Emergency
notice

Privacy Policy

Jump to Section

Policy on Security of Personal Information

At Waseda University (hereafter to be referred to as “this university”), the protection of personal information is recognized as a fundamental right that has its origins in the integrity of the human personality. The Personal Information Security Rules were established in May 1995, and these provided for the strict handling of personal information. Since April 1, 2005, the Law Regarding the Protection of Private Information (Private Information Protection Law) has been fully enforced. This university has continuously complied with this law and works to properly manage and protect personal information.

1. Collection and Use of Personal Information

Personal information refers to information that identifies specific individuals, such as students, guarantors, faculty and staff, or that has the possibility of doing so. At this university, it’s collection is restricted to only that recognized as necessary for educational research, student support, and university management, as defined below. In addition, when it is necessary, the university contacts students and guarantors based on the personal information collected.

Reasons for Collecting Personal Information

1) Management of school registration, changes in school registration, health management, scholarship management;
2) Course registration, grade management and course management;
3) Information management related to postgraduate activities, advancing within a school and changing schools at the undergraduate and graduate school levels within the university;
4) Issuing student identification cards and various other certificates;
5) Managing scholarship information and account information;
6) Supporting for extracurricular activities and student life;
7) Managing and creating employment information;
8) Managing the use of equipment and facilities within the university, managing visual information acquired through the security cameras;
9) Managing the use of the library;
10) Sending grade reports and academic records to the guarantors;
11) Consulting with guarantors about course registration and academic records;
12) Producing public relations magazines for the university and the school, guides for events and fundraising activities;
13) Sending out various guides and information following graduation;
14) Providing information to universities based on a Science and Technology Exchange Agreement;
15) Providing necessary information to the Waseda University Student Health Insurance Union (chief administrator: office manager of student division);
16) Providing necessary information to the Waseda University Alumni Association (chief administrator: president of this university);
17) Providing necessary  information to academic organizations (chief administrator: dean of each school) which are comprised of students and instructors in graduate and undergraduate courses at this university;
18) Providing necessary information to the teachers’ union in order to promote public funding for schools;
19) Management of employment and payment of wages or salaries in relation to part-time jobs or other types of jobs that may be offered within this university;
20) Improvement of educational research and entrance examinations and recruiting of students; and
21) Use of photos and their data for the purpose of verification of identify for internal procedures and various web-based services within this university.

2. Secure Management of Personal Information

Along with strict management of personal information so that it is not used improperly, lost, damaged, falsified or leaked, this university engages in the training of employees (faculty and staff) who handle personal information and those are in charge of this university’s other affairs.

3. Providing Information to Third Parties

This university does not provide personal information to third parties without the consent of the principal party in question. However, information may be provided without the consent of the principal party under the exception established by law (Private Information Protection Law, Article 27, Clause 1)

4. Outsourcing

This university may outsource the whole or a part of its businesses related to certain affairs such as sending out of various letters and objects from this university or data input work. When doing so, this university contractually or otherwise obligate the outsourcing contractors to take necessary and appropriate measures in managing the personal information so that it will not be leaked, disclosed or improperly used.

5. Corrections, Disclosure, Deletion, Suspension of Use (including Erasure and Suspension of Provision to Third Parties) of Personal Information

Students and guarantors can request the disclosure of their own personal information and records of its provision to third parties as well as correction, deletion and suspension of use (including erasure and suspension of provision to third parties) of such information through the individual institution managing that information, such as the school or institute with which s/he is affiliated.

◆The Approach to Information Security at Waseda University

Waseda is deeply aware that the protection of personal information is a fundamental requirement derived from the dignity of the individual, so  Regulations on Privacy and Data Protection  was established in May 1995 with the aim of properly collecting, managing, using, and protecting the personal information of students, faculty, and administrative staff. Under the supervision of the Personal Information Protection Committee, an independent organization, we have striven to handle this information appropriately.

Based on this experience, in September 2002, the Waseda University compiled the Policy on Security of Personal Information as a minimum set of rules that must be followed when handling information using computers and networks managed by the university. Subsequently, in November 2003, the university issued the “Guidelines for Creating WWW Content in WIND (Waseda University Internet Domain),” and in March 2004, the university issued “Handling Copyrighted Works in Web Content for Educational and Research Purposes.”

Meanwhile, in Japan, especially in the past few years, various information security incidents and accidents have been occurring frequently, ranging from damage caused by computer viruses, information leaks to the Internet via file sharing software, loss of recording media such as USB memory, theft and hacking of PCs, and information leaks by insiders. In response to this situation, we established the Information Security Promotion Office for two years from November 2009, and aimed to develop information security measures university-wide, conduct education and awareness activities, and establish a system for promoting and managing measures. As a result, we established the new Policy on Security of Personal Information in November 2011, which applies to all information assets managed by the university, regardless of the type of media (electromagnetic, optical, paper, etc.).

Additionally, starting in April 2010, we have been providing on-demand training to improve the awareness of teaching staff and prevent incidents and accidents from occurring.

By clarifying our individual responsibilities for various information and reaffirming the purpose of each rule, Waseda University will continue to promote information security initiatives.

◆Waseda University Information Security Policy

For education and research activities at Waseda University (hereafter referred to as “the University”), it is essential to not only improve the information infrastructure but also to ensure the security of information assets.

Waseda University established the Personal Information Security Rules in May 1995 and has endeavored to handle personal information appropriately. Based on the “Guidelines for Information Security Policy” decided by the National Information Security Measures Promotion Council in July 2000, the Media Network Center compiled the “Information Security Policy” in September 2002, which sets out the minimum requirements to be observed when handling information through computers and networks managed by the University, with the aim of appropriately protecting the University’s information assets and improving information security. Based on these, Waseda University has now established a new “Waseda University Information Security Policy” (hereinafter referred to as “this Policy”) that applies to all information assets managed by the University, regardless of the type of medium (electromagnetic, optical, paper, etc.).

I. Basic Policy on Information Security

1. Purpose

Information assets are important to the University. Educational and research activities at the University depend on the collection, storage, transmission, and reporting of information. If information assets are not protected, there is a possibility that damages such as stagnation of educational and research activities at the University and loss of trust in the University may occur. Therefore, faculty, staff, students, and all related parties must make constant efforts to protect the University’s information assets, taking into consideration  confidentiality, integrity, and availability. Those who use services related to information assets provided by the University are responsible for complying with this policy and must not, intentionally or unintentionally, access, tamper with, copy, destroy, leak, etc., information assets inside or outside the University without authorization.

The goals of this policy are:

  1. Preventing breaches of the University’s information security
  2. Preventing acts that violate information security on and off campus
  3. Thorough classification and management of information assets
  4. Early detection and rapid response to information security breaches
  5. Information Security Assessment and Updates

2. Scope and Target Persons

The scope of this policy covers all information assets managed by the University. Information assets refer to the information that the University should manage as an organization and the mechanisms for managing it. “Information” is not limited to the type of medium (electromagnetic, optical, paper, etc.). Information assets stored outside the University are also covered if they are recognized as information assets held by the University.

This policy applies to all individuals who use the University’s information assets, including faculty, staff, students, and pupils, as well as all those who are permitted to use the information assets.

3. Implementation Method

The University is responsible for educating and guiding those affected so that they can understand and implement this policy and various internal regulations, etc. Furthermore, the standards and procedures for implementing this policy will be determined separately by the University’s rules, etc. If necessary, each department will create its own standards and procedures for implementing the policy based on its own circumstances, within the scope of this policy.

Ⅱ. Standards for Countermeasures

1. Organization and Structure

Define roles and responsibilities in order to establish a system for managing and operating information security in an organized manner.

(1) Chief Information Security Officer
Our university appoints a Chief Information Security Officer (CISO) who is responsible for overall decision-making regarding information security. The CISO has the authority to determine information security policies and implement necessary measures to ensure that they are implemented throughout the University. In addition, the CISO’s interpretation of this policy will be the final decision.

(2) Information Security Committee
The Division shall decide on important matters related to this Policy and information security, and shall check, evaluate and review the status of compliance with the Policy, as well as check the status of response in the event of an information security incident, and provide advice, guidance and recommendations as necessary.

(3) Each Division
Appoint an information security officer (division head) at each division, who is responsible for the information assets held at that division. Appoint an information security manager and information security officer at each division, who will formulate and maintain the information security implementation procedures required for that division.

2. Preventing Information Security Breaches

(1) Deterrence of acts that violate information security both domestically and internationally
Whether inside or outside the University, we must not infringe on the information assets of any organization, group, or individual.

(2) Access Restrictions
Users who can access information must be determined according to the content of the information, and necessary access restrictions must be implemented to prevent unauthorized access. Users must not access information for which they do not have access privileges, or use information for which they are not authorized.

3. Classification and management of information assets

Regarding the University’s information assets, we must be fully aware of the role and impact they play, and always classify and manage them appropriately, taking into consideration their confidentiality, integrity, and availability.

  1. Confidentiality means ensuring that information is accessible only to those authorized to access it.
  2. Integrity refers to ensuring that information has not been destroyed, altered or erased.
  3. Availability refers to ensuring that those authorized to access information can access it without interruption when needed.
  4. Compliance with Laws and Regulations and Penalties for Violations
    The handling of information assets must also comply with laws, regulations, etc. If there is a violation of this policy and security-related laws, treaties, and rules established by the University, we will deal with the matter in accordance with the various rules and regulations of the University.
  5. Information Security and Policy Assessment and Updates
    In order to protect information assets, we must periodically evaluate whether appropriate information security measures are being implemented, and if improvements are deemed necessary, we must promptly update them. In addition, we must periodically evaluate the effectiveness of this policy, and if improvements are deemed necessary, we must determine the content and timing of changes, and update the policy to one that has a high level of security and is easy to comply with.

Please direct any questions regarding the protection of personal information at Waseda University to the following organization:
Office of the Personal Information Protection Committee (Department of Educational Affairs, Educational Affairs Section)
1-104 Totsuka-cho, Shinjuku-ku, Tokyo 169-8050
Telephone: 03-3204-2253
E-mail: [email protected]

Virtual Campus Tour

Social Media

Instagram

  • facebook

    facebook

  • twitter

    X

  • youtube

    YouTube

  • linkedin

    LinkedIn

  • podcast

    podcast

  • tiktok

    TikTok

Giving

Your generosity can make a difference and bring rippling impact

No matter the size, every single gift will make a difference in helping students afford an academic experience that will transform their lives, as well as promoting frontline research to resolve complex challenges of the world today.

More About Giving