Privacy
LY Corporation aims to realize "User Privacy First" in the entire Group, and with regard to the data entrusted by users, operates its businesses by giving first priority to the privacy and other rights and interests of users, including their human rights.
Messages from the CDO
LY Corporation has a significant amount of users and is entrusted with a large amount of data. We use this data to provide more convenient and enjoyable services while protecting the privacy of our customers. We will continue to balance the use of data with safety and security so that we can provide better services to our users.
Kiyoshi Sasaki, CDO, LY Corporation
Joined Yahoo Japan Corporation (currently LY Corporation) in 2009 after working for Fujitsu Limited and Yahoo! Inc. (U.S.). In Yahoo Japan Corporation, was in charge of R&D for the marketing business and became responsible for the development of data platform of the entire company from 2015. Appointed CDO (Chief Data Officer) of Yahoo Japan Corporation in 2017 and GCDO (Group Chief Data Officer) of Z Holdings Corporation (currently LY Corporation) in April 2021. Serves as Executive Corporate Officer, Head of Data Group, LY Corporation from October 2023, and concurrently serves as CDO from January 2025.
Basic Policy on Data Protection
LY Corporation has announced its Basic Policy on Data Protection which provides the direction of data protection to protect the rights and interests of users, including their privacy, in the handling of data.
"User Privacy First" is the overarching guideline of the Basic Policy on Data Protection. As principles to demonstrate the guideline, the Basic Policy upholds five core principles: 1) Priority to user benefits, 2) Ensuring transparency, 3) Protection of rights and interests, 4) Respect for users' rights to control their data, and 5) Security.
Related links
Privacy governance structure
To realize "User Privacy First," LY Corporation assigns a Chief Data Officer (CDO). The CDO supervises the operations in the data areas throughout the Company, and to ensure that the five principles mentioned above are observed, the CDO cooperates with the relevant divisions and carryies out specific privacy protection initiatives, such as implementing PIA, and introducing and operating the NIST Privacy Framework. Through these initiatives, the CDO is committed to the promotion of privacy protection activities for the data entrusted by users. In addition, a Data Protection Officer (DPO) is assigned to monitor and provide advice on these privacy protection activities from the users' perspective, ensuring that the use of data by LY Corporation does not violate the abovementioned principles.
Privacy protection initiatives
LY Corporation conducts PIA, introduces the privacy framework designated by NIST, and promotes the acquisition of CBPR System certification, to establish a privacy protection system that meets global standards, for the data entrusted by users. Also, with respect to the purposes of using the data collected from users, it works to provide easier-to-understand explanations for users in its Privacy Policy and Privacy Center.
PIA (Privacy Impact Assessment)
Privacy Impact Assessment is a prior procedure for assessing and confirming whether the system, services and functions provided by a company appropriately and adequately address impact on privacy and other rights and interests, including human rights. LY Corporation has a structure for implementing PIA for the systems, services, and functions that have impact on privacy and other rights and interests, including human rights, with regard to the data collected from users.
Promotion of initiatives to acquire CBPR System (APEC Cross-border Privacy Rule System) certification
LY Corporation promotes the acquisition of the CBPR System certification, an international certification which certifies compliance with the APEC Privacy Framework, a rule on the appropriate protection over cross-border data transfers.
NIST Privacy Framework maturity assessment
LY Corporation introduces and operates the maturity assessment of privacy protection management system based on the NIST Privacy Framework designated by the U.S. National Institute of Standards and Technology (NIST).
Privacy Center
LY Corporation discloses its Privacy Policy on matters such as the purpose of using the data entrusted by users, and will strictly manage personal information based on the Privacy Policy. In addition, LY Corporation aims to increase transparency and provide users with easier-to-understand explanations of how it handles data by summarizing its basic stance and policies in the Privacy Center and other means.