ArrowArtboardCreated with Sketch.Title ChevronTitle ChevronIcon FacebookIcon LinkedinIcon Mail ContactPath LayerIcon MailPositive ArrowIcon PrintIcon Twitter
Finance

As Japan ponders data rules, 40% of financial firms send user info overseas

Beyond Line, banks, brokerages and insurers outsource tech to China and elsewhere

Of the 49 financial services companies that responded to a Nikkei poll, 21 said they have sent user data from Japan overseas.

TOKYO -- With Japanese corporate management of personal information under scrutiny after revelations at messaging app Line, a Nikkei survey shows that about 40% of leading financial services institutions in Japan store or transfer customer data abroad.

Nikkei's poll included banks, brokerages, insurers, credit card issuers, leasing businesses and payment service providers. Of the 49 respondents, 21 said they have transferred customer data outside Japan, while 24 have not and four declined to answer. Destinations for the data include China, the U.S., Singapore, South Korea, Australia and France.

The finding follows a public outcry over Line's practice of exposing personal data to Chinese and South Korean subcontractors without an explicit disclosure to Japanese users. The admission in March by the app, which boasts 86 million active users in Japan including the government, prompted the Financial Services Agency and other regulators to investigate how financial institutions handle such information.

Some financial companies told Nikkei they have entrusted data management to vendors in the U.S. or Europe in order to use their cloud services or information technology tools, while one brokerage sent customer data to an American company for portfolio analyses. Four respondents, including insurers and a bank, outsourced data entry and other tasks to to Chinese firms.

Japanese law allows entrusting data management to foreign companies so long as customer consent is obtained and the service provider is supervised. Outsourcing to China is "not prohibited," even for a financial institution, a spokesperson at the Financial Services Agency said.

But multinational companies have been on edge since China enacted a national intelligence law in 2017 that authorizes Beijing to demand information from private companies and citizens.

"Cases of questionable data management are on the rise in connection with outsourcing," the FSA spokesperson said. 

An official at one financial institution in Japan that uses a Chinese data entry service said the vendor is properly managed and data is processed to prevent personal identification.

"It's troubling that data processing in China is considered questionable even when it's done in compliance with the law," the official said.

Japan looks to update rules on private data transfer overseas in April 2022. Guidelines proposed last week by the Personal Information Protection Commission would require companies to disclose where data will be transferred and how data management rules in the destination country differ from those in Japanese.

Even if the protections are comparable, companies still will be required to reassess them annually and stop transferring personal data overseas if safeguards cannot be assured.

"Finance is considered a vital infrastructure in cybersecurity," said Yoichiro Itakura, a lawyer who specializes in personal data protection. "From the standpoint of national security, [Japan's] government should put forward appropriate measures for transfers of personal data to China and other countries."

"It's too much of a burden for companies to assess legal systems in different countries and make their own judgments," Itakura said.

The Nikkei survey also found that more than 70% of the respondents outsource their systems development to foreign vendors, with 14 using providers in China. Eleven said their backbone systems were developed abroad.

"When outsourcing outside of Japan, the assumption is that security measures equivalent to those in Japan are in place," said Akimasa Nakao, an analyst at research firm Gartner Japan. "Stricter management and supervision are essential."

Sponsored Content

About Sponsored Content This content was commissioned by Nikkei's Global Business Bureau.

You have {{numberArticlesLeft}} free article{{numberArticlesLeft-plural}} left this monthThis is your last free article this month

Stay ahead with our exclusives on Asia;
the most dynamic market in the world.

Stay ahead with our exclusives on Asia

Get trusted insights from experts within Asia itself.

Get trusted insights from experts
within Asia itself.

Try 1 month for $0.99

You have {{numberArticlesLeft}} free article{{numberArticlesLeft-plural}} left this month

This is your last free article this month

Stay ahead with our exclusives on Asia; the most
dynamic market in the world
.

Get trusted insights from experts
within Asia itself.

Try 3 months for $9

Offer ends October 31st

Your trial period has expired

You need a subscription to...

  • Read all stories with unlimited access
  • Use our mobile and tablet apps
See all offers and subscribe

Your full access to Nikkei Asia has expired

You need a subscription to:

  • Read all stories with unlimited access
  • Use our mobile and tablet apps
See all offers
NAR on print phone, device, and tablet media

Nikkei Asian Review, now known as Nikkei Asia, will be the voice of the Asian Century.

Celebrate our next chapter
Free access for everyone - Sep. 30

Find out more