Rules on the Appointment of an Administrator of Personal Information Management

(Objective)
   Article 1:
   These Rules stipulate specific matters on the operation of Article 9 of the Doshisha Regulations Concerning the Protectionof Personal Information (stipulated on May 30, 2017 and hereinafter referred to as the ‘Regulations’) at DoshishaUniversity(hereinafter"University").
  
(Administrator of Personal Information Management)

   Article 2 :
   1.The Personal Information Protection Manager defined in Article 9.1 of the Regulations shall appoint a Personal Infromation Management Administrator (hereinafter ‘Administrator’) in each organizational unit which retains personal information, and engage them to administer secure management of personal information in such department.
   2.The head of each organizational unit which retains personal information, such as faculty, department, institute, or center, shall be be appointed as the Administrator. 
   3.Each Administrator shall properly handle issues regarding the collection, storage and management of personal informaiton within the scope of their duties, as well as requests from individuals for the disclosure, correction and deletion of their personal information, in accordance with stipulations of the laws and regulations and the Regulations.
   4. In addition to complying with the laws and regulations and the Regulations, each Administrator may establish appropriate procedures concerning the collection, utilization and management of personal information in their unit.

(Personal Information Supervisor)
   Article 3 :
   1. Each Administrator shall appoint a person responsible for handling personal information in the organizational unit under his/her jurisdiction (hereinafter, “Personal Information Supervisor”) in order to properly manage persons in charge of handling personal information as stipulated in Article 9, Paragraph 2 of the Regulations and ensure the security control of personal information.   
   2. The head of each organizational unit that retains personal information, such as departments and offices, shall be appointed as the Personal Information Supervisor.

(Reporting)
   Article 4 :
   1. In the event that any incident, such as leakage, loss or falsification of personal information, should occur, the  Administrator of the relevant organizational unit shall report the incident to the Personal Information Protection Manager without delay.
   2. Upon receipt of a report under the preceding paragraph, each Administrator shall report it to the Personal Information Protection Manager without delay

(Revision of Abolition)
   Article 5 :
  The revision or abolition of these Rules shall be approved by the President upon the deliberations of the Personal Information 
  Protection Committee and the Directors Meeting.

(Supplimentary Article)
    Regulations shall be enforced on April 1, 2022.