New law drives IT security spending in Japan

A new ruling requiring companies to protect personal data is the impetus for companies to ensure there are no security lapses.

A new legal requirement for better handling of personal information in Japan will result in higher IT security spending by small and medium-sized businesses (SMBs) in the country, according to analyst firm AMI-Partners.

The Personal Information Protection Law, which came into effect on Apr. 1, 2005, states a set of obligations that any company in Japan that holds personal data on 5,000 or more individuals, must adhere to. Amongst several things, the new law requires such companies to ensure that personal data are kept secured and protected against unauthorized access and disclosure.

Yuki Uehara, a research analyst at AMI-Partners, said the new legal requirement would notably drive up demand for "high-end" security technologies and services, such as Web site security, user authentication, and managed security outsourcing services. Investment in these areas is projected to reach US$443 million in 2005, and ramp up to US$871 million by 2009, Uehara noted.

Other hot security areas include firewall and VPN (virtual private network) appliances, and antivirus and intrusion detection software, she added.

According to the research firm, SMBs in Japan are projected to spend US$824 million in 2005 on IT security technologies and services. The figure is projected to grow at a compound annual growth rate of 13.3 percent, reaching US$1.5 billion in 2009.

"Owners and managers of personal data are now responsible for any security lapses, and failure to adequately protect such records will result in stringent penalties," stated AMI-Partners in the report.