Lawson to Establish Information Security Office,
Enhance Protection of Personal Information

2004/05/31

Lawson today announced plans to establish an Information Security Office on June 1, 2004, as part of ongoing efforts to ensure personal information is properly safeguarded. Lawson has been implementing various strategies related to the management of cardholder information by stores and other Lawson Group business locations. This followed the unauthorized disclosure of personal information of LAWSON PASS cardholders last year. The establishment of the Information Security Office is a move aimed at bolstering these strategies and ensuring that they are implemented with greater speed and efficiency.

The Information Security Office's brief is to put in place a framework for safeguarding personal and business information. It has been given one year to complete this task.

Overview of Information Security Office
1)Personnel: Executive officer in overall charge and 3 specialists (one each from legal affairs, IT and audit fields)
2)Operational Period: June 1, 2004 to May 31, 2005
3)Brief
1.Analyze risks relating to personal and business information in the Lawson Group,
2.Strengthen information security measures throughout the Lawson Group,
3.Promote information security measures using training, awareness and other activities in all areas responsible for managing personal and business information, and
4.Carry out audits of information security initiatives.

Timeline
June 24, 2003 Established committee to protect personal information

July 15, 2003 Implemented customer information security measures

January 1, 2004 Introduced internal regulations for the protection of personal information and non-disclosure regulations for sales

June 1, 2004 Establish Information Security Office

previous

Lawson to Establish Information Security Office, Enhance Protection of Personal Information

Lawson to Establish Information Security Office,
Enhance Protection of Personal Information