Appropriate Dissemination of Information and Protection of Personal Information

Observance of Laws, Standards and Norms in Advertising and Publicity

When creating advertisements, Sumitomo Forestry complies with relevant legislation, including the Copyright Act, Trademark Law, Building Lots and Buildings Transaction Business Law, and the Act against Unjustifiable Premiums and Misleading Representations. The Corporate Communications Department, the Intellectual Property Department and the Legal Group in the General Administration Department cooperate to confirm and verify the content of advertisements as required. Sumitomo Forestry did not violate any of the various laws and regulations related to advertising in fiscal 2017. Furthermore, Sumitomo Forestry holds monthly meetings of the Brand Communication Committee, comprised of advertising personnel from relevant departments and relevant Japanese affiliates, in addition to study sessions for preventing non-compliance in an effort to raise awareness. Through these efforts, Sumitomo Forestry made certain of prior checks, and endeavored to ensure customers were not misled by unreliable information.

In fiscal 2017, the Brand Communication Committee held a study session about the Act on the Protection of Personal Information, the Copyright Act, Product Liability Law, and the Act Against Unjustifiable Premiums and Misleading Representations. This session brought understanding of the content of laws related to advertising and labeling as well as violations that can easily occur by providing explanations that included an introduction of specific examples.

A web discussion session is also held once a quarter. Additionally, the Committee created website management guidelines and provided relevant division and Group company website teams in Japan with information and instructions on personal information and information security.

The Brand Communication Committee

The Brand Communication Committee

Systems for Protecting the Privacy of Customers(Protection of Personal Information)

Sumitomo Forestry has formulated internal rules to safeguard the personal information of customers, such as the Personal Information Protection Policy and the Personal Information Protection Regulations. In addition, the executive officer responsible for general administration is designated as chief executive in charge of protection of personal information. The Company has also placed an information security officer in each department. In these ways, the Company has established a protection system covering Head Office through to each office.

The Company has also established a help desk for inquiries regarding the handling of personal information within the Customer Service Department. In addition, collective training is provided for the head and general administration representative for each organization. E-learning is provided for all other employees and efforts are made to increase awareness at subcontractors, in order to prevent the leaking of personal information. It is also mandatory for employees at Group companies to undertake the e-learning training.

Page Top

Information Security Policy

In order to ensure the confidentiality, integrity and availability of its information systems, the Sumitomo Forestry Group has raised the security level of its systems while maintaining the “regulation” aspects and “technology” aspects of information security in a mutually complementary manner. Based on the recognition that the protection of customer information in particular is of utmost importance, the Group continues to conduct employee training to ensure dissemination of the rules, and verifies their level of awareness.

In terms of the regulation aspects, we have formulated Sumitomo Forestry Group Information Asset Protection Guidelines for all Group companies in Japan and created a check list based on these guidelines at the same time. The person responsible for the department in charge of information systems at each Group company conducts checks of the information security level every year. In fiscal 2012, the Group also formulated guidelines for Group companies outside of Japan.

As for education on information security, Sumitomo Forestry has made it compulsory for all Group employees with access to its intranet (including temporary and part-time employees) to take an e-learning course on an annual basis.

On the other hand, with respect to the technology aspects of information security, the Group has introduced encrypted start-ups and restrictions on the data export from computers that are taken outside the Company.

Page Top

Systems for Managing Information Security

Under the supervision of the executive officer in charge of information systems, the general manager of the Information Systems Department promotes information security measures for the Sumitomo Forestry Group, such as the formulation and management of rules and regulations, the proposal and implementation of technical measures, the education and training of employees, and the investigation of accidents and implementation of countermeasures.

Furthermore, the person responsible for each department provides guidance and management for the execution of that department's operations as the information security supervisor, and assigns an information security officer who is the working-level manager for the department's information security.

The Group also holds regular meetings of the Affiliated Companies IT Managers Council, which is attended by the persons responsible for departments in charge of information systems at Group companies in Japan. The council checks the content of the guidelines and promotes the introduction of security systems.

Page Top

Initiatives to Strengthen Information Security

Investments in information security substantially increased in fiscal 2017 to strengthen security by building a defense in depth system based on the growing threats to information security such as the multiple leaks of personal information and the advanced email attacks occurring in recent times. In addition to these investments, the Sumitomo Forestry Group has conducted advanced email attack training for all of its employees.

We are also enhancing the response for consultations from employees founded in issues related to cyberattacks and strengthening information security education for employees centered upon the Information Security Office established at Sumitomo Forestry Information Systems Co., Ltd. in May 2016.

Page Top

Toward the Future

As threats to information security grow in recent years, the Sumitomo Forestry Group will continually raise awareness internally as well as conduct and strengthen ongoing information security education with the Information Security Office newly established in 2016 at the core.

Page Top

CSR