Amendment to Japan’s Omnibus Data Protection Law Means New Compliance Requirements for U.S. Multinational Employers With Operations in Japan

Effective May 30, 2017, Japan amended its omnibus data protection law, the Personal Information Protection Act (“PIPA”), to add new compliance requirements that will have an immediate impact on many U.S. multinational employers with employees in Japan. As with the European Union’s recent revamping of its data protection regime through the General Data Protection Regulation, which will go into effect on May 25, 2018,1 the amendment to PIPA (the “Amendment”) is intended to update Japan’s data protection regime to address the rapid advance in information technology, the rise of the Digital Economy, and the massive increase in global data transfers. The Amendment is the first material change to PIPA since it was originally enacted in 2003.