Employee Data Privacy

Japan - Breach Notification

 Download as a PDF

Are there any data breach notification requirements? 


A data breach is a security incident in which sensitive, protected or confidential data is copied, transmitted, viewed, stolen or used by an individual unauthorized to do so. Local data protection regulations have required data controllers to report such breaches in certain circumstances.

In Japan, data breaches must be reported to the Personal Information Protection Commission (PIPC) when the breach of data:

  • includes sensitive personal data;
  • includes personal data that can be misused and cause financial damage to data subjects;
  • was committed with unjust purpose; or,
  • includes more than 1,000 data subjects.

When there is a significant breach of My Number data (such as leaking more than 100 My Numbers or when an employee intentionally misuses the data), the employer must also report the breach to the PIPC.


HR Best Practices: Make sure to follow any security and data protection controls outlined in your company’s security policies. Notifications to the Personal Information Protection Commission are required, depending on the nature of the breach.


UKG's HR Compliance Assist team relies on a network of internal and external compliance experts and lawyers to provide clients with best practices and recommendations on topics such as HR document retention, employee data privacy, and HR electronic records. HR Compliance Assist also provides local compliance monitoring and alert services in select countries where UKG's customers have employees. HR Compliance Assist is a service exclusively available to UKG customers.

Share Your Feedback

Let's Talk