Security Column Vol.3
Adapt to new data protection laws with KDDI Cloud Inventory!

Data protection laws are becoming stricter, and caution is required when collecting personal data on to a cloud.

Personal data regulations are being strengthened world-wide

In recent years, there has been a problem with more businesses collecting the personal data of Internet service users without their knowledge and using it to expand their services, with little regard to users’ rights. In response, there is a trend among national governments of tightening personal data protection laws.

On May 25, 2018, the GDPR (General Data Protection Regulation), which defines new protection laws for personal data, went into effect in the European Union (EU)*1. Under the GDPR, corporations that handle personal data within the EU are faced with various tasks to comply with new rules on personal data-handling.

In addition to the EU, new personal data protection laws and large amendments to existing personal data protection laws are being enacted in the United States, Japan, Singapore, Hong Kong, Taiwan, South Korea, Malaysia, the Philippines, Australia and elsewhere, and tightened laws and regulations on personal data protection are expected to continue to appear around the world.

Due to these new regulations and other concerns, it has become necessary to use more caution when handling personal data on a global scale.

  • *1 : The subject countries are those of the European Union and some countries of the European Economic Area (EEA), namely Iceland, Norway and Lichtenstein.

Employee data is subject to protection, too! Be careful when using cloud services within your company.

Basic rules related to getting agreement before obtaining personal data

1
Users can refuse to allow businesses to use, collect, or provide to third-parties their personal data
2
Businesses are required to reveal accidents in personal data handling, amend data, delete data, etc. as needed

The basic rules laid out by data protection laws related to this requirement are as follows. These personal data protection laws also apply to employers obtaining information from their employees.

Under many of the personal data protection laws being enacted around the world in recent years, before collecting data from SNS services or cloud services that is tied to users’ personal information, businesses are obligated to obtain agreement from those users on the collection, use, and provision to third parties of that information. Furthermore, the users must be allowed to retract their agreement at any time.

KDDI Cloud Inventory includes functionality to seek users’ agreement to personal data collection!

KDDI Cloud Inventory's user agreement feature

Only collects personal info if the user agrees to it

Because of this, the security/inventory management tool KDDI Cloud Inventory has had functionality added to only obtain inventory from employees’ devices when the users (employees) have agreed. Furthermore, users can change their agreement/refusal at any time.

  • * This feature is a supplementary function for compliance with the GDPR or other cyber security laws, but does not provide complete compliance with these laws by itself.
  • * This feature must be applied for to be used. (Feature provision is free)

KDDI Cloud Inventory user agreement functionality summary

Before collecting endpoint inventory data, KDDI Cloud Inventory displays a message to the endpoint user asking for their agreement, to which the user agrees or refuses. If they agree, all inventory data is collected, but if they refuse, only data that does not include personal data is collected. The displayed message, shown below, can be freely changed by the company using KDDI Cloud Inventory. (We recommend displaying the message in the local language of the country of use. KDDI Cloud Inventory includes sample messages in Japanese, English and Chinese)

●User agreement message

The user agreement feature creates an agreement popup as seen below

  • Agreement indicated by inserting a check and pressing OK.
  • Agreement/refusal can be changed later.
  • Change is done from each device’s agent menu.

●Management screen: Status list

Each endpoint’s agreement or disagreement status can be seen from within KDDI Cloud Inventory.

●Management screen: Device information details

If the user agrees

Data that may be linked to personal data will be collected and be viewable from the management screen.

If the user refuses

Data that may be linked to personal data is not collected, and such data is not displayed on the management screen.

In conclusion

Agreement by users to personal data collection can also be obtained through documents such as employment contracts, but KDDI Cloud Inventory has enabled the convenient feature of enabling control agreement and refusal within the system, in real-time.

With countries’ regulations on personal data handling expected to become even stricter, now is a good time to consider checking those countries’ laws from your company headquarters before using data gathering tools, and not leaving it all to your overseas branches.

Apply here for a 30-day free trial

Take this opportunity to use the free trial to experience security management with KCI !

Contact Us