“Security First” with CIO Leading the Way
Direct Answers to Residents’ Needs[1]Toyonaka City, Osaka Prefecture

A Tough Combative CIO

An unexpected telephone call arrives at the desk of a leading city executive. “I hear you have issues with our information security measures. Can we talk for a moment?”

The caller is Mr. Katsuyoshi Matsuoka, Chief of Information Policy of Toyonaka City. When anyone in the city administration says anything that makes light of security problems, he is inviting angry phone calls from Mr. Matsuoka.

“You say that security measures reduce work efficiency, but what would you do without a computer? Take the work of collecting taxes from 160,000 households in the city, for example. Manually it would take five years. Saying this and that about work efficiency without accounting for the merits of the system is illogical, isn’t it?”

“If your security collapses, we could be asked to pay billions in yen in compensation for loss. Who in the world would bear that?”

“A city executive who picks up the phone to face my relentless arguments, without exception, gives way.” (Matsuoka CIO).

If our security is ever breached and personal information is leaked, we would inflict irreparable damage on the city’s residents. We would have to completely shut down the information system from that day. An information system without security measures could not possibly exist.

Mr. Matsuoka, with his telephone attacks, ignores the vertical relationships within the organization, the vertical structure of the organization, and the labor-management divide. To maintain a high level of confidence in information security, he has no qualms about scolding even top executives. Inside city hall, he has affectionately been given the nickname “The Godfather” in recognition of his indomitable combative posture and his commanding presence. Mr. Matsuoka seems to personify the fact that even the most advanced information system is, in fact, actually grounded in the very human.

But the punch Mr. Matsuoka packs is powered not by feelings, but facts. Its roots lie in a survey of 3,000 city residents performed in 2002 and which, leading as it did to Mr. Matsuoka’s appointment in April of that year as the first dedicated CIO of any local authority in Japan, became his trump card.

When the residents were asked what they wanted from the creation of an electronic city hall, 68.2% answered, “Safety measures against leakage of personal information” (multiple answers permitted) was in first place. It was a clear winner, being followed by the second most frequent answer “Supporting people unaccustomed to information equipment” at 53.6%.

From central to southern Toyonaka City is residential, inhabited by many families transferred by large companies, while the north, incorporating the campus of the University of Osaka, is home to many academics and their families, as well as many airport personnel. Mr. Matsuoka saw in the residents’ responses a strong demand for the protection of personal information. The city had enforced Personal Information Protection Regulations as early as April 1989.

In Toyonaka City, Mr. Matsuoka’s official position was changed from Director Responsible for Information Policies to Chief Information Officer (CIO) in April 2003—the year following the above survey. This change went further than a change of title only. Matters decided by the CIO were clearly stipulated in the city’s work decision-making regulations as, “Matters related to the promotion of the computerization of administration,” giving him the responsibility and authority to lead the entire city administration.