at the outsourcing destination, the outsourcing party may also be held responsible.

Article 12 prescribes the duties of individual number use affairs implementers. They must take necessary measures for the appropriate management of individual numbers, including preventing leakage, loss, and damage. This is the legal basis for safety management measures.

Article 13 governs changes to individual numbers. When a number has been leaked and there is a risk of fraudulent use, the individual or their proxy can request the mayor to change it. If approved, the mayor assigns and notifies a new number. The condition is "leakage + risk of fraudulent use" — one cannot change the number simply because they want to.

Article 14 governs requests for provision of individual numbers. An implementer of individual number-related affairs (e.g., an employer) can request a person's My Number, but only when necessary for processing those affairs — for example, preparing withholding tax forms or filing employment insurance notifications. Vague reasons like "for company management" are not permitted.

Article 15 restricts requests for provision. If the situation does not fall under any item of Article 19, no one may ask another person to provide their individual number. In other words, outside the scenarios permitted by Article 19, even asking someone to "tell me your My Number" is prohibited. Article 14 limits "who can request" while Article 15 defines "when requesting is prohibited" — they are two sides of the same coin.

Article 16 mandates identity verification when collecting individual numbers. Verification has two elements: (a) Number verification — confirming the presented number is correct (individual number notification document, copy of resident register, etc.); (b) Identity verification — confirming the holder is the person (driver's license, passport, or other photo ID). A My Number card satisfies both requirements with a single card.

Article 16-2 defines the My Number card and its contents. The front displays name, address, date of birth, gender, and photograph; the back displays the My Number (12 digits). Electronic certificates are stored in the IC chip, enabling online identity verification. Notably, the IC chip does not store sensitive personal information such as tax or pension data.

Articles 16-3 through 16-5 govern card issuance procedures. The mayor issues cards based on resident applications. Identity verification is performed at issuance, and four PINs are set: signature electronic certificate (6-16 alphanumeric characters), user certification (4-digit numeric), card face data input assistance (4-digit numeric), and individual number use (4-digit numeric). J-LIS handles the actual card production.

Article 17 governs electronic certificates. The card has two types. The "signature electronic certificate" proves a document was created by the person — used for e-Tax returns, electronic contracts, etc. It functions like a registered seal (実印) and records name, address, date of birth, and gender. The "user certification electronic certificate" authenticates identity for logging into the Myna Portal, issuing certificates at convenience stores, etc. It functions like a personal seal (認印) and is usable in a wide range of situations.

Article 18 governs the use cases of My Number cards: logging into the Myna Portal, use as a health insurance card (traditional cards abolished December 2024), obtaining copies of resident registers and seal registration certificates at convenience stores, use as a library card, etc. The Public Personal Authentication Service (JPKI) underpins these functions. Note that it is the electronic certificates in the IC chip that are used — not the My Number itself — for private-sector identity verification.

Articles 18-2 through 18-5 govern card management, validity periods, and surrender. Validity is 10 years for adults (18+) and 5 years for minors. Electronic certificate validity is until the 5th birthday after issuance, regardless of age. Surrender obligations arise when the card is lost/damaged or when moving overseas. Article 18-2 establishes the holder's duty of conscientious management, Article 18-3 covers validity periods, Article 18-4 covers card surrender, and Article 18-5 covers other management matters.

With the My Number system, information coordination between government agencies became possible, and citizens benefit from reduced attached documents for various procedures. For the government, income tracking accuracy improves, helping prevent fraudulent benefit receipt and optimize distribution. However, the system's foundation is strictly law-based operation.

Summary of practical points for business operators: When acquiring individual numbers, always state the purpose and perform identity verification (number + identity verification). Store acquired numbers with safety management measures (Article 12), fulfill supervision obligations over outsourcing destinations (Article 11), and promptly dispose of or delete them when the legally prescribed work is complete. Carelessly continuing to store former employees' individual numbers is illegal.