Z Holdings Corporation (hereinafter "ZHD") has today received the final report from the Special Advisory Committee on Global Data Governance, a committee consisting of external experts to verify and evaluate the handling of data in the ZHD Group from security and governance perspectives.

The outline of the final report is as follows:
• Overview etc. of the Special Advisory Committee
• Status of cross-border data access and data storage related to LINE app
• Results of the verification on LINE Corporation's governance, and LINE Corporation's improvement measures
• Status of group companies that handle the important data of LINE Corporation
• Status of data governance in LINE Corporation, and recommendations for improvement
• Status of data governance in ZHD, and recommendations for improvement
and others.

For more information on the final report by the Special Advisory Committee, please click here.
• Final Report by the Special Advisory Committee(Japanese only)

In response to the Special Advisory Committee's recommendations, ZHD will further promote and strengthen the initiatives that are already in place and implement new initiatives to strengthen the governance of the entire Group.

＜Initiatives that are already in place＞ (Noted in the Secondary Report)
i) Establishment of the Data Governance Working Group
The Data Governance Working Group was established within the Risk Management Committee as a meeting body whereby those responsible for "research and development," "data utilization," and "security and privacy protection" jointly discuss the state of data governance and strengthen the aforementioned three areas in a well-balanced manner. The Working Group formulates the ZHD Group's data governance policy and rules, evaluates and audits each Group company's compliance with the said rules, recommends corrective actions, and takes other measures as necessary.

ii) Introduction of a "Three-Line Model"
In order to operate businesses in compliance with the rules set by the Data Governance Working Group, a "Three-Line Model" (three defensive lines) is introduced to the ZHD Group companies and each line is responsible for the following:
First Line: As risk owner, appropriately evaluates risks and controls the risks;
Second Line: Audits and evaluates the appropriateness of activities of the First Line, and provides advice to the First Line;
Third Line: Audits and evaluates the appropriateness of the activities of the Second Line, and provides specific advice for improvement if there are problems.
Based on this concept of the "Three-Line Model," each ZHD Group company will implement a specific three-line governance system in a way that matches the actual situation of each company.


＜Initiatives to be pursued in response to the recommendations received in the Final Report＞
i) Establishment of "horizontal and vertical governance structure from the user's perspective"
In addition to the implementation of the "Three-Line Model," the ZHD Group will establish horizontal and vertical governance structures:
a) The horizontal governance structure will be established by strengthening the second line of governance in each company and will enable each company to achieve an autonomous governance structure that is in line with its business situation; and
b) Through the Data Governance Working Group, the vertical governance structure will achieve governance that is centralized across the entire Group and responds to the global business operating environment. ZHD will continuously report on the status of measures taken in ZHD and LINE Corporation (hereinafter "LINE") to the Panel of Experts, etc., to be separately established by ZHD, and will ensure that the measures are implemented while receiving advice from the panel.

ii) Measures to be taken in individual areas to improve ZHD's global data governance
Based on the recommendations of the Special Advisory Committee in the areas of: engagement with the public sector, economic security, security, privacy, risk management, and other individual areas, ZHD will take appropriate measures in a timely manner so that the Group companies will comply with NIST standards¹ and protect not only personal information but also personal data².

(Excerpt from the Final Report p.88)

¹ Security standards such as SP800-171 established by the U.S. National Institute of Standards and Technology (NIST).
² Information about some person, such as information about the user entered when using the service, history of web page browsing and searching, and history of purchases from shopping services (includes information that does not include names and addresses, but may lead to personal identification).

ZHD will further promote initiatives that are already in place and appropriately share, with its Group companies, the knowledge gained through LINE's efforts to strengthen company-wide governance and risk management functions as well as other cases, and further promote Group-wide efforts to improve governance. In addition, ZHD will continue to sincerely address the opinions and suggestions of users and experts, and work to increase the transparency to society and to create an environment where users can use its services with a sense of security.

For more information on the Special Advisory Committee meetings held in the past, please click here.




Unless otherwise specified, English-language documents are prepared solely for the convenience of non-Japanese speakers. If there is any inconsistency between the English-language documents and the Japanese-language documents, the Japanese-language documents will prevail.