Nurturing a culture of trust
Information security and protection of personal information

Information security

In recent years, there has been a growing risk of information assets being exposed to threats in various aspects in line with the progress of information technology.

The Haseko Group is working on the protection of information assets handled in its businesses and the enhancement of management of such assets, including customer information. We are building awareness of information management, having established the "Haseko Group’s Information Management Regulations" and "Basic Policy for Information Security" on a Group-wide scale and formulated the "Information Handling Guidelines" shared across the Group. We have also set individual management standards according to the respective businesses and contents of information handled by Group companies.

Haseko Livenet, Inc., which is engaged in the operational management of rental housing, handles personal information of residents and prospective residents as well as information assets entrusted by clients. For this reason, we have built an Information Security Management System (ISMS) in all divisions in Tokyo and Osaka. We are utilizing international standard ISO/IEC27001 in the inspection and review of day-to-day information asset management activities, having obtained certification in August 2005.

Protection of personal information

The Haseko Group recognizes the importance of protecting personal information, and has established the Privacy Policy with respect to all companies in the Group as our policy for handling personal information.

In order to clarify the structure of responsibility for the protection of personal information inside all companies in the Group, we have appointed a personal information protection manager and developed internal regulations on personal information, and are educating employees and raising their awareness so that they would comply with such regulations.

We have also established the "Guidelines for Handling Personal Information in Information Systems," which set forth the system requirements and operation rules of information systems that handle personal information, laying down the rules of the administration framework and operation method of systems that fall under the scope.

Furthermore, we execute thoroughgoing management and take various security measures to prevent the loss and leakage of personal information. We conduct internal audits periodically to verify that the series of measures to protect personal information are being implemented without fail, and take corrective action as necessary. In addition, we have undergone PrivacyMark (P-Mark) assessment to have our personal information protection status evaluated objectively by a third party, as a result of which four Group companies have been granted P-Mark.

Rules and regulations on information management