In Japan, regulation takes place at the federal level by Act on the Protection of Personal Information (APPI) and at the agency level in recommendations for implementing APPI. Organizations must take the necessary steps to protect their data from unauthorized access and violations of processing policies. In addition, recommendations have been developed to provide protection at the level of individual departments. In Japan, there are no specialized requirements for the biometric protection of personal data.
Latin America
Latin American countries are trying to follow the European model of data protection law, however, they are lagging behind European and American standards. Some countries, such as Brazil, do not have a comprehensive data protection law. Other countries, such as Argentina or Chile, are outdated in this respect, considering the security of data only in general terms and without special rules requiring notification of security incidents.
European Union
The main document for personal data protection in European Union is The Data Protection Directive (EU GDPR), which was adopted in 1995. The Directive regulates processing of personal data within the European Union and it is an important component of EU privacy and human rights law. In May 2018, updated GDPR will come into force in all EU member states. The Resolution establishes duties and responsibilities for those who process personal data, prescribing the adoption of appropriate technical and organizational measures for the safe processing of information.
Building a comprehensive information security infrastructure in a company is not an immediate process. The level of protection should continuously evolve. Information leakage threats are permanently growing for any kind of business that is why the counter measures should develop accordingly. We do not claim the above listed measures as full and totally comprising but these are the ones to be covered in the first place.