How much personal information should companies disclose?

"Medical history/disabilities" topped the list at 82.5%. This was followed by "genetic information," "children's names, gender, date of birth, and contact information," and "ideology, religion, and beliefs." As the survey was conducted while discussions on sensitive information were ongoing, the results revealed that the media perceives a broader range of items as "sensitive information" than is actually the case.

For example, 75.1% considered "child's name, gender, date of birth, and contact information" to be sensitive. This may reflect the recent personal information leak incident involving a major correspondence education company.

Additionally, over half pointed to "personal location information and movement history" (54.8%) and "user IDs for SNS and web services" (52.0%) as items requiring countermeasures due to changes in the times, such as advances in information and communication technology. Under this amendment, companies can now utilize so-called "big data"—such as customer purchase information and movement history—as "anonymized processed information" that prevents individual identification.

While rules are being developed to keep pace with the times, concerns are also being raised about "overreactions" to the amended law. Since the full implementation of the Personal Information Protection Law in 2005, the term "personal information" has wielded power beyond the law itself. Many things, such as municipal directories, school contact lists, and alumni association directories, have likely become impossible to create since the law took effect.

Some have pointed out that even during press conferences about scandals, information is sometimes concealed beyond necessity, or the scandals themselves are covered up. There have also been cases where, during disaster response, search operations continued because safety information couldn't be shared between local governments and fire departments.

Although the revised Personal Information Protection Law exempts news organizations from its application, the law often acts as a barrier for the media.

The tragic incident at a facility for people with disabilities in Sagamihara City, Kanagawa Prefecture, in July also sparked debate over personal information handling. This followed the Kanagawa Prefectural Police's announcement of the 19 victims anonymously.

Media outlets argued that anonymity "fails to convey the gravity of the incident," while the police cited "strong requests from families" as their reason for refusing to release names. There is no clear answer on what the correct approach should be.

While some families agree to interviews, saying, "We want people to know how hard our children fought to live," it's only natural that others prefer to be left alone.

However, lumping them together as "two 66-year-old men" feels wrong. Each had walked their own path for 66 years, paths that were irreplaceable. We must not forget that this incident robbed them of that weight. How we report such painful incidents and how society receives them requires careful consideration.

Handling Personal Information During Emergencies

What should companies be mindful of when they become the primary source of announcements? Naturally, greater care must be taken with the handling of personal information during emergencies.

Fundamentally, companies should not release real names unless there are exceptional circumstances. At the same time, the scope of disclosure regarding an employee's gender, age, tenure, work attitude, etc., must be determined with great care.

For example, concerns like "Even a small piece of information could lead to identification" might cause companies to withhold even gender, inviting media criticism.

Information like "a male (female) in his/her [age range]" or "joined the company in [year] and held [position]" as seen in newspaper articles is considered within the scope of what can be considered for emergency communications.

Work attitude is also a point of media interest. The greater the gap between a public image—such as "a diligent employee who gets along with everyone"—and a hidden reality—like embezzling company funds, or "a leader demonstrating managerial competence" who then commits an act of violence—the more intriguing it becomes.

However, the notion that "it's best to say nothing" is dangerous. There is no 100% correct answer. How accountability is approached ultimately depends on the company's stance.

Even regarding information deemed sensitive under the revised law, such as "medical history" or "criminal history," careful consideration is required before immediately deciding "not to disclose." The outcome could still be "unable to disclose."

However, as the survey results indicate, the media is particularly sensitive to terms like "personal information" and "sensitive information." Using these terms as a blanket excuse to refuse disclosure could backfire and invite criticism. This must be kept in mind when formulating responses.