Personal information refers to any data that can identify a specific living individual: name, date of birth, address, phone number, email address, photographs, and more. Information that cannot identify someone alone but can when cross-referenced with other data (e.g., a membership number linked to a database) also qualifies. The 2017 amendment explicitly included biometric data (fingerprints, iris scans) and personal identification codes (My Number).
Phone numbers are quintessential personal information. Mobile numbers function as de facto personal identifiers, widely used for SMS verification and account recovery. When leaked, they increase the risk of smishing and special fraud targeting. On the dark web, name-phone-address bundles are traded as "lists."
Japan's Personal Information Protection Act requires businesses to specify usage purposes, prohibits third-party sharing without consent, and mandates security measures. The 2022 amendment made breach reporting to the Personal Information Protection Commission and victim notification mandatory. Violations carry fines up to 100 million yen.
To protect your phone number: avoid unnecessary service registrations, never publish your number on social media, enable two-factor authentication, and block withheld number calls. See phone number privacy tips and data breach exposure for detailed strategies.