WEKO3
アイテム
Analysis of Privacy Compliance by Classifying Policies Before and After the Japanese Law Revision
https://ipsj.ixsq.nii.ac.jp/records/231551
https://ipsj.ixsq.nii.ac.jp/records/231551e9e7b0eb-6848-4c61-8429-58052e6a1a36
| 名前 / ファイル | ライセンス | アクション |
|---|---|---|
IPSJ-JNL6412009.pdf (1.6 MB)
2025年12月15日からダウンロード可能です。
|
Copyright (c) 2023 by the Information Processing Society of Japan
|
|
| 非会員:¥0, IPSJ:学会員:¥0, 論文誌:会員:¥0, DLIB:会員:¥0 | ||
| Item type | Journal(1) | |||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| 公開日 | 2023-12-15 | |||||||||||||||
| タイトル | ||||||||||||||||
| タイトル | Analysis of Privacy Compliance by Classifying Policies Before and After the Japanese Law Revision | |||||||||||||||
| タイトル | ||||||||||||||||
| 言語 | en | |||||||||||||||
| タイトル | Analysis of Privacy Compliance by Classifying Policies Before and After the Japanese Law Revision | |||||||||||||||
| 言語 | ||||||||||||||||
| 言語 | eng | |||||||||||||||
| キーワード | ||||||||||||||||
| 主題Scheme | Other | |||||||||||||||
| 主題 | [特集:次世代デジタルプラットフォームにおける情報流通を支えるセキュリティとトラスト] privacy compliance, privacy policy, security policy, bidirectional encoder representations from transformers | |||||||||||||||
| 資源タイプ | ||||||||||||||||
| 資源タイプ識別子 | http://purl.org/coar/resource_type/c_6501 | |||||||||||||||
| 資源タイプ | journal article | |||||||||||||||
| 著者所属 | ||||||||||||||||
| Deloitte Tohmatsu Cyber LLC/Waseda University | ||||||||||||||||
| 著者所属 | ||||||||||||||||
| Deloitte Tohmatsu Cyber LLC | ||||||||||||||||
| 著者所属 | ||||||||||||||||
| Deloitte Tohmatsu Cyber LLC | ||||||||||||||||
| 著者所属 | ||||||||||||||||
| Deloitte Tohmatsu Cyber LLC | ||||||||||||||||
| 著者所属 | ||||||||||||||||
| Waseda University/NICT/RIKEN AIP | ||||||||||||||||
| 著者所属(英) | ||||||||||||||||
| en | ||||||||||||||||
| Deloitte Tohmatsu Cyber LLC / Waseda University | ||||||||||||||||
| 著者所属(英) | ||||||||||||||||
| en | ||||||||||||||||
| Deloitte Tohmatsu Cyber LLC | ||||||||||||||||
| 著者所属(英) | ||||||||||||||||
| en | ||||||||||||||||
| Deloitte Tohmatsu Cyber LLC | ||||||||||||||||
| 著者所属(英) | ||||||||||||||||
| en | ||||||||||||||||
| Deloitte Tohmatsu Cyber LLC | ||||||||||||||||
| 著者所属(英) | ||||||||||||||||
| en | ||||||||||||||||
| Waseda University / NICT / RIKEN AIP | ||||||||||||||||
| 著者名 |
Keika, Mori
× Keika, Mori
× Tatsuya, Nagai
× Yuta, Takata
× Masaki, Kamizono
× Tatsuya, Mori
|
|||||||||||||||
| 著者名(英) |
Keika, Mori
× Keika, Mori
× Tatsuya, Nagai
× Yuta, Takata
× Masaki, Kamizono
× Tatsuya, Mori
|
|||||||||||||||
| 論文抄録 | ||||||||||||||||
| 内容記述タイプ | Other | |||||||||||||||
| 内容記述 | Companies and organizations inform users of how they handle personal data through privacy policies on their websites. Particular information, such as the purposes of collecting personal data and what data are provided to third parties is required to be disclosed by laws and regulations. An example of such a law is the Act on the Protection of Personal Information in Japan. In addition to privacy policies, an increasing number of companies are publishing security policies to express compliance and transparency of corporate behavior. However, it is challenging to update these policies against legal requirements due to the periodic law revisions and rapid business changes. In this study, we developed a method for analyzing privacy policies to check whether companies comply with legal requirements. In particular, the proposed method classifies policy contents using bidirectional encoder representations from transformers and evaluates privacy compliance by comparing the classification results with legal requirements. In addition, we analyzed security policies using the proposed method, to confirm whether the combination of privacy and security policies contributes to privacy compliance. In this study, we collected and evaluated 1,298 privacy policies and 139 security policies for Japanese companies. The results revealed that over 90% privacy policies adequately describe the handling of personal information by first parties, user rights, and security measures, and over 90% insufficiently describe the data retention and specific audience. These differences in the number of descriptions depend on industry guidelines and business characteristics. Additionally, security policies were found to improve the compliance rates of 48 out of 139 companies by describing security practices not included in privacy policies. Finally, we conducted a comparative analysis of policies before and after the Japanese law revision. We identified that although companies updated their policies, these updates were insufficient to meet the new law requirements. ------------------------------ This is a preprint of an article intended for publication Journal of Information Processing(JIP). This preprint should not be cited. This article should be cited as: Journal of Information Processing Vol.31(2023) (online) DOI http://dx.doi.org/10.2197/ipsjjip.31.829 ------------------------------ |
|||||||||||||||
| 論文抄録(英) | ||||||||||||||||
| 内容記述タイプ | Other | |||||||||||||||
| 内容記述 | Companies and organizations inform users of how they handle personal data through privacy policies on their websites. Particular information, such as the purposes of collecting personal data and what data are provided to third parties is required to be disclosed by laws and regulations. An example of such a law is the Act on the Protection of Personal Information in Japan. In addition to privacy policies, an increasing number of companies are publishing security policies to express compliance and transparency of corporate behavior. However, it is challenging to update these policies against legal requirements due to the periodic law revisions and rapid business changes. In this study, we developed a method for analyzing privacy policies to check whether companies comply with legal requirements. In particular, the proposed method classifies policy contents using bidirectional encoder representations from transformers and evaluates privacy compliance by comparing the classification results with legal requirements. In addition, we analyzed security policies using the proposed method, to confirm whether the combination of privacy and security policies contributes to privacy compliance. In this study, we collected and evaluated 1,298 privacy policies and 139 security policies for Japanese companies. The results revealed that over 90% privacy policies adequately describe the handling of personal information by first parties, user rights, and security measures, and over 90% insufficiently describe the data retention and specific audience. These differences in the number of descriptions depend on industry guidelines and business characteristics. Additionally, security policies were found to improve the compliance rates of 48 out of 139 companies by describing security practices not included in privacy policies. Finally, we conducted a comparative analysis of policies before and after the Japanese law revision. We identified that although companies updated their policies, these updates were insufficient to meet the new law requirements. ------------------------------ This is a preprint of an article intended for publication Journal of Information Processing(JIP). This preprint should not be cited. This article should be cited as: Journal of Information Processing Vol.31(2023) (online) DOI http://dx.doi.org/10.2197/ipsjjip.31.829 ------------------------------ |
|||||||||||||||
| 書誌レコードID | ||||||||||||||||
| 収録物識別子タイプ | NCID | |||||||||||||||
| 収録物識別子 | AN00116647 | |||||||||||||||
| 書誌情報 |
情報処理学会論文誌 巻 64, 号 12, 発行日 2023-12-15 |
|||||||||||||||
| ISSN | ||||||||||||||||
| 収録物識別子タイプ | ISSN | |||||||||||||||
| 収録物識別子 | 1882-7764 | |||||||||||||||
| 公開者 | ||||||||||||||||
| 言語 | ja | |||||||||||||||
| 出版者 | 情報処理学会 | |||||||||||||||
