In consideration of the importance of the protection of personal data, the KADOKAWA Group works to observe the Act on the Protection of Personal Information and other related laws and regulations and to protect customer privacy. Access control is implemented at service sites that hold personal information, which is stored in encrypted form. We also have a privacy policy for employees.
For information security, we have established the Basic Policies on Information Security to clearly state the following items:
As an information security initiative, we have established KADOKAWA-CSIRT, an organization that communicates information about security incidents and vulnerability information and responds to security-related events. The CSIRT team regularly provides employees with advice about preventing cyberattacks, collects information regarding software vulnerabilities, etc. and conducts operation status surveys and inventory clearance of our websites.
Regarding personal information and data security risks, the KADOKAWA CORPORATION DX Strategic Architect Division is in charge of understanding of risks and actions to address risks as a responsible information security department subordinate to the Risk Management Committee. The Company has also established the Secretariat for Data Management for the promotion of information security management. Additionally, the General Manager for Personal Information Protection is responsible for efforts to ensure safety including discussion and decisions related to basic policies for the handling of acquired information, the effective use of data and whether or not information and data are handled according to relevant laws and regulations and the Privacy Policy. Furthermore, as a computer security-related organization, we participate in the Nippon Computer Security Incident Response Team Association (Nippon CSIRT Association), Japan Computer Emergency Response Team Coordination Center (JPCERT/CC), and Japan cyber-security Information Sharing Platform (JISP; an information sharing platform provided by the National center of Incident readiness and Strategy for Cybersecurity) to collect information and accumulate knowledge about personal information and data security quickly and appropriately.
DWANGO Co., Ltd., which develops a wide spectrum of digital businesses, provides privacy and data security training to recently graduated and mid-career employees when they join the company, and also provides e-learning-based training to all employees. We will work to spread information on the importance of data security by holding e-learning-based training for all Group employees, distributing security manuals, and more.