{"id":64527,"date":"2024-07-25T20:35:20","date_gmt":"2024-07-25T11:35:20","guid":{"rendered":"https:\/\/monolith.law\/cs\/?p=64527"},"modified":"2024-07-28T16:47:25","modified_gmt":"2024-07-28T07:47:25","slug":"ppc-annual-report-2023","status":"publish","type":"post","link":"https:\/\/monolith.law\/cs\/general-corporate\/ppc-annual-report-2023","title":{"rendered":"Neust\u00e1l\u00e9 \u00faniky osobn\u00edch \u00fadaj\u016f, v roce Reiwa 5 (2023) o 1,5kr\u00e1t v\u00edce ne\u017e v p\u0159edchoz\u00edm roce. Vysv\u011btlen\u00ed nejnov\u011bj\u0161\u00edch trend\u016f"},"content":{"rendered":"\n<p>V posledn\u00edch letech doch\u00e1z\u00ed k n\u00e1r\u016fstu \u00fanik\u016f osobn\u00edch \u00fadaj\u016f zp\u016fsoben\u00fdch sofistikovan\u00fdmi kybernetick\u00fdmi \u00fatoky a lidsk\u00fdmi chybami, co\u017e p\u0159edstavuje v\u00e1\u017en\u00fd probl\u00e9m pro podniky. \u00danik osobn\u00edch \u00fadaj\u016f m\u016f\u017ee pro firmy p\u0159in\u00e9st v\u00e1\u017en\u00e9 \u0161kody, jako jsou po\u0161kozen\u00ed pov\u011bsti, riziko soudn\u00edch spor\u016f a dokonce i zastaven\u00ed podnik\u00e1n\u00ed.<\/p>\n\n\n\n<p>V tomto \u010dl\u00e1nku se budeme v\u011bnovat trend\u016fm v p\u0159\u00edpadech \u00fanik\u016f osobn\u00edch \u00fadaj\u016f, kter\u00e9 vypl\u00fdvaj\u00ed z ro\u010dn\u00ed zpr\u00e1vy Japonsk\u00e9 komise pro ochranu osobn\u00edch \u00fadaj\u016f za fisk\u00e1ln\u00ed rok Reiwa 5 (2023). Vyu\u017eijte informace z tohoto \u010dl\u00e1nku k pos\u00edlen\u00ed bezpe\u010dnostn\u00edch opat\u0159en\u00ed va\u0161\u00ed spole\u010dnosti a k prevenci rizika \u00faniku \u00fadaj\u016f.<\/p>\n\n\n\n<div id=\"ez-toc-container\" class=\"ez-toc-v2_0_53 counter-hierarchy ez-toc-counter ez-toc-grey ez-toc-container-direction\">\n<div class=\"ez-toc-title-container\">\n<span class=\"ez-toc-title-toggle\"><\/span><\/div>\n<nav><ul class='ez-toc-list ez-toc-list-level-1 ' ><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-1\" href=\"https:\/\/monolith.law\/cs\/general-corporate\/ppc-annual-report-2023\/#Co_je_rocni_zprava_Komise_pro_ochranu_osobnich_udaju\" title=\"Co je ro\u010dn\u00ed zpr\u00e1va Komise pro ochranu osobn\u00edch \u00fadaj\u016f\">Co je ro\u010dn\u00ed zpr\u00e1va Komise pro ochranu osobn\u00edch \u00fadaj\u016f<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-2\" href=\"https:\/\/monolith.law\/cs\/general-corporate\/ppc-annual-report-2023\/#Dohled_nad_subjekty_zpracovavajicimi_osobni_udaje\" title=\"Dohled nad subjekty zpracov\u00e1vaj\u00edc\u00edmi osobn\u00ed \u00fadaje\">Dohled nad subjekty zpracov\u00e1vaj\u00edc\u00edmi osobn\u00ed \u00fadaje<\/a><ul class='ez-toc-list-level-3'><li class='ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-3\" href=\"https:\/\/monolith.law\/cs\/general-corporate\/ppc-annual-report-2023\/#Zpracovani_a_stav_pripadu_uniku_informaci_a_podobne\" title=\"Zpracov\u00e1n\u00ed a stav p\u0159\u00edpad\u016f \u00faniku informac\u00ed a podobn\u011b\">Zpracov\u00e1n\u00ed a stav p\u0159\u00edpad\u016f \u00faniku informac\u00ed a podobn\u011b<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-4\" href=\"https:\/\/monolith.law\/cs\/general-corporate\/ppc-annual-report-2023\/#Stav_vyzadovani_zprav_smernice_a_poradenstvi\" title=\"Stav vy\u017eadov\u00e1n\u00ed zpr\u00e1v, sm\u011brnice a poradenstv\u00ed\">Stav vy\u017eadov\u00e1n\u00ed zpr\u00e1v, sm\u011brnice a poradenstv\u00ed<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-5\" href=\"https:\/\/monolith.law\/cs\/general-corporate\/ppc-annual-report-2023\/#Situace_ohledne_doporuceni\" title=\"Situace ohledn\u011b doporu\u010den\u00ed\">Situace ohledn\u011b doporu\u010den\u00ed<\/a><\/li><\/ul><\/li><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-6\" href=\"https:\/\/monolith.law\/cs\/general-corporate\/ppc-annual-report-2023\/#Dozor_nad_spravnimi_organy_a_podobnymi_institucemi\" title=\"Dozor nad spr\u00e1vn\u00edmi org\u00e1ny a podobn\u00fdmi institucemi\">Dozor nad spr\u00e1vn\u00edmi org\u00e1ny a podobn\u00fdmi institucemi<\/a><ul class='ez-toc-list-level-3'><li class='ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-7\" href=\"https:\/\/monolith.law\/cs\/general-corporate\/ppc-annual-report-2023\/#Zpracovani_hlaseni_o_unicich_osobnich_udaju_a_podobnych_incidentech\" title=\"Zpracov\u00e1n\u00ed hl\u00e1\u0161en\u00ed o \u00fanic\u00edch osobn\u00edch \u00fadaj\u016f a podobn\u00fdch incidentech\">Zpracov\u00e1n\u00ed hl\u00e1\u0161en\u00ed o \u00fanic\u00edch osobn\u00edch \u00fadaj\u016f a podobn\u00fdch incidentech<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-8\" href=\"https:\/\/monolith.law\/cs\/general-corporate\/ppc-annual-report-2023\/#Pozadavky_na_predlozeni_dokumentu_kontrolni_setreni_pokyny_a_rady\" title=\"Po\u017eadavky na p\u0159edlo\u017een\u00ed dokument\u016f, kontroln\u00ed \u0161et\u0159en\u00ed, pokyny a rady\">Po\u017eadavky na p\u0159edlo\u017een\u00ed dokument\u016f, kontroln\u00ed \u0161et\u0159en\u00ed, pokyny a rady<\/a><\/li><\/ul><\/li><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-9\" href=\"https:\/\/monolith.law\/cs\/general-corporate\/ppc-annual-report-2023\/#Shrnuti_Pocet_pripadu_uniku_osobnich_udaju_je_od_zahajeni_hlaseni_nejvyssi\" title=\"Shrnut\u00ed: Po\u010det p\u0159\u00edpad\u016f \u00faniku osobn\u00edch \u00fadaj\u016f je od zah\u00e1jen\u00ed hl\u00e1\u0161en\u00ed nejvy\u0161\u0161\u00ed\">Shrnut\u00ed: Po\u010det p\u0159\u00edpad\u016f \u00faniku osobn\u00edch \u00fadaj\u016f je od zah\u00e1jen\u00ed hl\u00e1\u0161en\u00ed nejvy\u0161\u0161\u00ed<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-10\" href=\"https:\/\/monolith.law\/cs\/general-corporate\/ppc-annual-report-2023\/#Predstaveni_opatreni_nasi_kancelare\" title=\"P\u0159edstaven\u00ed opat\u0159en\u00ed na\u0161\u00ed kancel\u00e1\u0159e\">P\u0159edstaven\u00ed opat\u0159en\u00ed na\u0161\u00ed kancel\u00e1\u0159e<\/a><\/li><\/ul><\/nav><\/div>\n<h2 class=\"wp-block-heading\"><span class=\"ez-toc-section\" id=\"Co_je_rocni_zprava_Komise_pro_ochranu_osobnich_udaju\"><\/span>Co je ro\u010dn\u00ed zpr\u00e1va Komise pro ochranu osobn\u00edch \u00fadaj\u016f<span class=\"ez-toc-section-end\"><\/span><\/h2>\n\n\n\n<p>V dubnu roku Reiwa 4 (2022) byl zaveden novelizovan\u00fd Z\u00e1kon o ochran\u011b osobn\u00edch \u00fadaj\u016f, kter\u00fd ukl\u00e1d\u00e1 povinnost podnik\u016fm zpracov\u00e1vaj\u00edc\u00edm osobn\u00ed \u00fadaje hl\u00e1sit p\u0159\u00edpady \u00faniku osobn\u00edch \u00fadaj\u016f a podobn\u00e9 incidenty na webov\u00e9 str\u00e1nce Komise pro ochranu osobn\u00edch \u00fadaj\u016f (PPC), pokud tyto p\u0159\u00edpady spl\u0148uj\u00ed ur\u010dit\u00e9 podm\u00ednky.<\/p>\n\n\n\n<p>Komise pro ochranu osobn\u00edch \u00fadaj\u016f zve\u0159ejnila v \u010dervnu roku Reiwa 6 (2024) <a href=\"https:\/\/www.ppc.go.jp\/aboutus\/report\/\" target=\"_blank\" rel=\"noreferrer noopener\">ro\u010dn\u00ed zpr\u00e1vu za fisk\u00e1ln\u00ed rok Reiwa 5[ja]<\/a>.<\/p>\n\n\n\n<p>Souvisej\u00edc\u00ed \u010dl\u00e1nek: <a href=\"https:\/\/monolith.law\/corporate\/personal-information-protection-2024\" target=\"_blank\" rel=\"noreferrer noopener\">Kl\u00ed\u010dov\u00e9 body novelizace Z\u00e1kona o ochran\u011b osobn\u00edch \u00fadaj\u016f v roce Reiwa 6 (2024)? Zm\u011bny a opat\u0159en\u00ed, kter\u00e1 byste m\u011bli zn\u00e1t[ja]<\/a><\/p>\n\n\n\n<h2 class=\"wp-block-heading\"><span class=\"ez-toc-section\" id=\"Dohled_nad_subjekty_zpracovavajicimi_osobni_udaje\"><\/span>Dohled nad subjekty zpracov\u00e1vaj\u00edc\u00edmi osobn\u00ed \u00fadaje<span class=\"ez-toc-section-end\"><\/span><\/h2>\n\n\n\n<p>V roce Reiwa 5 (2023) bylo zaznamen\u00e1no 12 120 p\u0159\u00edpad\u016f \u00fanik\u016f a podobn\u00fdch incident\u016f, co\u017e p\u0159edstavuje v\u00fdrazn\u00fd n\u00e1r\u016fst oproti 7 685 p\u0159\u00edpad\u016fm v p\u0159edchoz\u00edm roce. Pod\u00edvejme se nyn\u00ed podrobn\u011bji na konkr\u00e9tn\u00ed obsah t\u011bchto p\u0159\u00edpad\u016f.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\"><span class=\"ez-toc-section\" id=\"Zpracovani_a_stav_pripadu_uniku_informaci_a_podobne\"><\/span>Zpracov\u00e1n\u00ed a stav p\u0159\u00edpad\u016f \u00faniku informac\u00ed a podobn\u011b<span class=\"ez-toc-section-end\"><\/span><\/h3>\n\n\n\n<figure class=\"wp-block-image size-full\"><img decoding=\"async\" src=\"https:\/\/monolith.law\/wp-content\/uploads\/2024\/06\/Shutterstock_1688882128.jpg\" alt=\"Zpracov\u00e1n\u00ed a stav p\u0159\u00edpad\u016f \u00faniku informac\u00ed a podobn\u011b\" class=\"wp-image-88171\" \/><\/figure>\n\n\n\n<p>Z hl\u00e1\u0161en\u00fdch p\u0159\u00edpad\u016f bylo 11 635 p\u0159\u00edpad\u016f (96,0 %), kde po\u010det osob posti\u017een\u00fdch \u00fanikem informac\u00ed byl ni\u017e\u0161\u00ed ne\u017e 1000, a 61 p\u0159\u00edpad\u016f (0,5 %), kde bylo posti\u017eeno v\u00edce ne\u017e 50 000 osob.<\/p>\n\n\n\n<p>V p\u0159\u00edpadech p\u0159\u00edmo hl\u00e1\u0161en\u00fdch v\u00fdboru byl nej\u010dast\u011bj\u0161\u00edm typem \u00faniku informac\u00ed \u00fanik z\u00e1kaznick\u00fdch \u00fadaj\u016f (83,5 %), a pokud jde o formu, \u00faniky se t\u00fdkaly p\u0159edev\u0161\u00edm pap\u00edrov\u00fdch dokument\u016f (82,0 %), co\u017e bylo v\u00edce ne\u017e \u00faniky z elektronick\u00fdch m\u00e9di\u00ed (12,2 %).<\/p>\n\n\n\n<p>Podle klasifikace typ\u016f povinnosti hl\u00e1\u0161en\u00ed, kter\u00e9 stanov\u00ed Z\u00e1kon o ochran\u011b osobn\u00edch \u00fadaj\u016f a prov\u00e1d\u011bc\u00ed p\u0159edpisy k tomuto z\u00e1konu, byly nej\u010dast\u011bj\u0161\u00edmi p\u0159\u00edpady \u00faniky osobn\u00edch \u00fadaj\u016f obsahuj\u00edc\u00ed citliv\u00e9 informace, jako jsou zdravotn\u00ed z\u00e1znamy nebo rasov\u00e9 \u00fadaje (89,7 %), n\u00e1sledovan\u00e9 \u00faniky osobn\u00edch \u00fadaj\u016f, kter\u00e9 mohly b\u00fdt zp\u016fsobeny neopr\u00e1vn\u011bn\u00fdm p\u0159\u00edstupem nebo jin\u00fdmi nez\u00e1konn\u00fdmi \u010diny (8,1 %).<\/p>\n\n\n\n<p>Tento trend je mo\u017en\u00e9 vysv\u011btlit t\u00edm, \u017ee mnoho p\u0159\u00edpad\u016f \u00faniku informac\u00ed bylo zp\u016fsobeno takzvan\u00fdmi lidsk\u00fdmi chybami, jako jsou nespr\u00e1vn\u00e9 doru\u010den\u00ed, odesl\u00e1n\u00ed, likvidace nebo ztr\u00e1ta (celkem 86,3 %). V p\u0159\u00edpad\u011b \u00faniku citliv\u00fdch osobn\u00edch \u00fadaj\u016f, kde je povinnost hl\u00e1\u0161en\u00ed i p\u0159i posti\u017een\u00ed jedin\u00e9 osoby, bylo mnoho p\u0159\u00edpad\u016f zp\u016fsobeno nespr\u00e1vn\u00fdm doru\u010den\u00edm pap\u00edrov\u00fdch dokument\u016f obsahuj\u00edc\u00edch tyto \u00fadaje (nap\u0159\u00edklad \u00fa\u010dty za l\u00e9ka\u0159sk\u00e9 slu\u017eby v zdravotnick\u00fdch za\u0159\u00edzen\u00edch).<\/p>\n\n\n\n<p>V reakci na tyto zpr\u00e1vy Komise pro ochranu osobn\u00edch \u00fadaj\u016f prov\u011b\u0159ila, zda byla posti\u017een\u00fdm osob\u00e1m \u0159\u00e1dn\u011b ozn\u00e1mena (podle \u00a7 26 odst. 2 Z\u00e1kona o ochran\u011b osobn\u00edch \u00fadaj\u016f), zda byly p\u0159\u00ed\u010diny \u00faniku \u0159\u00e1dn\u011b identifikov\u00e1ny a analyzov\u00e1ny a zda byla v r\u00e1mci opat\u0159en\u00ed k zabr\u00e1n\u011bn\u00ed opakov\u00e1n\u00ed p\u0159\u00edpad\u016f adekv\u00e1tn\u011b reagov\u00e1no na p\u0159\u00ed\u010diny \u00faniku. Komise podle pot\u0159eby poskytla informace o metod\u00e1ch anal\u00fdzy p\u0159\u00ed\u010din a o zp\u016fsobech prevence opakov\u00e1n\u00ed \u00fanik\u016f.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\"><span class=\"ez-toc-section\" id=\"Stav_vyzadovani_zprav_smernice_a_poradenstvi\"><\/span>Stav vy\u017eadov\u00e1n\u00ed zpr\u00e1v, sm\u011brnice a poradenstv\u00ed<span class=\"ez-toc-section-end\"><\/span><\/h3>\n\n\n\n<p>Bylo provedeno 73 vy\u017eadov\u00e1n\u00ed zpr\u00e1v, 333 sm\u011brnic a poradenstv\u00ed v\u016f\u010di subjekt\u016fm zpracov\u00e1vaj\u00edc\u00edm osobn\u00ed \u00fadaje.<\/p>\n\n\n\n<p>Jako v\u00e1\u017en\u00e9 p\u0159\u00edpady byly uvedeny n\u00e1sleduj\u00edc\u00ed:<\/p>\n\n\n\n<ul>\n<li>P\u0159\u00edpad, kdy obecn\u00fd distributor elekt\u0159iny vyu\u017e\u00edval informace o z\u00e1kazn\u00edc\u00edch nov\u00e9 elektrick\u00e9 energie, kter\u00e9 byly p\u0159\u00edstupn\u00e9 jeho skupinov\u00e9 spole\u010dnosti nebo maloobchodn\u00ed divizi stejn\u00e9 spole\u010dnosti, kter\u00e1 je poskytovatelem elektrick\u00e9 energie.<\/li>\n\n\n\n<li>P\u0159\u00edpad, kdy byly ID a hesla \u00fa\u010dt\u016f p\u0159id\u011blen\u00fdch obecn\u00fdm distributor\u016fm elektrick\u00e9 energie pou\u017eity poskytovatelem elektrick\u00e9 energie k p\u0159\u00edstupu a vyu\u017eit\u00ed osobn\u00edch \u00fadaj\u016f v syst\u00e9mu spr\u00e1vy obnoviteln\u00fdch zdroj\u016f energie, kter\u00fd spravuje Agentura pro p\u0159\u00edrodn\u00ed zdroje a energii.<\/li>\n\n\n\n<li>P\u0159\u00edpad, kdy Toyota Motor Corporation sv\u011b\u0159ila zpracov\u00e1n\u00ed osobn\u00edch \u00fadaj\u016f t\u00fdkaj\u00edc\u00edch se slu\u017eeb poskytovan\u00fdch u\u017eivatel\u016fm vozidel sv\u00e9 dce\u0159in\u00e9 spole\u010dnosti Toyota Connected Corporation, a data byla zp\u0159\u00edstupn\u011bna z extern\u00edch zdroj\u016f kv\u016fli serveru, kter\u00fd spole\u010dnost spravovala.<\/li>\n\n\n\n<li>P\u0159\u00edpad, kdy nez\u00e1visl\u00e1 administrativn\u00ed korporace N\u00e1rodn\u00ed nemocni\u010dn\u00ed organizace, kter\u00e1 je zpracovatelem zdravotnick\u00fdch \u00fadaj\u016f podle z\u00e1kona o anonymizovan\u00fdch zdravotnick\u00fdch informac\u00edch pro v\u00fdzkum a v\u00fdvoj v medic\u00edn\u011b (z\u00e1kon \u010d. 28 z roku 2017), unikla pacientovy zdravotn\u00ed informace.<\/li>\n\n\n\n<li>P\u0159\u00edpad, kdy t\u0159i subjekty pod\u00e1vaj\u00edc\u00ed ozn\u00e1men\u00ed o opt-out poru\u0161ily ustanoven\u00ed z\u00e1kona o ochran\u011b osobn\u00edch \u00fadaj\u016f.<\/li>\n\n\n\n<li>P\u0159\u00edpad, kdy NTT DOCOMO, Inc. sv\u011b\u0159ila NTT NEXIA, Inc. zpracov\u00e1n\u00ed informac\u00ed o z\u00e1kazn\u00edc\u00edch pro telefonn\u00ed prodej, a zam\u011bstnanec agentury NEXIA bez opr\u00e1vn\u011bn\u00ed p\u0159istoupil k osobn\u00edm cloudov\u00fdm slu\u017eb\u00e1m z po\u010d\u00edta\u010de pou\u017e\u00edvan\u00e9ho pro pr\u00e1ci a nahr\u00e1l na n\u011bj celkem p\u0159ibli\u017en\u011b 5,96 milionu osobn\u00edch \u00fadaj\u016f, \u010d\u00edm\u017e do\u0161lo k \u00faniku dat.<\/li>\n\n\n\n<li>P\u0159\u00edpad, kdy u\u010ditel provozuj\u00edc\u00ed st\u0159edn\u00ed \u0161kolu Yotsuya Otsuka Corporation, zat\u00edmco byl zam\u011bstn\u00e1n, vyhled\u00e1val a prohl\u00ed\u017eel osobn\u00ed \u00fadaje \u017e\u00e1k\u016f, kter\u00e9 \u0161kola spravovala, spolu s fotografiemi a videi \u017e\u00e1k\u016f z\u00e1kladn\u00edch \u0161kol, zaznamenal je do sv\u00e9ho soukrom\u00e9ho smartphonu a zve\u0159ejnil \u00fadaje \u0161esti osob na sv\u00e9m \u00fa\u010dtu na soci\u00e1ln\u00ed s\u00edti, \u010d\u00edm\u017e do\u0161lo k \u00faniku \u00fadaj\u016f.<\/li>\n\n\n\n<li>P\u0159\u00edpad, kdy server spole\u010dnosti MK System byl napaden a osobn\u00ed \u00fadaje spravovan\u00e9 v dan\u00e9m syst\u00e9mu byly \u0161ifrov\u00e1ny ransomwarem, co\u017e vedlo k riziku \u00faniku \u00fadaj\u016f.<\/li>\n\n\n\n<li>P\u0159\u00edpad, kdy bylo mo\u017en\u00e9 zobrazit GUID (intern\u00ed identifik\u00e1tor) auk\u010dn\u00edho prodejce na ur\u010dit\u00fdch str\u00e1nk\u00e1ch produkt\u016f na &#8220;Yahoo! Auctions&#8221; po zad\u00e1n\u00ed ur\u010dit\u00fdch p\u0159\u00edkaz\u016f, co\u017e vedlo k mo\u017enosti, \u017ee GUID m\u016f\u017ee b\u00fdt p\u0159\u00edstupn\u00fd t\u0159et\u00edm stran\u00e1m a vzniklo riziko \u00faniku osobn\u00edch \u00fadaj\u016f.<\/li>\n<\/ul>\n\n\n\n<p>V reakci na tyto p\u0159\u00edpady byla podle \u010dl\u00e1nku 23 z\u00e1kona o ochran\u011b osobn\u00edch \u00fadaj\u016f provedena sm\u011brnice a v n\u011bkter\u00fdch p\u0159\u00edpadech bylo po\u017eadov\u00e1no pod\u00e1n\u00ed zpr\u00e1vy o stavu implementace opat\u0159en\u00ed proti opakov\u00e1n\u00ed.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\"><span class=\"ez-toc-section\" id=\"Situace_ohledne_doporuceni\"><\/span>Situace ohledn\u011b doporu\u010den\u00ed<span class=\"ez-toc-section-end\"><\/span><\/h3>\n\n\n\n<p>Byla vyd\u00e1na t\u0159i doporu\u010den\u00ed subjekt\u016fm zab\u00fdvaj\u00edc\u00edm se zpracov\u00e1n\u00edm osobn\u00edch \u00fadaj\u016f. N\u00ed\u017ee jsou uvedeny jejich shrnut\u00ed.<\/p>\n\n\n\n<p>V p\u0159\u00edpad\u011b, kdy zam\u011bstnanec spole\u010dnosti NTT Business Solutions Corporation, kter\u00fd byl pov\u011b\u0159en \u00fadr\u017ebou a provozem syst\u00e9mu pou\u017e\u00edvan\u00e9ho v call centru provozovan\u00e9m spole\u010dnost\u00ed NTT Marketing Act ProCX na z\u00e1klad\u011b smlouvy uzav\u0159en\u00e9 s soukrom\u00fdmi podniky, nez\u00e1visl\u00fdmi administrativn\u00edmi pr\u00e1vnick\u00fdmi osobami a m\u00edstn\u00edmi ve\u0159ejn\u00fdmi organizacemi, neopr\u00e1vn\u011bn\u011b odnesl osobn\u00ed data p\u0159ibli\u017en\u011b 9,28 milionu lid\u00ed t\u00fdkaj\u00edc\u00ed se z\u00e1kazn\u00edk\u016f zadavatele nebo obyvatel, co\u017e vedlo k \u00faniku informac\u00ed, ob\u011bma spole\u010dnostem bylo doporu\u010deno p\u0159ijmout nezbytn\u00e1 opat\u0159en\u00ed k n\u00e1prav\u011b poru\u0161en\u00ed ustanoven\u00ed \u010dl\u00e1nku 23 z\u00e1kona o ochran\u011b osobn\u00edch \u00fadaj\u016f (Japanese Personal Information Protection Act).<\/p>\n\n\n\n<p>V p\u0159\u00edpad\u011b spole\u010dnosti LINE Yahoo Corporation, kde do\u0161lo k \u00faniku osobn\u00edch dat u\u017eivatel\u016f, obchodn\u00edch partner\u016f a zam\u011bstnanc\u016f souvisej\u00edc\u00edch s LINE, po tom, co byl po\u010d\u00edta\u010d pou\u017e\u00edvan\u00fd zam\u011bstnancem jihokorejsk\u00e9 spole\u010dnosti zaji\u0161\u0165uj\u00edc\u00ed bezpe\u010dnostn\u00ed \u00fadr\u017ebu naka\u017een malwarem, co\u017e vedlo k neopr\u00e1vn\u011bn\u00e9mu p\u0159\u00edstupu k informa\u010dn\u00edmu syst\u00e9mu, bylo vyd\u00e1no doporu\u010den\u00ed k p\u0159ijet\u00ed nezbytn\u00fdch opat\u0159en\u00ed k n\u00e1prav\u011b poru\u0161en\u00ed ustanoven\u00ed \u010dl\u00e1nku 23 z\u00e1kona o ochran\u011b osobn\u00edch \u00fadaj\u016f (Japanese Personal Information Protection Act) a bylo po\u017eadov\u00e1no pod\u00e1n\u00ed zpr\u00e1vy o stavu proveden\u00ed opat\u0159en\u00ed k zabr\u00e1n\u011bn\u00ed opakov\u00e1n\u00ed incidentu, v\u010detn\u011b stavu zlep\u0161en\u00ed v reakci na doporu\u010den\u00ed.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\"><span class=\"ez-toc-section\" id=\"Dozor_nad_spravnimi_organy_a_podobnymi_institucemi\"><\/span>Dozor nad spr\u00e1vn\u00edmi org\u00e1ny a podobn\u00fdmi institucemi<span class=\"ez-toc-section-end\"><\/span><\/h2>\n\n\n\n<figure class=\"wp-block-image size-full\"><img decoding=\"async\" src=\"https:\/\/monolith.law\/wp-content\/uploads\/2024\/06\/Shutterstock_1944738808.jpg\" alt=\"Dozor nad spr\u00e1vn\u00edmi org\u00e1ny a podobn\u00fdmi institucemi\" class=\"wp-image-88172\" \/><\/figure>\n\n\n\n<p>Na z\u00e1klad\u011b z\u00e1kona o ochran\u011b osobn\u00edch \u00fadaj\u016f byl prov\u00e1d\u011bn dohled i nad spr\u00e1vn\u00edmi org\u00e1ny a podobn\u00fdmi institucemi.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\"><span class=\"ez-toc-section\" id=\"Zpracovani_hlaseni_o_unicich_osobnich_udaju_a_podobnych_incidentech\"><\/span>Zpracov\u00e1n\u00ed hl\u00e1\u0161en\u00ed o \u00fanic\u00edch osobn\u00edch \u00fadaj\u016f a podobn\u00fdch incidentech<span class=\"ez-toc-section-end\"><\/span><\/h3>\n\n\n\n<p>V r\u00e1mci dozoru nad spr\u00e1vn\u00edmi org\u00e1ny a podobn\u00fdmi institucemi bylo zpracov\u00e1no 1159 hl\u00e1\u0161en\u00ed o \u00fanic\u00edch osobn\u00edch \u00fadaj\u016f a podobn\u00fdch incidentech. Z toho 162 hl\u00e1\u0161en\u00ed poch\u00e1zelo od st\u00e1tn\u00edch spr\u00e1vn\u00edch org\u00e1n\u016f a 997 od m\u00edstn\u00edch ve\u0159ejn\u00fdch instituc\u00ed.<\/p>\n\n\n\n<p>V\u011bt\u0161ina hl\u00e1\u0161en\u00fdch incident\u016f byla, stejn\u011b jako v p\u0159edchoz\u00edm roce, spojena s \u00fanikem osobn\u00edch \u00fadaj\u016f, kter\u00e9 vy\u017eaduj\u00ed zvl\u00e1\u0161tn\u00ed pozornost (st\u00e1tn\u00ed spr\u00e1vn\u00ed org\u00e1ny a podobn\u00e9 instituce: 61,1 %, m\u00edstn\u00ed ve\u0159ejn\u00e9 instituce: 80,3 %), n\u00e1sledovan\u00e1 \u00faniky osobn\u00edch \u00fadaj\u016f v\u00edce ne\u017e 100 osob (st\u00e1tn\u00ed spr\u00e1vn\u00ed org\u00e1ny a podobn\u00e9 instituce: 31,5 %, m\u00edstn\u00ed ve\u0159ejn\u00e9 instituce: 18,8 %).<\/p>\n\n\n\n<p>Nej\u010dast\u011bj\u0161\u00ed p\u0159\u00ed\u010dinou incident\u016f byly takzvan\u00e9 lidsk\u00e9 chyby, jako jsou nespr\u00e1vn\u00e9 doru\u010den\u00ed, zasl\u00e1n\u00ed, likvidace nebo ztr\u00e1ta (st\u00e1tn\u00ed spr\u00e1vn\u00ed org\u00e1ny a podobn\u00e9 instituce: celkem 6,8 %, m\u00edstn\u00ed ve\u0159ejn\u00e9 instituce: celkem 78,8 %), n\u00e1sledovan\u00e9 chybami nastaven\u00ed syst\u00e9mu a dal\u0161\u00edmi p\u0159\u00ed\u010dinami (st\u00e1tn\u00ed spr\u00e1vn\u00ed org\u00e1ny a podobn\u00e9 instituce: 22,8 %, m\u00edstn\u00ed ve\u0159ejn\u00e9 instituce: 17,7 %).<\/p>\n\n\n\n<p>Co se t\u00fd\u010de po\u010dtu osob zasa\u017een\u00fdch jednotliv\u00fdmi incidenty, nej\u010dast\u011bji se jednalo o m\u00e9n\u011b ne\u017e 1000 osob (st\u00e1tn\u00ed spr\u00e1vn\u00ed org\u00e1ny a podobn\u00e9 instituce: 93,2 %, m\u00edstn\u00ed ve\u0159ejn\u00e9 instituce: 96,7 %), a nej\u010dast\u011bji unikl\u00e9 informace se t\u00fdkaly \u00fadaj\u016f ob\u010dan\u016f (st\u00e1tn\u00ed spr\u00e1vn\u00ed org\u00e1ny a podobn\u00e9 instituce: 78,4 %, m\u00edstn\u00ed ve\u0159ejn\u00e9 instituce: 91,1 %). Co se t\u00fd\u010de formy unikl\u00fdch informac\u00ed, nej\u010dast\u011bji \u0161lo o \u00faniky informac\u00ed pouze na pap\u00edrov\u00fdch nosi\u010d\u00edch (st\u00e1tn\u00ed spr\u00e1vn\u00ed org\u00e1ny a podobn\u00e9 instituce: 58,0 %, m\u00edstn\u00ed ve\u0159ejn\u00e9 instituce: 76,8 %).<\/p>\n\n\n\n<h3 class=\"wp-block-heading\"><span class=\"ez-toc-section\" id=\"Pozadavky_na_predlozeni_dokumentu_kontrolni_setreni_pokyny_a_rady\"><\/span>Po\u017eadavky na p\u0159edlo\u017een\u00ed dokument\u016f, kontroln\u00ed \u0161et\u0159en\u00ed, pokyny a rady<span class=\"ez-toc-section-end\"><\/span><\/h3>\n\n\n\n<p>Pro ov\u011b\u0159en\u00ed dodr\u017eov\u00e1n\u00ed sm\u011brnic t\u00fdkaj\u00edc\u00edch se ochrany osobn\u00edch \u00fadaj\u016f (pro spr\u00e1vn\u00ed org\u00e1ny a podobn\u00e9 instituce) bylo provedeno 65 pl\u00e1novan\u00fdch kontroln\u00edch \u0161et\u0159en\u00ed, b\u011bhem nich\u017e byly vyd\u00e1v\u00e1ny pokyny k zlep\u0161en\u00ed spr\u00e1vn\u00e9ho zach\u00e1zen\u00ed s osobn\u00edmi \u00fadaji a po\u017eadavky na p\u0159edlo\u017een\u00ed dokumentace t\u00fdkaj\u00edc\u00ed se pokyn\u016f.<\/p>\n\n\n\n<p>Krom\u011b kontroln\u00edch \u0161et\u0159en\u00ed bylo v souvislosti s p\u0159ij\u00edm\u00e1n\u00edm hl\u00e1\u0161en\u00ed o \u00fanic\u00edch osobn\u00edch \u00fadaj\u016f a podobn\u00fdch incidentech vyd\u00e1no 73 pokyn\u016f a rad, kter\u00e9 se t\u00fdkaly zejm\u00e9na nedostatk\u016f v opat\u0159en\u00edch pro zabezpe\u010den\u00ed informac\u00ed a po\u017eadavk\u016f na zaveden\u00ed opat\u0159en\u00ed proti op\u011btovn\u00e9mu v\u00fdskytu t\u011bchto nedostatk\u016f. Mezi v\u00e1\u017en\u00e9 p\u0159\u00edpady pat\u0159ily n\u00e1sleduj\u00edc\u00ed:<\/p>\n\n\n\n<ul>\n<li>P\u0159\u00edpad, kdy byly ID a hesla \u00fa\u010dt\u016f p\u0159id\u011blen\u00fdch v\u0161eobecn\u00fdm distribu\u010dn\u00edm spole\u010dnostem pou\u017e\u00edv\u00e1ny maloobchodn\u00edmi elektrick\u00fdmi spole\u010dnostmi pro p\u0159\u00edstup a pou\u017eit\u00ed osobn\u00edch \u00fadaj\u016f v syst\u00e9mu spr\u00e1vy obchod\u016f s obnovitelnou energi\u00ed, kter\u00fd spravuje Agentura pro p\u0159\u00edrodn\u00ed zdroje a energii.<\/li>\n\n\n\n<li>P\u0159\u00edpad v m\u011bst\u011b Noheji v prefektu\u0159e Aomori, kde do\u0161lo ke ztr\u00e1t\u011b USB obsahuj\u00edc\u00edho osobn\u00ed \u00fadaje v\u011bt\u0161iny obyvatel, v\u010detn\u011b jm\u00e9na, data narozen\u00ed, v\u00fdsledk\u016f zdravotn\u00edch prohl\u00eddek a historie o\u010dkov\u00e1n\u00ed proti COVID-19, co\u017e vedlo k riziku \u00faniku t\u011bchto informac\u00ed.<\/li>\n\n\n\n<li>P\u0159\u00edpad, kdy dva u\u010ditel\u00e9 ze dvou st\u0159edn\u00edch \u0161kol pod spr\u00e1vou vzd\u011bl\u00e1vac\u00ed komise prefektury Nagano, kte\u0159\u00ed se stali ob\u011b\u0165mi podvodn\u00e9 podpory, nainstalovali na \u0161koln\u00ed po\u010d\u00edta\u010de software pro vzd\u00e1len\u00fd p\u0159\u00edstup podle pokyn\u016f podvodn\u00edk\u016f, co\u017e vedlo k riziku \u00faniku osobn\u00edch \u00fadaj\u016f student\u016f a zam\u011bstnanc\u016f t\u011bchto \u0161kol.<\/li>\n<\/ul>\n\n\n\n<p>V t\u011bchto p\u0159\u00edpadech byly podle \u010dl\u00e1nku 66 odstavec 1 z\u00e1kona o ochran\u011b osobn\u00edch \u00fadaj\u016f vyd\u00e1ny pokyny k \u0159e\u0161en\u00ed nedostatk\u016f v bezpe\u010dnostn\u00edm \u0159\u00edzen\u00ed a v p\u0159\u00edpadech z prefektur Aomori a Nagasaki bylo po\u017eadov\u00e1no tak\u00e9 p\u0159edlo\u017een\u00ed dokumentace t\u00fdkaj\u00edc\u00ed se opat\u0159en\u00ed proti op\u011btovn\u00e9mu v\u00fdskytu t\u011bchto nedostatk\u016f.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\"><span class=\"ez-toc-section\" id=\"Shrnuti_Pocet_pripadu_uniku_osobnich_udaju_je_od_zahajeni_hlaseni_nejvyssi\"><\/span>Shrnut\u00ed: Po\u010det p\u0159\u00edpad\u016f \u00faniku osobn\u00edch \u00fadaj\u016f je od zah\u00e1jen\u00ed hl\u00e1\u0161en\u00ed nejvy\u0161\u0161\u00ed<span class=\"ez-toc-section-end\"><\/span><\/h2>\n\n\n\n<p>Od revize z\u00e1kona v roce Reiwa 4 (2022), je povinnost hl\u00e1sit p\u0159\u00edpady \u00faniku osobn\u00edch \u00fadaj\u016f Japonsk\u00e9 komisi pro ochranu osobn\u00edch \u00fadaj\u016f. Po\u010det hl\u00e1\u0161en\u00ed v roce Reiwa 5 (2023) dos\u00e1hl 12 120 p\u0159\u00edpad\u016f, co\u017e je o zhruba 58 % v\u00edce ne\u017e v p\u0159edchoz\u00edm roce a je to nejvy\u0161\u0161\u00ed po\u010det od zaveden\u00ed povinnosti hl\u00e1\u0161en\u00ed v roce Heisei 25 (2013).<\/p>\n\n\n\n<p>P\u0159i zpracov\u00e1n\u00ed osobn\u00edch \u00fadaj\u016f m\u016f\u017ee doj\u00edt k chyb\u00e1m a n\u00e1sledn\u00e9mu \u00faniku \u00fadaj\u016f, kter\u00fd bude n\u00e1sledn\u011b zve\u0159ejn\u011bn na webu Japonsk\u00e9 komise pro ochranu osobn\u00edch \u00fadaj\u016f, co\u017e m\u016f\u017ee v\u00e9st k po\u0161kozen\u00ed zna\u010dky firmy a ztr\u00e1t\u011b spole\u010densk\u00e9ho kreditu. Proto doporu\u010dujeme konzultovat zpracov\u00e1n\u00ed a spr\u00e1vu osobn\u00edch \u00fadaj\u016f s pr\u00e1vn\u00edkem a p\u0159ipravit se p\u0159edem na takov\u00e9 situace.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\"><span class=\"ez-toc-section\" id=\"Predstaveni_opatreni_nasi_kancelare\"><\/span>P\u0159edstaven\u00ed opat\u0159en\u00ed na\u0161\u00ed kancel\u00e1\u0159e<span class=\"ez-toc-section-end\"><\/span><\/h2>\n\n\n\n<p>Advok\u00e1tn\u00ed kancel\u00e1\u0159 Monolith m\u00e1 bohat\u00e9 zku\u0161enosti v oblasti IT, zejm\u00e9na internetov\u00e9ho pr\u00e1va a pr\u00e1vn\u00edch p\u0159edpis\u016f. \u00danik osobn\u00edch \u00fadaj\u016f se v posledn\u00ed dob\u011b stal velk\u00fdm probl\u00e9mem. Pokud dojde k \u00faniku osobn\u00edch \u00fadaj\u016f, m\u016f\u017ee to m\u00edt fat\u00e1ln\u00ed dopady na podnik\u00e1n\u00ed spole\u010dnosti. Na\u0161e kancel\u00e1\u0159 m\u00e1 odborn\u00e9 znalosti v prevenci \u00faniku informac\u00ed a v reakci na takov\u00e9 situace. Podrobnosti naleznete v n\u00e1sleduj\u00edc\u00edm \u010dl\u00e1nku.<\/p>\n\n\n\n<p>Oblasti pr\u00e1ce advok\u00e1tn\u00ed kancel\u00e1\u0159e Monolith: <a href=\"https:\/\/monolith.law\/personalinformation\" target=\"_blank\" rel=\"noreferrer noopener\">Pr\u00e1vn\u00ed slu\u017eby souvisej\u00edc\u00ed se z\u00e1konem o ochran\u011b osobn\u00edch \u00fadaj\u016f[ja]<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p>V posledn\u00edch letech doch\u00e1z\u00ed k n\u00e1r\u016fstu \u00fanik\u016f osobn\u00edch \u00fadaj\u016f zp\u016fsoben\u00fdch sofistikovan\u00fdmi kybernetick\u00fdmi \u00fatoky a lidsk\u00fdmi chybami, co\u017e p\u0159edstavuje v\u00e1\u017en\u00fd probl\u00e9m pro podniky. \u00danik osobn\u00edch \u00fadaj\u016f m\u016f\u017ee pro  [&hellip;]<\/p>\n","protected":false},"author":32,"featured_media":64654,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[18],"tags":[24,29],"acf":[],"_links":{"self":[{"href":"https:\/\/monolith.law\/cs\/wp-json\/wp\/v2\/posts\/64527"}],"collection":[{"href":"https:\/\/monolith.law\/cs\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/monolith.law\/cs\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/monolith.law\/cs\/wp-json\/wp\/v2\/users\/32"}],"replies":[{"embeddable":true,"href":"https:\/\/monolith.law\/cs\/wp-json\/wp\/v2\/comments?post=64527"}],"version-history":[{"count":2,"href":"https:\/\/monolith.law\/cs\/wp-json\/wp\/v2\/posts\/64527\/revisions"}],"predecessor-version":[{"id":64655,"href":"https:\/\/monolith.law\/cs\/wp-json\/wp\/v2\/posts\/64527\/revisions\/64655"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/monolith.law\/cs\/wp-json\/wp\/v2\/media\/64654"}],"wp:attachment":[{"href":"https:\/\/monolith.law\/cs\/wp-json\/wp\/v2\/media?parent=64527"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/monolith.law\/cs\/wp-json\/wp\/v2\/categories?post=64527"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/monolith.law\/cs\/wp-json\/wp\/v2\/tags?post=64527"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}