Japan
Sustainability Report 2023Privacy
Protecting personal information
We fully recognize that personal information (information regarding our customers, business partners, shareholders, investors, employees, etc.) is an important and valued asset that we receive from individuals, and it is our obligation under the law and our accountability to society, to handle this information properly and with care. In response to this, we established the “Suzuki Motor Corporation basic policy on protection of personal information” and work hard for protection of personal information. Details on the handling of personal information are released on the Suzuki corporate website:
- For Japan:
- http://www.suzuki.co.jp/privacy_statement/index.html
- For overseas:
- https://www.globalsuzuki.com/cookies/index.html
We establish the in-house rules and revise them as required according to revision of related laws, etc. to handle personal information appropriately, and to familiarize our employees with these rules, Suzuki provides education so that all employees thoroughly become aware of protection and appropriate handling of personal information.
The specific measures taken by Suzuki to manage personal information are as follows.
Suzuki has appointed personal information managers responsible for managing personal information for the entire Company, as well as those responsible for managing personal information in each department, and has implemented necessary and appropriate measures, including items 1 to 6 below, to prevent leakage, loss, damage, misuse, alteration, and unauthorized access of personal information handled by Suzuki. In addition, in accordance with regulations and manuals, the status of personal information handling is reviewed once a year and reported to the Corporate Governance Committee, and a reporting system is in place for cases of inappropriate handling of personal information.
- 1. Establish regulations and manuals for handling personal information (personal data) at each stage of acquisition, use, storage, provision, deletion, disposal, etc., including handling methods, responsible personnel, personnel in charge, and their responsibilities
- 2. Clarify the employees who handle personal information (personal data) and the scope of such information handled by these employees, and establish a reporting and communication system in case of any instances or indications of violation of laws, regulations, or handling rules are detected
- 3. Provide training to employees on matters to keep in mind regarding the handling of personal information
- 4. Manage employees’ entry and exit to areas where personal information (personal data) is handled, restrict equipment brought in by employees, and take measures to prevent unauthorized persons from viewing personal information (personal data)
- 5. Control access to limit the scope of personnel in charge and the personal information databases, etc. handled
- 6. Implement mechanisms to protect information systems that handle personal information (personal data) from unauthorized outside access or unauthorized software
In addition, the basic policy on protection of personal information is also followed at Suzuki Group companies to thoroughly ensure protection of personal information.
We will continuously review and improve the personal information protection system.
Information security
Basic concept
To properly manage personal and confidential information, based on the Suzuki Basic Policy for Information Security, an information security officers’ committee was established under the Corporate Governance Committee to deal with information security in general including cybersecurity, and the Company is promoting the Suzuki Group’s information security measures.
Suzuki Basic Policy for Information Security
-
1. Legal compliance
We shall comply with laws, regulations, national guidelines, contractual obligations, and other social norms related to information security.
-
2. Initiatives for information security and product security
To ensure that our customers can use our products and services with peace of mind, we shall address product security as part of our information security efforts.
-
3. Building of information security management system
In addition to establishing an information security officers’ committee, we shall assign a person in charge of handling confidential information and an information security promoter to each internal department and organization.
-
4. Establishment of internal regulations
We shall establish internal regulations concerning information security and make them known to all employees.
-
5. Establishment of audit system
We shall conduct information security audits regularly and as needed to verify that information security-related laws and regulations are complied with and that regulations and rules are functioning effectively.
-
6. Implementation of information security measures
We shall implement organizational, technical, physical, and personnel security measures to prevent damages such as information leaks or alteration.
-
7. Implementation of education
We shall provide information security-related education and training for all employees in order to raise their awareness of and ability to deal with information security.
-
8. Management of outsourced contractors
We shall examine the security level of outsourced contractors. For important outsourced contractors, the security level shall be audited on a regular basis.
-
9. Implementation of continuous improvements
We shall continuously improve the overall system to ensure information security by regularly evaluating and reviewing the above efforts.
Management system
We have established countermeasures subcommittees under the information security officers’ committee to build a system to implement more appropriate information security management.
■ Information security management system promotion organization
Preparation for information leakage and external attacks
We obtained ISO 27001 (information security management system) certification in 2020, and we continue to maintain the certification by conducting Company-wide assessment activities and internal audits every year.
We have organized a dedicated CSIRT (Computer Security Incident Response Team) to prevent information security incidents, detect and resolve them at an early stage when they occur, and prevent recurrence after they occur. In preparation for the occurrence of such incidents, the CSIRT conducts (1) collection and analysis of information on information security incidents and (2) internal awareness-raising activities.
In addition, we conduct response training twice a year for CSIRT members on the assumption that an information security incident has occurred.
Implementation of education
For information security, we provide the following training to all employees, including officers, as well as to all personnel in charge.
• Implementation of information security education
For all employees, including officers, we conduct e-learning education (once a year), distribution of ISMS (Information Security) education cards (once a year), new employee training, and rank-based training.
• Implementation of targeted attack e-mail response training
For all employees, including officers, we conduct targeted attack e-mail response training (once or twice a year) and distribute ISMS education cards to alert them to security issues and inform them of the contact information in case of a security incident.
• Education for departmental information security officers
Twice a year, information security management education is conducted for personnel in charge of handling confidential information and information security promoters in each department.
Product security
• Product security countermeasures subcommittee
Under the information security officers’ committee, we have established a product security countermeasures subcommittee, an organizational body that manages security operations from product development to disposal, and conducts regular management of product security. By continuing these activities, we ensure the daily safety and security of our customers.
• PSIRT
This countermeasures subcommittee has established a PSIRT (Product Security Incident Response Team) to collect industry information from organizations such as Auto-ISAC*, a North American automotive cybersecurity organization that collects and analyzes product-related security information, in preparation for product security attacks.
* Automotive Information Sharing and Analysis Center
• Product security reporting and audits
We conduct audits every year to comply with and improve organizational systems and regulations and procedures related to product security. The product security countermeasures subcommittee regularly reports on the progress of development and the status of the PSIRT, as well as objective status reports through audits, in order to speedily deal with attacks related to product security.
Initiatives related to intellectual property
Suzuki has made it the first part of its Mission Statement to “develop products of superior value by focusing on the customer.” The Company conducts intellectual property activities basically for rights formalization of knowledge and technology that create value, and protects, accumulates and utilizes these rights as intangible assets.
The core of these intellectual property strategies lies in “Sho-Sho-Kei-Tan-Bi (Smaller, Fewer, Lighter, Shorter, Beauty),” which is the root of Suzuki’s philosophy and culture and also contributes to carbon neutrality. Based on the Philosophy of Conduct “Sho-Sho-Kei-Tan-Bi (Smaller, Fewer, Lighter, Shorter, Beauty),” each and every employee will respond to the diversifying needs of customers and society with wisdom and ingenuity. They will design and develop products with original ideas that are unique to Suzuki, inspiring amazement, and will continue to create intellectual property.
Promotion structure
●Intellectual Property Promotion Committee
In March 2022, the Company newly established the Intellectual Property Promotion Committee. This committee, which is attended by Directors, Managing Officers and Executive General Managers from relevant departments, holds Company-wide discussions on intellectual property strategies, and will continue this activity in the future (held 13 times between March 2022 and October 2023).
The contents discussed and determined at this committee are reported to the Executive Committee and the Board of Directors for approval. In this way, the Company establishes an appropriate governance organization for intellectual property and promotes the execution of intellectual property strategies.
●Strengthening intellectual property activities on site
Based on discussions at the Intellectual Property Promotion Committee, Intellectual Property Dept. staff will enter a site in an advanced development field where attention must be given, such as electrification, next-generation mobility, or the realization of customers’ desires, and additionally, collaborate with a staff member called the patent coordinator dispatched to the site side as a mediator between the site and the department in charge of intellectual property, thereby crafting the insight and ideas at the frontline of work into the shape of a patent with a competitive edge.
●Enhancing incentives to create intellectual property through a reward system
In April 2023, Suzuki revised the reward system for intellectual property to make individual employees who create intellectual property feel “praised,” “recognized” or “highly commended.” Incentives for creating intellectual property were also strengthened in such ways as, in particular, having the inventors of patents chosen by general managers for embodying “Sho-Sho-Kei-Tan-Bi (Smaller, Fewer, Lighter, Shorter, Beauty)” being presented with awards directly by the President at Company-wide events, holding roundtable talks among the inventors, the President and officers, and disclosing scenes of such events on the Company intranet.
The recipients of this fiscal year’s presidential award are the four patents described in the next section, “Achievements of ‘Sho-Sho-Kei-Tan-Bi.’”
An award ceremony for patent inventors held in the new fiscal year ceremony
Achievements of “Sho-Sho-Kei-Tan-Bi”
(1) Paint repairs and paint repair methods (candy paint)
<Patent key point>
The significance of the invention is that the method allows for partial repair of defective metallic painting rather than rework on the entire panel.
<Unique to Suzuki>
| Smaller | : | Smaller paint repair area |
|---|---|---|
| Fewer | : | Fewer paint repair costs |
| Shorter | : | Shorter time for repairs |
| Beauty | : | Finish is as beautiful as when using conventional process methods |
(2) Vehicle proximity notification device
<Patent key point>
The significance of the invention is that the vehicle proximity notification device is located at the back of the front emblem of the vehicle, improving interior quietness by generating alerts directed forward, and at the same time reducing damage to the speaker in the event of a front-on collision.
<Unique to Suzuki>
| Smaller | : | Space-saving |
|---|---|---|
| Fewer | : | Lower alert volume and reduced collision damage |
(3) Electrified vehicle body structure
<Patent key point>
The significance of the invention is that the BEV platform is based on a gasoline vehicle platform with minimal structural changes.
<Unique to Suzuki>
| Fewer | : | Reduced development costs |
|---|---|---|
| Lighter | : | Lighter due to a reduction in parts |
| Shorter | : | Shorter development period |
(4) Driver assistance device
<Patent key point>
The significance of the invention is that vision of the blind spot on the left-hand side of the vehicle automatically displays when necessary while passing on narrow roads.
<Unique to Suzuki>
| Fewer | : | Monitor display activation is the minimum necessary |
|---|---|---|
| Beauty | : | Cumbersome screen switching is avoided |
Various initiatives concerning intellectual property
●Enhancing patent applications in India
Suzuki has been enhancing patent applications in India, which is one of Suzuki’s primary markets. Following Japan, where we have the most rights acquired (approximately 4,200), we have currently acquired and maintain over 1,600 patents in India.
●Periodic provision of the latest patent-related information
As one benchmark, we promote viewing technological information by providing the latest patent-related information about business inside and outside the Company in an easy-to-view format, and support manufacturing and the realization of customers’ desires.
●Conducting systematic intellectual property training
Suzuki also concentrates on intellectual property training, implements stratified training with a focus on patent and copyright laws, and promotes the importance of preserving and utilizing intellectual property throughout the entire company.