個人情報の保護に関する法律(平成十五年法律第五十七号)
Act on the Protection of Personal Information(Act No. 57 of 2003)
最終更新:平成十五年法律第百十九号
Last Version: Act No. 119 of 2003
TOC
History
-
▶
-
March 1, 2023
- Last Version: Act No. 37 of 2021
- Translated Date: November 5, 2021
- Dictionary Version: 14.0
-
February 4, 2016
- Last Version: Act No. 49 of 2009
- Translated Date: February 21, 2014
- Dictionary Version: 8.0
-
March 31, 2009
- Last Version: Act No. 119 of 2003
- Translated Date: April 1, 2009
- Dictionary Version: 1.0
個人情報の保護に関する法律
|
Act on the Protection of Personal Information
|
平成十五年五月三十日法律第五十七号
|
Act No. 57 of May 30, 2003
|
第一章 総則
|
Chapter I General Provisions
|
(目的)
|
(Purpose)
|
第一条この法律は、高度情報通信社会の進展に伴い個人情報の利用が著しく拡大していることにかんがみ、個人情報の適正な取扱いに関し、基本理念及び政府による基本方針の作成その他の個人情報の保護に関する施策の基本となる事項を定め、国及び地方公共団体の責務等を明らかにするとともに、個人情報を取り扱う事業者の遵守すべき義務等を定めることにより、個人情報の有用性に配慮しつつ、個人の権利利益を保護することを目的とする。
|
Article 1The purpose of this Act is to protect the rights and interests of individuals while taking consideration of the usefulness of personal information, in view of a remarkable increase in the utilization of personal information due to development of the advanced information and communications society, by clarifying the responsibilities of the State and local governments, etc. with laying down basic principle, establishment of a basic policy by the Government and the matters to serve as a basis for other measures on the protection of personal information, and by prescribing the duties to be observed by entities handling personal information, etc., regarding the proper handling of personal information.
|
(定義)
|
(Definitions)
|
第二条この法律において「個人情報」とは、生存する個人に関する情報であって、当該情報に含まれる氏名、生年月日その他の記述等により特定の個人を識別することができるもの(他の情報と容易に照合することができ、それにより特定の個人を識別することができることとなるものを含む。)をいう。
|
Article 2(1)The term "personal information" as used in this Act shall mean information about a living individual which can identify the specific individual by name, date of birth or other description contained in such information (including such information as will allow easy reference to other information and will thereby enable the identification of the specific individual).
|
一特定の個人情報を電子計算機を用いて検索することができるように体系的に構成したもの
|
(i)an assembly of information systematically arranged in such a way that specific personal information can be retrieved by a computer; or
|
二前号に掲げるもののほか、特定の個人情報を容易に検索することができるように体系的に構成したものとして政令で定めるもの
|
(ii)in addition to what is listed in the preceding item, an assembly of information designated by a Cabinet Order as being systematically arranged in such a way that specific personal information can be easily retrieved.
|
一国の機関
|
(i)The State organs
|
二地方公共団体
|
(ii)Local governments
|
三独立行政法人等(独立行政法人等の保有する個人情報の保護に関する法律(平成十五年法律第五十九号)第二条第一項に規定する独立行政法人等をいう。以下同じ。)
|
(iii)Incorporated administrative agencies, etc. (which means independent administrative agencies as provided in paragraph (1) of Article 2 of the Act on the Protection of Personal Information Held by Incorporated Administrative Agencies, etc. (Act No. 59 of 2003); the same shall apply hereinafter)
|
四地方独立行政法人(地方独立行政法人法(平成十五年法律第百十八号)第二条第一項に規定する地方独立行政法人をいう。以下同じ。)
|
(iv)Local independent administrative institutions (which means local incorporated administrative agencies as provided in paragraph (1) of Article 2 of the Local Incorporated Administrative Agencies Law (Act No. 118 of 2003); the same shall apply hereinafter)
|
五その取り扱う個人情報の量及び利用方法からみて個人の権利利益を害するおそれが少ないものとして政令で定める者
|
(v)Entities specified by a Cabinet Order as having a little likelihood to harm the rights and interests of individuals considering the volume and the manner of utilization of personal information they handle.
|
(5)The term "retained personal data" as used in this Act shall mean such personal data over which a business operator handling personal information has the authority to disclose, to correct, add or delete the content, to discontinue its utilization, to erase, and to discontinue its provision to a third party, excluding the data which is specified by a Cabinet Order as harming public or other interests if its presence or absence is known and the data which will be erased within a period of no longer than one year that is specified by a Cabinet Order.
|
|
(基本理念)
|
(Basic Principle)
|
第三条個人情報は、個人の人格尊重の理念の下に慎重に取り扱われるべきものであることにかんがみ、その適正な取扱いが図られなければならない。
|
Article 3In view of the fact that personal information should be handled cautiously under the philosophy of respecting the personalities of individuals, proper handling of personal information shall be promoted.
|
第二章 国及び地方公共団体の責務等
|
Chapter II Responsibilities of the State and Local governments, etc.
|
(国の責務)
|
(Responsibilities of the State)
|
第四条国は、この法律の趣旨にのっとり、個人情報の適正な取扱いを確保するために必要な施策を総合的に策定し、及びこれを実施する責務を有する。
|
Article 4The State shall be responsible for comprehensively formulating and implementing measures necessary for ensuring the proper handling of personal information in conformity with the purport of this Act.
|
(地方公共団体の責務)
|
(Responsibilities of Local governments)
|
第五条地方公共団体は、この法律の趣旨にのっとり、その地方公共団体の区域の特性に応じて、個人情報の適正な取扱いを確保するために必要な施策を策定し、及びこれを実施する責務を有する。
|
Article 5Local governments shall be responsible for formulating and implementing the measures necessary for ensuring the proper handling of personal information according to the characteristics of their area in conformity with the purport of this Act.
|
(法制上の措置等)
|
(Legislative Measures, etc.)
|
第六条政府は、個人情報の性質及び利用方法にかんがみ、個人の権利利益の一層の保護を図るため特にその適正な取扱いの厳格な実施を確保する必要がある個人情報について、保護のための格別の措置が講じられるよう必要な法制上の措置その他の措置を講ずるものとする。
|
Article 6The Government shall take necessary legislative and other measures to ensure that special measures will be taken for the protection of the personal information which especially needs to be ensured the strict implementation of its proprer handling for the further protection of the rights and interests of individuals in view of the nature and the method of utilization of the personal information.
|
第三章 個人情報の保護に関する施策等
|
Chapter III Measures for the Protection of Personal Information, etc.
|
第一節 個人情報の保護に関する基本方針
|
Section 1 Basic Policy on the Protection of Personal Information
|
一個人情報の保護に関する施策の推進に関する基本的な方向
|
(i)The basic direction concerning the promotion of measures for the protection of personal information
|
二国が講ずべき個人情報の保護のための措置に関する事項
|
(ii)Matters concerning the measures for the protection of personal information to be taken by the State
|
三地方公共団体が講ずべき個人情報の保護のための措置に関する基本的な事項
|
(iii)Basic matters concerning the measures for the protection of personal information to be taken by local governments
|
四独立行政法人等が講ずべき個人情報の保護のための措置に関する基本的な事項
|
(iv)Basic matters concerning the measures for the protection of personal information to be taken by incorporated administrative agencies, etc.
|
五地方独立行政法人が講ずべき個人情報の保護のための措置に関する基本的な事項
|
(v)Basic matters concerning the measures for the protection of personal information to be taken by local incorporated administrative agencies.
|
六個人情報取扱事業者及び第四十条第一項に規定する認定個人情報保護団体が講ずべき個人情報の保護のための措置に関する基本的な事項
|
(vi)Basic matters concerning the measures for the protection of personal information to be taken by entities handling personal information and authorized personal information protection organizations provided in paragraph (1) of Article 40
|
七個人情報の取扱いに関する苦情の円滑な処理に関する事項
|
(vii)Matters concerning the smooth processing of complaints about the handling of personal information
|
八その他個人情報の保護に関する施策の推進に関する重要事項
|
(viii)Other important matters concerning the promotion of measures for the protection of personal information
|
第二節 国の施策
|
Section 2 Measures of the State
|
(地方公共団体等への支援)
|
(Support to Local Governments and Others)
|
第八条国は、地方公共団体が策定し、又は実施する個人情報の保護に関する施策及び国民又は事業者等が個人情報の適正な取扱いの確保に関して行う活動を支援するため、情報の提供、事業者等が講ずべき措置の適切かつ有効な実施を図るための指針の策定その他の必要な措置を講ずるものとする。
|
Article 8In order to support the measures for the protection of personal information formulated or implemented by local governments and the activities performed by citizens, entities, and others to ensure the proper handling of personal information, the State shall provide information, formulate guidelines to ensure the appropriate and effective implementation of measures to be taken by entities and others, and take any other necessary measures.
|
(苦情処理のための措置)
|
(Measures for the Processing of Complaints)
|
第九条国は、個人情報の取扱いに関し事業者と本人との間に生じた苦情の適切かつ迅速な処理を図るために必要な措置を講ずるものとする。
|
Article 9The State shall take necessary measures to ensure the appropriate, prompt processing of complaints arising between a business operator and a person about the handling of personal information concerning the person.
|
(個人情報の適正な取扱いを確保するための措置)
|
(Measures to Ensure Proper Handling of Personal Information)
|
第十条国は、地方公共団体との適切な役割分担を通じ、次章に規定する個人情報取扱事業者による個人情報の適正な取扱いを確保するために必要な措置を講ずるものとする。
|
Article 10Through the appropriate division of roles between the State and local governments, the State shall take necessary measures to ensure the proper handling of personal information by entities handling personal information provided in the next chapter.
|
第三節 地方公共団体の施策
|
Section 3 Measures of Local Governments
|
(地方公共団体等が保有する個人情報の保護)
|
(Protection of Personal Information Held by Local Governments and Others)
|
第十一条地方公共団体は、その保有する個人情報の性質、当該個人情報を保有する目的等を勘案し、その保有する個人情報の適正な取扱いが確保されるよう必要な措置を講ずることに努めなければならない。
|
Article 11(1)A local government shall endeavor to take necessary measures in order to ensure the proper handling of the personal information it holds in consideration of the nature of the personal information, the purpose of holding the personal information concerned, and other factors.
|
(区域内の事業者等への支援)
|
(Support to Entities and Others in the Area)
|
第十二条地方公共団体は、個人情報の適正な取扱いを確保するため、その区域内の事業者及び住民に対する支援に必要な措置を講ずるよう努めなければならない。
|
Article 12In order to ensure the proper handling of personal information, a local government shall endeavor to take necessary measures for supporting entities and residents in its area.
|
(苦情の処理のあっせん等)
|
(Mediation for the Processing of Complaints, etc.)
|
第十三条地方公共団体は、個人情報の取扱いに関し事業者と本人との間に生じた苦情が適切かつ迅速に処理されるようにするため、苦情の処理のあっせんその他必要な措置を講ずるよう努めなければならない。
|
Article 13In order to ensure that any complaint arising between a business operator and a person about the handling of personal information will be handled appropriately and promptly, a local government shall endeavor to mediate the processing of complaints and take other necessary measures.
|
第四節 国及び地方公共団体の協力
|
Section 4 Cooperation between the State and Local governments
|
第四章 個人情報取扱事業者の義務等
|
Chapter IV Duties of Entities Handling Personal Information, etc.
|
第一節 個人情報取扱事業者の義務
|
Section 1 Duties of Entities Handling Personal Information
|
(利用目的の特定)
|
(Specification of the Purpose of Utilization)
|
第十五条個人情報取扱事業者は、個人情報を取り扱うに当たっては、その利用の目的(以下「利用目的」という。)をできる限り特定しなければならない。
|
Article 15(1)When handling personal information, a business operator handling personal information shall specify the purpose of utilization of personal information (hereinafter referred to as "Purpose of Utilization") as much as possible.
|
(利用目的による制限)
|
(Restriction by the Purpose of Utilization)
|
第十六条個人情報取扱事業者は、あらかじめ本人の同意を得ないで、前条の規定により特定された利用目的の達成に必要な範囲を超えて、個人情報を取り扱ってはならない。
|
Article 16(1)A business operator handling personal information shall not handle personal information about a person, without obtaining the prior consent of the person, beyond the scope necessary for the achievement of the Purpose of Utilization specified pursuant to the provision of the preceding article.
|
(2)When a business operator handling personal information has acquired personal information as a result of taking over the business of another business operator handling personal information in a merger or otherwise, the acquiring business operator shall not handle the personal information concerned, without obtaining the prior consent of the persons, beyond the scope necessary for the achievement of the Purpose of Utilization of the personal information concerned before the succession.
|
|
一法令に基づく場合
|
(i)Cases in which the handling of personal information is based on laws and regulations
|
二人の生命、身体又は財産の保護のために必要がある場合であって、本人の同意を得ることが困難であるとき。
|
(ii)Cases in which the handling of personal information is necessary for the protection of the life, body, or property of an individual and in which it is difficult to obtain the consent of the person
|
三公衆衛生の向上又は児童の健全な育成の推進のために特に必要がある場合であって、本人の同意を得ることが困難であるとき。
|
(iii)Cases in which the handling of personal information is specially necessary for improving public health or promoting the sound growth of children and in which it is difficult to obtain the consent of the person
|
四国の機関若しくは地方公共団体又はその委託を受けた者が法令の定める事務を遂行することに対して協力する必要がある場合であって、本人の同意を得ることにより当該事務の遂行に支障を及ぼすおそれがあるとき。
|
(iv)Cases in which the handling of personal information is necessary for cooperating with a state organ, a local government, or an individual or a business operator entrusted by either of the former two in executing the affairs prescribed by laws and regulations and in which obtaining the consent of the person is likely to impede the execution of the affairs concerned
|
(適正な取得)
|
(Proper Acquisition)
|
第十七条個人情報取扱事業者は、偽りその他不正の手段により個人情報を取得してはならない。
|
Article 17A business operator handling personal information shall not acquire personal information by a deception or other wrongful means.
|
(取得に際しての利用目的の通知等)
|
(Notice of the Purpose of Utilization at the Time of Acquisition, etc.)
|
第十八条個人情報取扱事業者は、個人情報を取得した場合は、あらかじめその利用目的を公表している場合を除き、速やかに、その利用目的を、本人に通知し、又は公表しなければならない。
|
Article 18(1)When having acquired personal information, a business operator handling personal information shall, except in cases in which the Purpose of Utilization has already been publicly announced, promptly notify the person of the Purpose of Utilization or publicly announce the Purpose of Utilization.
|
(2)Notwithstanding the provision of the preceding paragraph, when a business operator handling personal information acquires such personal information on a person as is written in a contract or other document (including a record made by an electronic method, a magnetic method, or any other method not recognizable to human senses. hereinafter the same shall apply in this paragraph.) as a result of concluding a contract with the person or acquires such personal information on a person as is written in a document directly from the person, the business operator shall expressly show the Purpose of Utilization in advance.However, this provision shall not apply in cases in which the acquisition of personal information is urgently required for the protection of the life, body, or property of an individual.
|
|
一利用目的を本人に通知し、又は公表することにより本人又は第三者の生命、身体、財産その他の権利利益を害するおそれがある場合
|
(i)Cases in which notifying the person of the Purpose of Utilization or publicly announcing it are likely to harm the life, body, property, or other rights or interests of the person or a third party
|
二利用目的を本人に通知し、又は公表することにより当該個人情報取扱事業者の権利又は正当な利益を害するおそれがある場合
|
(ii)Cases in which notifying the person of the Purpose of Utilization or publicly announcing it are likely to harm the rights or legitimate interests of the business operator handling personal information
|
三国の機関又は地方公共団体が法令の定める事務を遂行することに対して協力する必要がある場合であって、利用目的を本人に通知し、又は公表することにより当該事務の遂行に支障を及ぼすおそれがあるとき。
|
(iii)Cases in which it is necessary to cooperate with a state organ or a local government in executing the affairs prescribed by laws and regulations and in which notifying the person of the Purpose of Utilization or publicly announcing it are likely to impede the execution of the affairs
|
四取得の状況からみて利用目的が明らかであると認められる場合
|
(iv)Cases in which it is considered that the Purpose of Utilization is clear in consideration of the circumstances of the acquisition
|
(データ内容の正確性の確保)
|
(Maintenance of the Accuracy of Data)
|
第十九条個人情報取扱事業者は、利用目的の達成に必要な範囲内において、個人データを正確かつ最新の内容に保つよう努めなければならない。
|
Article 19A business operator handling personal information shall endeavor to maintain personal data accurate and up to date within the scope necessary for the achievement of the Purpose of Utilization.
|
(安全管理措置)
|
(Security Control Measures)
|
第二十条個人情報取扱事業者は、その取り扱う個人データの漏えい、滅失又はき損の防止その他の個人データの安全管理のために必要かつ適切な措置を講じなければならない。
|
Article 20A business operator handling personal information shall take necessary and proper measures for the prevention of leakage, loss, or damage, and for other security control of the personal data.
|
(従業者の監督)
|
(Supervision of Employees)
|
第二十一条個人情報取扱事業者は、その従業者に個人データを取り扱わせるに当たっては、当該個人データの安全管理が図られるよう、当該従業者に対する必要かつ適切な監督を行わなければならない。
|
Article 21When a business operator handling personal information has an employee handle personal data, it shall exercise necessary and appropriate supervision over the employee to ensure the security control of the personal data.
|
(委託先の監督)
|
(Supervision of Trustees)
|
第二十二条個人情報取扱事業者は、個人データの取扱いの全部又は一部を委託する場合は、その取扱いを委託された個人データの安全管理が図られるよう、委託を受けた者に対する必要かつ適切な監督を行わなければならない。
|
Article 22When a business operator handling personal information entrusts an individual or a business operator with the handling of personal data in whole or in part, it shall exercise necessary and appropriate supervision over the trustee to ensure the security control of the entrusted personal data.
|
(第三者提供の制限)
|
(Restriction of Provision to A Third Party)
|
第二十三条個人情報取扱事業者は、次に掲げる場合を除くほか、あらかじめ本人の同意を得ないで、個人データを第三者に提供してはならない。
|
Article 23(1)A business operator handling personal information shall not, except in the following cases, provide personal data to a third party without obtaining the prior consent of the person:
|
一法令に基づく場合
|
(i)Cases in which the provision of personal data is based on laws and regulations
|
二人の生命、身体又は財産の保護のために必要がある場合であって、本人の同意を得ることが困難であるとき。
|
(ii)Cases in which the provision of personal data is necessary for the protection of the life, body, or property of an individual and in which it is difficult to obtain the consent of the person
|
三公衆衛生の向上又は児童の健全な育成の推進のために特に必要がある場合であって、本人の同意を得ることが困難であるとき。
|
(iii)Cases in which the provision of personal data is specially necessary for improving public health or promoting the sound growth of children and in which it is difficult to obtain the consent of the person
|
四国の機関若しくは地方公共団体又はその委託を受けた者が法令の定める事務を遂行することに対して協力する必要がある場合であって、本人の同意を得ることにより当該事務の遂行に支障を及ぼすおそれがあるとき。
|
(iv)Cases in which the provision of personal data is necessary for cooperating with a state organ, a local government, or an individual or a business operator entrusted by one in executing the affairs prescribed by laws and regulations and in which obtaining the consent of the person are likely to impede the execution of the affairs
|
(2)With respect to personal data intended to be provided to a third party, where a business operator handling personal information agrees to discontinue, at the request of a person, the provision of such personal data as will lead to the identification of the person, and where the business operator, in advance, notifies the person of the matters listed in the following items or put those matters in a readily accessible condition for the person, the business operator may, notwithstanding the provision of the preceding paragraph, provide such personal data to a third party:
|
|
一第三者への提供を利用目的とすること。
|
(i)The fact that the provision to a third party is the Purpose of Utilization
|
二第三者に提供される個人データの項目
|
(ii)The items of the personal data to be provided to a third party
|
三第三者への提供の手段又は方法
|
(iii)The means or method of provision to a third party
|
四本人の求めに応じて当該本人が識別される個人データの第三者への提供を停止すること。
|
(iv)The fact that the provision of such personal data as will lead to the identification of the person to a third party will be discontinued at the request of the person
|
一個人情報取扱事業者が利用目的の達成に必要な範囲内において個人データの取扱いの全部又は一部を委託する場合
|
(i)Cases in which a business operator handling personal information entrust the handling of personal data in whole or in part within the scope necessary for the achievement of the Purpose of Utilization
|
二合併その他の事由による事業の承継に伴って個人データが提供される場合
|
(ii)Cases in which personal data is provided as a result of the succession of business in a merger or otherwise
|
三個人データを特定の者との間で共同して利用する場合であって、その旨並びに共同して利用される個人データの項目、共同して利用する者の範囲、利用する者の利用目的及び当該個人データの管理について責任を有する者の氏名又は名称について、あらかじめ、本人に通知し、又は本人が容易に知り得る状態に置いているとき。
|
(iii)Cases in which personal data is used jointly between specific individuals or entities and in which this fact, the items of the personal data used jointly, the scope of the joint users, the purpose for which the personal data is used by them, and the name of the individual or business operator responsible for the management of the personal data is, in advance, notified to the person or put in a readily accessible condition for the person
|
(5)When a business operator handling personal information changes the purpose for which the personal data is used or the name of the individual or business operator responsible for the management of the personal data as are provided in item (iii) of the preceding paragraph, the business operator shall, in advance, notify the person of the content of the change or put it in a readily accessible condition for the person.
|
|
(保有個人データに関する事項の公表等)
|
(Public Announcement of Matters Concerning Retained Personal Data, etc.)
|
第二十四条個人情報取扱事業者は、保有個人データに関し、次に掲げる事項について、本人の知り得る状態(本人の求めに応じて遅滞なく回答する場合を含む。)に置かなければならない。
|
Article 24(1)With respect to the retained personal data, a business operator handling personal information shall put the matters listed in the following items in an accessible condition for the person (such condition includes cases in which a response is made without delay at the request of the person):
|
一当該個人情報取扱事業者の氏名又は名称
|
(i)The name of the business operator handling personal information
|
二すべての保有個人データの利用目的(第十八条第四項第一号から第三号までに該当する場合を除く。)
|
(ii)The Purpose of Utilization of all retained personal data (except in cases falling under any of items (i) to (iii) of paragraph (4) of Article 18)
|
三次項、次条第一項、第二十六条第一項又は第二十七条第一項若しくは第二項の規定による求めに応じる手続(第三十条第二項の規定により手数料の額を定めたときは、その手数料の額を含む。)
|
(iii)Procedures to meet requests made pursuant to the provisions of the next paragraph, paragraph (1) of the next article, paragraph (1) of Article 26, or paragraph (1) or paragraph (2) of Article 27 (including the amount of charges if set pursuant to the provision of paragraph (2) of Article 30)
|
四前三号に掲げるもののほか、保有個人データの適正な取扱いの確保に関し必要な事項として政令で定めるもの
|
(iv)In addition to what is listed in the preceding three items, such matters, specified by a Cabinet Order, as being necessary for ensuring the proper handling of retained personal data
|
(2)When a business operator handling personal information is requested by a person to notify him or her of the Purpose of Utilization of such retained personal data as may lead to the identification of the person concerned, the business operator shall meet the request without delay.However, this provision shall not apply to cases falling under either of the following items:
|
|
一前項の規定により当該本人が識別される保有個人データの利用目的が明らかな場合
|
(i)Cases in which the Purpose of Utilization of such retained personal data as may lead to the identification of the person concerned is clear pursuant to the provision of the preceding paragraph
|
二第十八条第四項第一号から第三号までに該当する場合
|
(ii)Cases falling under any of items (i) to (iii) of paragraph (4) of Article 18
|
(開示)
|
(Disclosure)
|
第二十五条個人情報取扱事業者は、本人から、当該本人が識別される保有個人データの開示(当該本人が識別される保有個人データが存在しないときにその旨を知らせることを含む。以下同じ。)を求められたときは、本人に対し、政令で定める方法により、遅滞なく、当該保有個人データを開示しなければならない。ただし、開示することにより次の各号のいずれかに該当する場合は、その全部又は一部を開示しないことができる。
|
Article 25(1)When a business operator handling personal information is requested by a person to disclose such retained personal data as may lead to the identification of the person (such disclosure includes notifying the person that the business operator has no such retained personal data as may lead to the identification of the person concerned. The same shall apply hereinafter.), the business operator shall disclose the retained personal data without delay by a method prescribed by a Cabinet Order.However, in falling under any of the following items, the business operator may keep all or part of the retained personal data undisclosed:
|
一本人又は第三者の生命、身体、財産その他の権利利益を害するおそれがある場合
|
(i)Cases in which disclosure is likely to harm the life, body, property, or other rights or interests of the person or a third party
|
二当該個人情報取扱事業者の業務の適正な実施に著しい支障を及ぼすおそれがある場合
|
(ii)Cases in which disclosure is likely to seriously impede the proper execution of the business of the business operator handling personal information
|
三他の法令に違反することとなる場合
|
(iii)Cases in which disclosure violates other laws and regulations
|
(3)If the provisions of any other laws and regulations require that all or part of such retained personal data as may lead to the identification of a person be disclosed to the person by a method equivalent to the method prescribed in the main part of paragraph (1), the provision of the paragraph shall not apply to such all or part of the retained personal data concerned.
|
|
(訂正等)
|
(Correction, etc.)
|
第二十六条個人情報取扱事業者は、本人から、当該本人が識別される保有個人データの内容が事実でないという理由によって当該保有個人データの内容の訂正、追加又は削除(以下この条において「訂正等」という。)を求められた場合には、その内容の訂正等に関して他の法令の規定により特別の手続が定められている場合を除き、利用目的の達成に必要な範囲内において、遅滞なく必要な調査を行い、その結果に基づき、当該保有個人データの内容の訂正等を行わなければならない。
|
Article 26(1)When a business operator handling personal information is requested by a person to correct, add, or delete such retained personal data as may lead to the identification of the person on the ground that the retained personal data is contrary to the fact, the business operator shall, except in cases in which special procedures are prescribed by any other laws and regulations for such correction, addition, or deletion, make a necessary investigation without delay within the scope necessary for the achievement of the Purpose of Utilization and, on the basis of the results, correct, add, or delete the retained personal data.
|
(2)When a business operator handling personal information has corrected, added, or deleted all or part of the retained personal data as requested or has decided not to make such correction, addition, or deletion, the business operator shall notify the person of that effect (including the content of the correction, addition, or deletion if performed) without delay.
|
|
(利用停止等)
|
(Discontinuance of the Utilization, etc.)
|
第二十七条個人情報取扱事業者は、本人から、当該本人が識別される保有個人データが第十六条の規定に違反して取り扱われているという理由又は第十七条の規定に違反して取得されたものであるという理由によって、当該保有個人データの利用の停止又は消去(以下この条において「利用停止等」という。)を求められた場合であって、その求めに理由があることが判明したときは、違反を是正するために必要な限度で、遅滞なく、当該保有個人データの利用停止等を行わなければならない。ただし、当該保有個人データの利用停止等に多額の費用を要する場合その他の利用停止等を行うことが困難な場合であって、本人の権利利益を保護するため必要なこれに代わるべき措置をとるときは、この限りでない。
|
Article 27(1)Where a business operator handling personal information is requested by a person to discontinue using or to erase such retained personal data as may lead to the identification of the person on the ground that the retained personal data is being handled in violation of Article 16 or has been acquired in violation of Article 17, and where it is found that the request has a reason, the business operator shall discontinue using or erase the retained personal data concerned without delay to the extent necessary for redressing the violation.However, this provision shall not apply to cases in which it costs large amount or otherwise difficult to discontinue using or to erase the retained personal data and in which the business operator takes necessary alternative measures to protect the rights and interests of the person.
|
(2)Where a business operator handling personal information is requested by a person to discontinue providing to a third party such retained personal data as may lead to the identification of the person on the ground that the retained personal data is being provided to a third party in violation of paragraph (1) of Article 23, and where it is found that the request has a reason, the business operator shall discontinue providing the retained personal data to a third party without delay.However, this provision shall not apply to cases in which it costs large amount or otherwise difficult to discontinue providing the retained personal data concerned to a third party and in which the business operator takes necessary alternative measures to protect the rights and interests of the person.
|
|
(3)When a business operator handling personal information has discontinued using or has erased all or part of the retained personal data as requested under paragraph (1) or has decided not to discontinue using or not to erase the retained personal data or when a business operator handling personal information has discontinued providing all or part of the retained personal data to a third party as requested under the provision of the preceding paragraph or has decided not to discontinue providing the retained personal data to a third party, the business operator shall notify the person of that effect without delay.
|
|
(理由の説明)
|
(Explanation of Reasons)
|
第二十八条個人情報取扱事業者は、第二十四条第三項、第二十五条第二項、第二十六条第二項又は前条第三項の規定により、本人から求められた措置の全部又は一部について、その措置をとらない旨を通知する場合又はその措置と異なる措置をとる旨を通知する場合は、本人に対し、その理由を説明するよう努めなければならない。
|
Article 28When a business operator handling personal information notifies a person requesting the business operator to take certain measures pursuant to the provisions of paragraph (3) of Article 24, paragraph (2) of Article 25, paragraph (2) of Article 26, or paragraph (3) of the preceding article that the business operator will not take all or part of the measures or that the business operator will take different measures, the business operator shall endeavor to explain the reasons.
|
(開示等の求めに応じる手続)
|
(Procedures to Meet Requests for Disclosure and Others)
|
第二十九条個人情報取扱事業者は、第二十四条第二項、第二十五条第一項、第二十六条第一項又は第二十七条第一項若しくは第二項の規定による求め(以下この条において「開示等の求め」という。)に関し、政令で定めるところにより、その求めを受け付ける方法を定めることができる。この場合において、本人は、当該方法に従って、開示等の求めを行わなければならない。
|
Article 29(1)A business operator handling personal information may, as prescribed by a Cabinet Order, determine procedures for receiving requests that may be made pursuant to the provisions of paragraph (2) of Article 24, paragraph (1) of Article 25, paragraph (1) of Article 26 or paragraph (1) or paragraph (2) of Article 27 (hereinafter referred to as "a request for disclosure and others" in this article). In such a case, any person making a request for disclosure and others shall comply with the procedures.
|
(2)A business operator handling personal information may request a person making a request for disclosure and others to show sufficient items to identify the retained personal data in question.In this case, the business operator shall provide the information contributing to the identification of the retained personal data in question or take any other appropriate measures in consideration of the person's convenience so that the person can easily and accurately make a request for disclosure and others.
|
|
(4)When a business operator determine the procedures for meeting requests for disclosure and others under the provisions of the preceding three paragraphs, the business operator shall take into consideration that the procedures will not impose excessively heavy burden on the persons making requests for disclosure and others.
|
|
(手数料)
|
(Charges)
|
第三十条個人情報取扱事業者は、第二十四条第二項の規定による利用目的の通知又は第二十五条第一項の規定による開示を求められたときは、当該措置の実施に関し、手数料を徴収することができる。
|
Article 30(1)When a business operator handling personal information is requested to notify the Purpose of Utilization under the provision of paragraph (2) of Article 24 or to make a disclosure under the provision of paragraph (1) of Article 25, the business operator may collect charges for taking the measure.
|
(個人情報取扱事業者による苦情の処理)
|
(Processing of Complaints by Entities Handling Personal Information)
|
第三十一条個人情報取扱事業者は、個人情報の取扱いに関する苦情の適切かつ迅速な処理に努めなければならない。
|
Article 31(1)A business operator handling personal information shall endeavor to appropriately and promptly process complaints about the handling of personal information.
|
(報告の徴収)
|
(Collection of Reports)
|
第三十二条主務大臣は、この節の規定の施行に必要な限度において、個人情報取扱事業者に対し、個人情報の取扱いに関し報告をさせることができる。
|
Article 32The competent minister may have a business operator handling personal information make a report on the handle of personal information to the extent necessary for implementation of the provisions of this section.
|
(助言)
|
(Advice)
|
第三十三条主務大臣は、この節の規定の施行に必要な限度において、個人情報取扱事業者に対し、個人情報の取扱いに関し必要な助言をすることができる。
|
Article 33The competent minister may advise a business operator handling personal information on the handle of personal information to the extent necessary for implementation of the provisions of this section.
|
(勧告及び命令)
|
(Recommendations and Orders)
|
第三十四条主務大臣は、個人情報取扱事業者が第十六条から第十八条まで、第二十条から第二十七条まで又は第三十条第二項の規定に違反した場合において個人の権利利益を保護するため必要があると認めるときは、当該個人情報取扱事業者に対し、当該違反行為の中止その他違反を是正するために必要な措置をとるべき旨を勧告することができる。
|
Article 34(1)When a business operator handling personal information has violated any of the provisions of Article 16 to Article 18, Article 20 to Article 27, or paragraph (2) of Article 30, the competent Minister may recommend that the business operator handling personal information cease the violation and take other necessary measures to correct the violation when a competent Minister finds it necessary for protecting the rights and interests of individuals.
|
(2)Where a business operator handling personal information having received a recommendation under the provision of the preceding paragraph does not take the recommended measures without justifiable ground, and when the competent minister finds that the serious infringement on the rights and interests of individuals is imminent, the competent minister may order the business operator handling personal information to take the recommended measures.
|
|
(3)Notwithstanding the provisions of the preceding two paragraphs, where a business operator handling personal information has violated any of the provisions of Article 16, Article 17, Articles 20 to 22, or paragraph (1) of Article 23, and when the competent minister finds it necessary to take measures urgently as there is the fact of serious infringement of the rights and interests of individuals, the competent minister may order the business operator handling personal information to cease the violation and take other necessary measures to rectify the violation.
|
|
(主務大臣の権限の行使の制限)
|
(Restrictions of the Exercise of Authority by the Competent Minister)
|
第三十五条主務大臣は、前三条の規定により個人情報取扱事業者に対し報告の徴収、助言、勧告又は命令を行うに当たっては、表現の自由、学問の自由、信教の自由及び政治活動の自由を妨げてはならない。
|
Article 35(1)In collecting a report from, or giving an advice, a recommendation or an order to a business operator handling personal information pursuant to the provisions of the preceding three articles, the competent Minister shall not disturb freedom of expression, academic freedom, freedom of religion, or freedom of political activity.
|
(2)In light of the purport of the provision of the preceding paragraph, with respect to the act of a business operator handling personal information to provide an individual or business operator mentioned in each item of paragraph (1) of Article 50 (limited to cases in which the personal information is handled for a purpose as respectively provided in each of such items) with personal information, the competent Minister shall not exercise its authority.
|
|
(主務大臣)
|
(Competent Ministers)
|
第三十六条この節の規定における主務大臣は、次のとおりとする。ただし、内閣総理大臣は、この節の規定の円滑な実施のため必要があると認める場合は、個人情報取扱事業者が行う個人情報の取扱いのうち特定のものについて、特定の大臣又は国家公安委員会(以下「大臣等」という。)を主務大臣に指定することができる。
|
Article 36(1)The competent ministers under the provisions of this section shall be as specified below.However, for specific handling of personal information by a business operator handling personal information, the Prime Minister may designate a specific minister or the National Public Safety Commission (hereinafter referred to as "minister, etc ") as a competent minister when he or she considers it necessary for smooth implementation of the provisions of this section.
|
一個人情報取扱事業者が行う個人情報の取扱いのうち雇用管理に関するものについては、厚生労働大臣(船員の雇用管理に関するものについては、国土交通大臣)及び当該個人情報取扱事業者が行う事業を所管する大臣等
|
(i)For such handling of personal information by a business operator handling personal information as is related to employment management, Minister of Health, Labor and Welfare (for such handling of personal information as is related to the employment management of mariners, the Minister of Land, Infrastructure, Transport and Tourism) and the minister, etc. concerned with jurisdiction over the business of the business operator handling personal information
|
二個人情報取扱事業者が行う個人情報の取扱いのうち前号に掲げるもの以外のものについては、当該個人情報取扱事業者が行う事業を所管する大臣等
|
(ii)For such handling of personal information by a business operator handling personal information as is not falling under the preceding item, the minister, etc. concerned with jurisdiction over the business of the business operator handling personal information
|
第二節 民間団体による個人情報の保護の推進
|
Section 2 Promotion of the Protection of Personal Information by Private Organizations
|
(認定)
|
(Authorization)
|
第三十七条個人情報取扱事業者の個人情報の適正な取扱いの確保を目的として次に掲げる業務を行おうとする法人(法人でない団体で代表者又は管理人の定めのあるものを含む。次条第三号ロにおいて同じ。)は、主務大臣の認定を受けることができる。
|
Article 37(1)A juridical person (which includes an association or foundation that is not a juridical person with a specified representative or manager; the same applies in (b) of item (iii) of the next article) that intends to conduct any of the businesses enumerated in the following items for the purpose of ensuring the proper handling of personal information by a business operator handling personal information, may be authorized as such by the competent minister:
|
一業務の対象となる個人情報取扱事業者(以下「対象事業者」という。)の個人情報の取扱いに関する第四十二条の規定による苦情の処理
|
(i)The processing under the provision of Article 42 of complaints about the handling of personal information of such business operations handling personal information as are the targets of the business (hereinafter referred to as "target entities")
|
二個人情報の適正な取扱いの確保に寄与する事項についての対象事業者に対する情報の提供
|
(ii)The provision of information for target entities about the matters contributing to ensuring the proper handling of personal information
|
三前二号に掲げるもののほか、対象事業者の個人情報の適正な取扱いの確保に関し必要な業務
|
(iii)In addition to what is listed in the preceding two items, any business necessary for ensuring the proper handling of personal information by target entities
|
(欠格条項)
|
(Clause of Disqualification)
|
第三十八条次の各号のいずれかに該当する者は、前条第一項の認定を受けることができない。
|
Article 38A business operator falling under any of the following items may not receive authorization set forth in paragraph (1) of the preceding article:
|
一この法律の規定により刑に処せられ、その執行を終わり、又は執行を受けることがなくなった日から二年を経過しない者
|
(i)A business operator having received a sentence pursuant to the provisions of this Act with not exceeding two years after the business operator served out the sentence or was exempted from the execution of the sentence
|
二第四十八条第一項の規定により認定を取り消され、その取消しの日から二年を経過しない者
|
(ii)A business operator whose authorization was rescinded pursuant to the provision of paragraph (1) of Article 48 with not exceeding two years after the rescission
|
三その業務を行う役員(法人でない団体で代表者又は管理人の定めのあるものの代表者又は管理人を含む。以下この条において同じ。)のうちに、次のいずれかに該当する者があるもの
|
(iii)A business operator with an officer (including the representative or manager of an association or foundation which is not a juridical person with a specified representative or manager. Hereinafter the same shall apply in this article.) conducting the business who falls under any of the following categories:
|
イ禁錮以上の刑に処せられ、又はこの法律の規定により刑に処せられ、その執行を終わり、又は執行を受けることがなくなった日から二年を経過しない者
|
(a)An individual sentenced to imprisonment or a heavier punishment, or having received a sentence pursuant to the provision of this Act, with not exceeding two years after the individual served out the sentence or was exempted from the execution of the sentence
|
ロ第四十八条第一項の規定により認定を取り消された法人において、その取消しの日前三十日以内にその役員であった者でその取消しの日から二年を経過しない者
|
(b)In the case of a juridical person whose authorization was rescinded pursuant to the provision of paragraph (1) of Article 48, an individual who was an officer of the juridical person within at least 30 days before the rescission, with not exceeding two years after the rescission
|
(認定の基準)
|
(Authorization Standard)
|
第三十九条主務大臣は、第三十七条第一項の認定の申請が次の各号のいずれにも適合していると認めるときでなければ、その認定をしてはならない。
|
Article 39The competent minister shall not grant authorization unless he or she considers that an application for authorization filed under paragraph (1) of Article 37 conforms every requirement enumerated in the following items:
|
一第三十七条第一項各号に掲げる業務を適正かつ確実に行うに必要な業務の実施の方法が定められているものであること。
|
(i)The applicant shall have established a business execution method necessary for properly and soundly conducting the business mentioned in any of the items of paragraph (1) of Article 37.
|
二第三十七条第一項各号に掲げる業務を適正かつ確実に行うに足りる知識及び能力並びに経理的基礎を有するものであること。
|
(ii)The applicant shall have sufficient knowledge, abilities, and financial base for properly and soundly conducting the business mentioned in any of the items of paragraph (1) of Article 37.
|
三第三十七条第一項各号に掲げる業務以外の業務を行っている場合には、その業務を行うことによって同項各号に掲げる業務が不公正になるおそれがないものであること。
|
(iii)When the applicant conducts any business other than the businesses mentioned in the items of paragraph (1) of Article 37, by conducting the business, the applicant shall not be likely to impede the fair execution of the businesses mentioned in the same items of the same paragraph.
|
(廃止の届出)
|
(Notification of Abolition)
|
第四十条第三十七条第一項の認定を受けた者(以下「認定個人情報保護団体」という。)は、その認定に係る業務(以下「認定業務」という。)を廃止しようとするときは、政令で定めるところにより、あらかじめ、その旨を主務大臣に届け出なければならない。
|
Article 40(1)When a business operator authorized under paragraph (1) of Article 37 (hereinafter referred to as " authorized personal information protection organization") intends to abolish the business pertaining to the authorization (hereinafter referred to as " authorized business"), it shall notify the competent minister of that effect in advance as prescribed by a Cabinet Order.
|
(対象事業者)
|
(Target Entities)
|
第四十一条認定個人情報保護団体は、当該認定個人情報保護団体の構成員である個人情報取扱事業者又は認定業務の対象となることについて同意を得た個人情報取扱事業者を対象事業者としなければならない。
|
Article 41(1)Each target business operator of an authorized personal information protection organization shall be a business operator handling personal information that is a member of the authorized personal information protection organization or a business operator handling personal information that has agreed to become a target of the authorized businesses.
|
(苦情の処理)
|
(Handling of Complaints)
|
第四十二条認定個人情報保護団体は、本人等から対象事業者の個人情報の取扱いに関する苦情について解決の申出があったときは、その相談に応じ、申出人に必要な助言をし、その苦情に係る事情を調査するとともに、当該対象事業者に対し、その苦情の内容を通知してその迅速な解決を求めなければならない。
|
Article 42(1)When an authorized personal information protection organization is requested by a person, etc. to solve a complaint about the handling of personal information by a target business operator, corresponding to the request, the organization shall give the person, etc. necessary advice, investigate the circumstances pertaining to the complaint and request the target business operator to solve the complaint promptly by notifying the target business operator of the content of the complaint.
|
(個人情報保護指針)
|
(Personal Information Protection Guidelines)
|
第四十三条認定個人情報保護団体は、対象事業者の個人情報の適正な取扱いの確保のために、利用目的の特定、安全管理のための措置、本人の求めに応じる手続その他の事項に関し、この法律の規定の趣旨に沿った指針(以下「個人情報保護指針」という。)を作成し、公表するよう努めなければならない。
|
Article 43(1)In order to ensure the proper handling of personal information by its target entities, each authorized personal information protection organization shall endeavor to draw up and publicly announce guidelines (hereinafter referred to as "personal information protection guidelines") in conformity with the purport of the provisions of this Act, concerning the specification of the Purpose of Utilization, security control measures, procedures for complying with individuals' requests, and other matters.
|
(2)When an authorized personal information protection organization has publicly announced its personal information protection guidelines pursuant to the provision of the preceding paragraph, the organization shall endeavor to provide guidance, give recommendations, and take other measures necessary in order to have its target entities observe the personal information protection guidelines.
|
|
(目的外利用の禁止)
|
(Prohibition of Utilization Other Than for Intended Purposes)
|
第四十四条認定個人情報保護団体は、認定業務の実施に際して知り得た情報を認定業務の用に供する目的以外に利用してはならない。
|
Article 44An authorized personal information protection organization shall not utilize any information acquired in the course of conducting its authorized businesses for purposes other than that for the authorized business.
|
(名称の使用制限)
|
(Restriction on Use of the Name)
|
第四十五条認定個人情報保護団体でない者は、認定個人情報保護団体という名称又はこれに紛らわしい名称を用いてはならない。
|
Article 45A business operator that is not an authorized personal information protection organization shall not use the name " authorized personal information protection organization" or any other name that might be mistaken for it.
|
(報告の徴収)
|
(Collection of Reports)
|
第四十六条主務大臣は、この節の規定の施行に必要な限度において、認定個人情報保護団体に対し、認定業務に関し報告をさせることができる。
|
Article 46The competent minister may have an authorized personal information protection organization make a report on the authorized businesses to the extent necessary for implementation of the provisions of this section.
|
(命令)
|
(Orders)
|
第四十七条主務大臣は、この節の規定の施行に必要な限度において、認定個人情報保護団体に対し、認定業務の実施の方法の改善、個人情報保護指針の変更その他の必要な措置をとるべき旨を命ずることができる。
|
Article 47The competent minister may order an authorized personal information protection organization to improve the method of conducting its authorized businesses, to amend its personal information protection guidelines, or to take any other necessary measures to the extent necessary for implementation of the provisions of this section.
|
(認定の取消し)
|
(Rescission of Authorization)
|
第四十八条主務大臣は、認定個人情報保護団体が次の各号のいずれかに該当するときは、その認定を取り消すことができる。
|
Article 48(1)If an authorized personal information protection organization falls under any of the following items, the competent minister may rescind its authorization:
|
一第三十八条第一号又は第三号に該当するに至ったとき。
|
(i)Cases of falling under item (i) or (iii) of Article 38
|
二第三十九条各号のいずれかに適合しなくなったとき。
|
(ii)Cases of falling not to conform with any of the items of Article 39
|
三第四十四条の規定に違反したとき。
|
(iii)Cases of violating the provisions of Article 44
|
四前条の命令に従わないとき。
|
(iv)Cases of not complying with orders in the preceding article
|
五不正の手段により第三十七条第一項の認定を受けたとき。
|
(v)Cases of having received the authorization in paragraph (1) of Article 37 by a dishonest means
|
(主務大臣)
|
(Competent Ministers)
|
第四十九条この節の規定における主務大臣は、次のとおりとする。ただし、内閣総理大臣は、この節の規定の円滑な実施のため必要があると認める場合は、第三十七条第一項の認定を受けようとする者のうち特定のものについて、特定の大臣等を主務大臣に指定することができる。
|
Article 49(1)The competent ministers under the provisions of this section shall be as specified below.However, when the Prime Minister considers it necessary for smooth implementation of the provisions of this section, he or she may designate a specific minister, etc. as a competent minister for specific entities that intend to apply for authorization under paragraph (1) of Article 37.
|
一設立について許可又は認可を受けている認定個人情報保護団体(第三十七条第一項の認定を受けようとする者を含む。次号において同じ。)については、その設立の許可又は認可をした大臣等
|
(i)For authorized personal information protection organization (including entities that intend to be authorized under paragraph (1) of Article 37. This applies in the next item.) established under permission or approval, the competent minister shall be the minister, etc. that has granted the permission or approval.
|
二前号に掲げるもの以外の認定個人情報保護団体については、当該認定個人情報保護団体の対象事業者が行う事業を所管する大臣等
|
(ii)For authorized personal information protection organization other than those mentioned in the preceding item, the competent minister shall be the minister, etc. having jurisdiction over the business conducted by the target entities of the authorized personal information protection organizations concerned.
|
第五章 雑則
|
Chapter V Miscellaneous Provisions
|
(適用除外)
|
(Exclusion from Application)
|
第五十条個人情報取扱事業者のうち次の各号に掲げる者については、その個人情報を取り扱う目的の全部又は一部がそれぞれ当該各号に規定する目的であるときは、前章の規定は、適用しない。
|
Article 50(1)With respect to entities handling personal information, being the entities enumerated in each of the items below, if all or part of the purpose of handling personal information is a purpose respectively prescribed in each of the items, the provisions of the preceding chapter shall not be applied.
|
一放送機関、新聞社、通信社その他の報道機関(報道を業として行う個人を含む。) 報道の用に供する目的
|
(i)Broadcasting institutions, newspaper publishers, communication agencies and the other press (including individuals engaged in news report as their business); the purpose for news report
|
二著述を業として行う者 著述の用に供する目的
|
(ii)A business operator who conduct literary work as their business; the purpose for literary work
|
三大学その他の学術研究を目的とする機関若しくは団体又はそれらに属する者学術研究の用に供する目的
|
(iii)Colleges, universities, other institutions or organizations engaged in academic studies, or entities belonging to them:The purpose for academic studies
|
四宗教団体宗教活動(これに付随する活動を含む。)の用に供する目的
|
(iv)Religious organizations:The purpose for religious activities (including activities incidental thereto)
|
五政治団体政治活動(これに付随する活動を含む。)の用に供する目的
|
(v)Political organizations:The purpose for political activities (including activities incidental thereto)
|
(3)Entities handling personal information enumerated in the items of paragraph (1) shall endeavor to take by themselves the necessary and appropriate measures for controlling the security of personal data, and the necessary measures for the processing of complaints about the handling of personal information and the other necessary measures for ensuring the proper handling of personal information, and shall also endeavor to publicly announce the content of those measures concerned.
|
|
(地方公共団体が処理する事務)
|
(Affairs Handled by Local Governments)
|
第五十一条この法律に規定する主務大臣の権限に属する事務は、政令で定めるところにより、地方公共団体の長その他の執行機関が行うこととすることができる。
|
Article 51The affairs belonging to the authority of a competent minister provided by this Act may be handled by the heads of local governments or by other executive agencies as prescribed by a Cabinet Order.
|
(権限又は事務の委任)
|
(Delegation of Authority or Affairs)
|
第五十二条この法律により主務大臣の権限又は事務に属する事項は、政令で定めるところにより、その所属の職員に委任することができる。
|
Article 52The matters belonging to the authority or the affairs of a competent minister may be delegated to his or her staffs as prescribed by a Cabinet Order.
|
(施行の状況の公表)
|
(Public Announcement of the Status of Enforcement)
|
Article 53(1)The Prime Minister may collect reports on the status of enforcement of this Act from the heads of relevant administrative organs (the organs established in the Cabinet under the provisions of laws (except the Cabinet Office), organs under the supervision of the Cabinet, the Cabinet Office, the Imperial Household Agency, the institutions prescribed in paragraphs (1) and (2) of Article 49 of the Act for Establishment of the Cabinet Office (Act No. 89 of 1999), and the institutions prescribed in paragraph (2) of Article 3 of the National Government Organization Law (Act No. 120 of 1948); this applies in the next article).
|
|
(連絡及び協力)
|
(Liaison and Cooperation)
|
第五十四条内閣総理大臣及びこの法律の施行に関係する行政機関の長は、相互に緊密に連絡し、及び協力しなければならない。
|
Article 54The Prime Minister and the heads of the administrative organs involved in the enforcement of this Act shall maintain close liaison and cooperate with each other.
|
(政令への委任)
|
(Delegation to Cabinet Orders)
|
第五十五条この法律に定めるもののほか、この法律の実施のため必要な事項は、政令で定める。
|
Article 55The matters necessary for implementation of this Act, in addition to those prescribed in this Act, shall be prescribed by Cabinet Orders.
|
第六章 罰則
|
Chapter VI Penal Provisions
|
Article 58(1)If any representative of a juridical person (which includes an association or foundation which is not a juridical person with a specified representative or manager; hereinafter the same shall apply in this paragraph), or any agent, employee or other workers of a juridical person or of an individual commits any of the violations prescribed in the preceding two articles concerning the business of the juridical person or individual, then not only shall the performer be punished but also the juridical person or individual shall be sentenced to the fine prescribed in the corresponding article.
|
|
(2)When the provision of the preceding paragraph applies to an association or foundation which is not a juridical person, its representative or manager shall represent the associaion or foundation which is not a juridical person in its procedural action, and the provisions of the acts concerning criminal suits in which a juridical person is the accused or suspect shall be apply mutatis mutandis.
|
|
一第四十条第一項の規定による届出をせず、又は虚偽の届出をした者
|
(i)A business operator who does not make a notification required by paragraph (1) of Article 40 or who has made a false notification
|
二第四十五条の規定に違反した者
|
(ii)A business operator who violates the provision of Article 45
|
附 則〔抄〕
|
Supplementary Provisions[Extract]
|
(施行期日)
|
(Effective Date)
|
第一条この法律は、公布の日から施行する。ただし、第四章から第六章まで及び附則第二条から第六条までの規定は、公布の日から起算して二年を超えない範囲内において政令で定める日から施行する。
|
Article 1This Act shall come into force as from the day of promulgation.However, the provisions of Chapter IV to Chapter VI and Article 2 to Article 6 of the supplementary Provisions shall become effective as of the date specified by a Cabinet Order within a period not exceeding two years from the day of promulgation.
|
(本人の同意に関する経過措置)
|
(Transitional Measures Concerning a Consent of a Person)
|
第二条この法律の施行前になされた本人の個人情報の取扱いに関する同意がある場合において、その同意が第十五条第一項の規定により特定される利用目的以外の目的で個人情報を取り扱うことを認める旨の同意に相当するものであるときは、第十六条第一項又は第二項の同意があったものとみなす。
|
Article 2Where a person has given consent to the handling of his or her personal information prior to enforcement of this Act, and where the consent is equivalent to the consent that allows the personal information to be handled for a purpose other than the Purpose of Utilization specified under paragraph (1) of Article 15, then it shall be deemed that there is such consent as is prescribed in paragraph (1) or (2) of Article 16.
|
Article 3Where a person has given consent to the handling of his or her personal information prior to enforcement of this Act, and where the consent is equivalent to the consent that allows the personal data to be provided to a third party under paragraph (1) of Article 23, then it shall be deemed that there is such consent as is prescribed in the same paragraph.
|
|
(通知に関する経過措置)
|
(Transitional Measures Concerning Notices)
|
第四条第二十三条第二項の規定により本人に通知し、又は本人が容易に知り得る状態に置かなければならない事項に相当する事項について、この法律の施行前に、本人に通知されているときは、当該通知は、同項の規定により行われたものとみなす。
|
Article 4If an individual has been notified, prior to enforcement of this Act, of the matters that shall be notified to the individual or be put in a readily accessible condition for the individual under paragraph (2) of Article 23, then it shall be deemed that the notice concerned has been given under the provision of the same paragraph.
|
Article 5If an individual has been notified, prior to enforcement of this Act, of the matters that shall be notified to the individual or be put in a readily accessible condition for the individual under item (iii) of paragraph (4) of Article 23, then it shall be deemed that the notice concerned has been given under the provision of the same paragraph.
|
|
(名称の使用制限に関する経過措置)
|
(Transitional Measures Concerning the Restriction on Use of the Name)
|
第六条この法律の施行の際現に認定個人情報保護団体という名称又はこれに紛らわしい名称を用いている者については、第四十五条の規定は、同条の規定の施行後六月間は、適用しない。
|
Article 6The provisions of Article 45 shall not apply, for six months after the provision of the same article is enforced, to any business operator actually using the name " authorized personal information protection organization" or a name that might be mistaken for it at the time when this Act is enforced.
|