Our approach to information security
Basic Policy
In fiscal 2021, the Mitsubishi Electric Group encountered another data leak incident caused by unauthorized system access, which has resulted in inconvenience and concern for customers and society. We will continue to strengthen information security measures* to prevent such a situation from occurring again.
Mitsubishi Electric manages confidential corporate information relating to sales, engineering, intellectual property, and other areas, as well as information entrusted to the company by its customers and stakeholders. This is carried out based on the Declaration of Confidential Corporate Information Security Management established in February 2005. In light of past events, we will once again work to increase awareness of this declaration within the Mitsubishi Electric Group and strive to protect and manage information even more carefully.
- * Information security measures: These include technical measures from the four perspectives of intrusion blocking, containment, leak prevention, and global response, as well as human resource measures such as enhancement of employee training, and organizational measures on operation quality improvement, including thorough document management and framework upgrading.
Declaration of Confidential Corporate Information Security Management
With respect to the information assets that constitute its core business activities, Mitsubishi Electric Corporation shall disclose information that should be released externally in a timely and appropriate manner, while ensuring strict and appropriate management of confidential corporate information.
In the unlikely event that valuable information or confidential corporate information entrusted to us by others were to leak, this would not only cost the trust and confidence invested in the Company; the improper use of this information could also threaten national, societal and individual security.
Recognizing that appropriate management of confidential corporate information is a key corporate social responsibility, the Company hereby declares that all employees shall comply with the following confidential corporate information management policies.
1. Appropriate Management of Confidential Corporate Information through Compliance with Laws, Ordinances and Regulations
The Company shall manage all confidential corporate information concerning business activities appropriately in accordance with laws, ordinances and Company regulations.
"Confidential corporate information" means valuable technical or business information held by the Company, and information (such as personal information, information obtained from outside the Company and insider information), which, if disclosed or used in an unauthorized way, could be disadvantageous to the Company and/or its stakeholders. Physical objects that constitute confidential corporate information are also subject to control.
2. Enforcement of Security Management Measures
The Company shall implement appropriate security management measures for the protection and proper control of confidential corporate information.
"Security management measures" means organizational, human, technological and physical measures that are strictly enforced according to the confidentiality level of the applicable corporate information.
3. Enhancement of Information System Security Measures
The Company shall enhance its information system security measures to prevent unauthorized access, intrusion and wrongful use of confidential corporate information, and implement comprehensive countermeasures with IT.
4. Education
Recognizing that the awareness of individual employees who are involved in handling confidential corporate information is fundamental to management, the Company shall provide regular education for all employees concerning the importance of confidential corporate information management and the Company's efforts to enhance it.
5. Continual improvement of Management through the PDCA Cycle
The Company shall establish a confidential corporate information management system and improve it proactively and continually through the PDCA (Plan-Do-Check-Act) cycle.
6. Timely and Appropriate Information Disclosure
In addition to rigorously managing confidential corporate information in an appropriate manner in line with items 1 through 5 above, the Company shall disclose information that should be externally released in a timely and appropriate manner.
July 28, 2021
Kei Uruma, President & CEO
Mitsubishi Electric Corporation
Personal information collected from customers through questionnaires, registration of purchased products, repair services, and other such means is managed based on the "Personal Information Protection Policy." On the basis of this system, Mitsubishi Electric has been granted the right to use the "PrivacyMark" under Japan’s system for certifying personal information protection systems, in recognition of its ongoing efforts to ensure proper handling of personal information.
Personal Information Protection Policy
Mitsubishi Electric Corporation fully complies with Japan’s laws and regulations, national policies and other rules concerning the protection of personal information.
Personal information can be defined as any information that may be used to identify an individual, including, but not limited to, a first and last name, a home or other physical address, an e-mail address or other contact information.
Mitsubishi Electric Corporation sometimes collects personal information from its customers while conducting business activities. On the Global Website, personal information is collected predominantly through the various contact/inquiry forms.
When we directly solicit personal information from you in writing, we will specify how we intend to use the information, and ask for your consent. When we collect personal information by other means, we will announce on our website how we intend to use it.
When you provide us with personal information, we use the information to respond to and confirm your inquiry, and may keep a record of the inquiry for the same purposes. In addition, to support our customer relationship, we may store and process personal information and share it with our worldwide subsidiaries and affiliates to better understand your needs and how we can improve our products and services.
At times Mitsubishi Electric Corporation may conduct online surveys to better understand the needs and profile of our visitors. When we conduct a survey, we will do our utmost to let you know how we will use the information collected from you. Our site may provide contests, sweepstakes or other promotions that may ask you to enter your personal information. We will use the information you provide for the purpose of conducting the promotion, like providing customer support or contacting you if you’re a winner.
Mitsubishi Electric Corporation does not use or disclose information gathered from individual visits to the Site or information that you may give us to any third parties for intention to sell, rent or otherwise market your personal information. We may at times employ a third party service providers to perform or assist us on the on-line surveys, contests, sweepstakes or other promotions. For example, administering the survey or promotion, compiling the data or providing customer support. These parties will have signed a Non-Disclosure Agreement prior to any services we initiate with them. They will not disclose any personal information they receive from you and will only use it in order to initiate and or continue the services they are providing for us.
You have the option not to provide personal information to Mitsubishi Electric Corporation. If you choose not to provide the personal information we request, you can still visit most of the Site, but you may be unable to access certain options, offers and services that involve our interaction with you.
July 28, 2021
Kei Uruma, President & CEO
Mitsubishi Electric Corporation