TOBISHIMA

Privacy Policy

Information Security Basic Policy

The Company will appropriately manage and operate all information capital possessed by the Company, and this of course includes customer information. The Company will be cognizant that protection is an important responsibility, and will implement efforts based on the following Basic Policy.

1

Scope of Information Capital

All information capital, including information gained through the enterprise activities of the Company and information possessed by the Company, will be subject to protection; this is not limited to information stored within systems but also includes printed, handwritten and other documents.

2

Duties and Responsibilities of Employees

Employees will be cognizant of the importance of information security and the protection of personal information, and have a duty to protect information from unauthorized access, falsification and leaks. Employees additionally bear a responsibility for acting in adherence to laws, etc. related to enterprise activities, and pursuant to the Information Security Management Rules, being the concrete items for adherence.

3

Management of Information Capital

Under the leadership of the Chief Information Security Officer a management system will be constructed based on the Information Security Management Rules. In order to conduct appropriate management operation of information capital, as well as to protect information capital and the processing/storage environment from threats, physical, environmental, technological and human security measures will be implemented.

4

Evaluation and Continual Improvement

The Information Security Basic Policy and Information Security Management Rules are meant to protect all information capital related to the work of the Company. Regular evaluations will be made to determine if these are being observed, and at the same time plans will be continually made for their improvement.

January 1, 2006
Tobishima Corporation