Due to launch in January 2016, the “My Number” system is proposed to aggregate and centralize personal information relating to tax, social security, medical, automobile registration, visa and passports.
The Social Security and new Tax Number System applies to foreigners who have legally resided in Japan for more than three months and have an address in Japan. Recipients will be issued with a 12 digit number that will remain with them until death- akin to a social security number in the U.S. or a national insurance number in the UK.
The system is pitched as being more convenient that the current one with centralization resulting in less necessary paperwork and documentation for certain procedures e.g. claiming benefits or filing taxes (e-Tax). It is also theorized that it will make evacuation and disaster response more efficient; saving time and potentially saving lives.
This aggregation of personal data could potentially be a double-edged sword and begs the question, “what if a security breach lead to this personal information being used nefariously?”. To cite the UK’s National Insurance Number and the U.S.’s Social Security Number system as long-standing points of reference, both countries have on numerous occasions been on the receiving end of scrutiny as a result of ‘misplacing’ sensitive data and have become victim to prolonged and systematic fraud, costing tax-payers millions in unlawful benefit claims.
The U.S. has recorded 11.7 million cases of data breaches involving Social Security numbers since 2006. Identity thieves often steal pension or unemployment insurance payments or run up a victim's credit card debt. Victims have lost tens of billions of dollars in the U.S. alone. More approximately, South Korea reportedly suffered the leaking of 40 million numbers, or 80% of the population, through 2014 as their government network was compromised leaving Seoul facing pressure to rebuild the network at a cost of $650 million.
In aim of prevention, strict accompanying guidelines and laws will be enacted in Japan to safeguard this new store of personal information. Those leaking the numbers that they are tasked with safeguarding will face punishment, including prison terms of up to four years and as such companies will therefore need to guard the records closely. The management of employee data, for example, will present a considerable work-load to human resources departments and necessitate new software (or at the very least cabinets with locks!) to compliantly manage, the onboarding, storage and deletion of sensitive data.
People will also have the option to receive an “Individual Number Card” containing an IC chip. The card will have the bearer's name, address, date of birth, and sex (known as the "four basic information items") as well as an ID photograph on the front, and the “Individual Number” on the back. Holders may use the card as a form of personal ID to confirm their identity and for many it could conceivably replace the “gaijin card” as the ID card of choice.
This is where things get questionable. Because the card contains all of your personal credentials along with an ID photograph it can be used for a wide range of purposes, e.g signing up to a sports club, getting a mobile phone contract or anywhere else you could conceivably be asked to identify yourself. Now, the other party is prohibited from copying your “Individual Number”, but the issue is the actual location of this information- on the back of the card. Conceivably, in a similar manner to credit-card skimming, it would only take 1 second to take a snapshot of the card and the all-important “My Number.”
The government hopes that the system will be successful in “streamlining” and automating historically manual procedures but you are not legally required to receive or carry the "Individual Number Card." Undoubtedly the new system is conducive to the Japanese government receiving much-needed tax revenue via keeping closer tabs on its populace, but at this early stage the scope for abuse would appear to be substantial.© Japan Today