Personal data management based on our personal data protection management system
1. Privacy Mark certification
Privacy Mark is an official third party certification system that is open to business operators that comply with the requirements set out under JIS Q15001, the Japanese Industrial Standards (JIS) for personal data protection, and that handle personal data in an appropriate manner. Nikkei Research obtained Privacy Mark certification in 1999 via the Japan Information Processing Development Corporation (JIPDEC). The Privacy Mark logo displayed on questionnaire is recognized as a guarantee that anyone taking part in the relevant survey can rest assured and feel confident that their personal data will be protected by the reseacrh agency.
2. Development of a personal data protection management system
As a research agency, Nikkei Research handles large volumes of personal data. In recognition of current levels of public demand with regard to personal data protection, we set out the Nikkei Research Personal Data Protection Policy and released a statement entitled Handling Personal Data, outlining our approach to the handling of personal data. We also developed and implemented a personal data protection management system based on our Personal Data Protection Regulations as part of our efforts to ensure the adequate management of personal data.
3. Rigorous personal data security control measures
Important personal data entrusted to us by our clients or by respondents else is kept in highly secure locations such as specific folders on servers subject to access restrictions and log-in monitoring. In addition to installing antivirus measures, firewalls and encryption software, we implement a range of other security measures such as controlling entry to company premises via IC cards, keeping storage locations locked and setting up surveillance cameras. We take appropriate action to protect personal data at every stage of the data handling process, from input to transfer or transmission, usage, processing, storage, backup and deletion or disposal. We also record all personal data activity in personal data management logs or on customer property management sheets and conduct regular inspections.
4. Implementation of personal data management systems
By way of a framework for the protection of personal data, we have appointed a Personal Data Protection Manager and have set up units such as a Security Committee, Personal Data Auditing and ISO Internal Auditing Committee and a personal data advisory service. Senior management also evaluates and reviews our security management measures and institutes regular improvements based on management system reports (internal audits, etc.). We organize regular educational and training sessions for all employees as part of our efforts to raise awareness regarding personal data protection and ensure that management systems are being operated effectively. If we ever need to outsource any aspect of the handling of personal data, we do necessary and appropriate supervision to the relevant service provider so as to ensure that they manage data securely in the same way as Nikkei Research.
Compliance with industry standards
We conduct research in accordance with Code of Conduct of Marketing Research and other guidelines set out by the Japan Marketing Research Association (JMRA), which in turn are compliant with international marketing research regulations in the form of the ICC/ESOMAR Code set out by the International Chamber of Commerce (ICC) and European Society for Opinion and Marketing Research (ESOMAR).
We have also obtained JIS Q15001 compliant Privacy Mark certification and make every effort to establish and raise awareness of operating manuals and to improve quality levels through the implementation of the PDCA (plan, do, check, act) management cycle on a continual basis.
Quality control based on our ISO-compliant flow of operations
1. ISO 9001 certification
We obtained certification under international quality standard ISO 9001 (quality management systems) in 2003.
This enabled us to build on our existing flow of operations and expertise to create an objective operational system capable of standing up to third party certification.
2. Consistently implementing management systems
Our quality management system introduced further requirements and rules for each process in addition to our previous flow of operations and has been applied and implemented on a consistent basis ever since certification.
Having set out clear quality targets as a result of certification, we check progress towards targets through our Quality Assurance Committee, which meets once a month, and make every effort to maintain and improve quality levels.
3. Designing and implementing operational flow in research
As research (especially those requiring customization) incorporates a wide range of options in terms of survey methods and data handling, we have set out a standard processing flow that reflects the characteristics of operations (contents of tasks) whilst also complying with basic ISO rules as part of the management of each survey. As the processing flow is made up of a combination of individual units (tasks), we can guarantee quality levels even if new operations emerge in the future.
4. Establishing a more efficient, advanced flow based on the PDCA cycle
We follow the PDCA (plan, do, check, act) cycle, which is the basic concept behind the ISO, and make every effort to improve our quality management system and systems as part of individual tasks (processes) on a continual basis.
We share details of any incidents, from operational issues through to more worrying or alarming problems, and take preventive measures and corrective action as necessary.
