SecureMint

How to Send Japan's My Number (個人番号) Safely — Free, Zero-Knowledge, No Enterprise Contract

Under Japan's My Number Act and the Personal Information Protection Commission guidelines, handling a 12-digit individual number (個人番号) triggers strict "safety management measures" (安全管理措置). In practice, NRI Secure and other primary sources confirm that attaching a My Number document to regular email can violate the technical safeguard requirements because email is not end-to-end encrypted and misdelivery risk is high. But most articles you'll find point to paid enterprise transfer services (Crypto-bin / クリプト便, Box Enterprise, Proself) — which require contracts, user provisioning, and budget. Individuals, small accounting firms, and gig workers need something usable today, for free. This guide explains the legal frame and shows how SecureMint's browser-only encryption gives you a compliant path.

Encrypt My Number File Now
SecureMint uses zero-knowledge design. The server cannot read your data.

Steps

1

Confirm what you need to send and remove what you don't

My Number guidelines emphasize "minimum necessary" handling. Before scanning, decide whether the recipient needs the full My Number document or just specific fields. Redact unrelated information. If you are sending a photo of a My Number card, use /metadata to strip EXIF/GPS before encryption.

2

Encrypt the file in your browser with a strong passphrase

Open /encrypt and drop the PDF/JPG. Set a passphrase that neither you nor the recipient has used elsewhere — at least 20 characters or 6 random words. SecureMint uses AES-256-GCM with PBKDF2 key derivation; the plaintext never touches any server. Save the resulting .enc file locally.

3

Deliver the encrypted file via /send with a download limit and expiry

Use /send to upload the ciphertext (it is already encrypted, so even SecureMint's transfer servers see only ciphertext — zero-knowledge). Set download limit to 1, expiry to 24h, and enable download notification. This satisfies "traceability" under 安全管理措置.

4

Share the passphrase through a completely separate channel

This is the critical step. Do NOT send the passphrase by the same email that carries the download link — that's PPAP with extra steps. Use a phone call, SMS, an in-person meeting, or a SecureMint Memo burn-after-reading link sent through a separate messaging app.

5

Confirm receipt and log the transfer

My Number handling logs are required. Record: what was sent, to whom, when, via which route, and confirm the recipient's acknowledgment. SecureMint's download log on /send captures the download time; keep it as part of your safety management records.

Why It's Secure

  • NRI Secure and the Personal Information Protection Commission materials treat raw My Number email attachments as a compliance risk because SMTP is not end-to-end encrypted and misdelivery rates are non-trivial.
  • The My Number Act's "technical safety management measures" require preventing unauthorized access, loss, alteration, and leakage — browser-side encryption directly addresses all four.
  • Password-split emails (PPAP) were already discouraged by Japan's Cabinet Office in November 2020 and again by the FSA in 2025 — they are not a compliant alternative for My Number handling.
  • Zero-knowledge browser encryption means the plaintext My Number never leaves your computer. Even if the transfer server is fully compromised, attackers get only ciphertext.
  • SecureMint does not log account identifiers for free usage — no sign-up, no email collected, which reduces the attack surface of the transfer step itself.

Quick reference: the four safety management axes

The PPC's guideline for business operators (ppc.go.jp/legal/policy/my_number_guideline_jigyosha/) structures "safety management measures" around four axes: organizational, human, physical, and technical. Compliance is not about picking one — you need all four, and the technical axis is where encryption lives. Use this table as a checklist; the right-hand column shows where SecureMint's browser-only encryption directly reduces risk on each axis.

AxisTypical requirementWhere plain email failsSecureMint's coverage
OrganizationalHandling records, incident response plans, role assignments.Sent mail folder is not a handling log; no standard incident path for misdelivery./send download logs (who, when, how often) feed directly into handling records.
HumanTraining, non-disclosure, "need-to-know" discipline.Any admin who can read the sender's mailbox can read the attachment.Only a holder of the out-of-band passphrase can decrypt; mailbox access is irrelevant.
PhysicalControlled storage, disposal, device protection.Files end up cached on recipient devices indefinitely.Expiry + download limits make the ciphertext auto-vanish from /send; the .enc file can be wiped after confirmed receipt.
TechnicalAccess control, authentication, encryption, preventing leakage in transit/at rest.SMTP is not end-to-end encrypted; attachments traverse provider servers in a form admins can read.AES-256-GCM + PBKDF2 in the browser; plaintext never reaches any server, including SecureMint's.

Compliant routes, ranked

There is no single "approved" tool under the law — the requirement is outcomes, not vendors. The PPC's guideline lists examples and leaves room for organizations to pick tools that meet the technical safeguard bar. Here is how the common options compare for an occasional sender (e.g., a sole proprietor or a small tax office) who needs to send a My Number document to an accountant or a tax office.

RouteCostSetup effortTechnical safeguard bar
Plain email attachmentFreeNoneFails — no E2E, high misdelivery rate.
PPAP (password-split ZIP)FreeLowFails — both artifacts cross the same pipe; Cabinet Office (Nov 2020) and FSA (May 2025) discourage it.
Paid enterprise transfer (クリプト便 / Box Enterprise / Proself)Contract requiredMedium-highPasses, but overkill for occasional senders.
Postal mail (tracked)Low (per shipment)NonePasses organizationally, slow, awkward for e-filing workflows.
SecureMint (browser-only, zero-knowledge)Free / Pro optionalNone — no signupPasses — AES-256-GCM payload encryption plus transport expiry and download logs.

Handling records you should keep

The My Number Act's record-keeping expectation is light in form but strict in substance: you need to be able to reconstruct, for any My Number document you handled, who sent or received it, when, via which route, and why. Treat the following as a minimum template — the fields line up with what the PPC's business-operator guideline calls out.

1) Date and time of delivery attempt. 2) Sender and recipient identities (name, role, organization). 3) Content description ("My Number tax withholding slip for J. Smith, 2026 fiscal year"). 4) Route used (SecureMint /send link ID + out-of-band passphrase channel). 5) Confirmation timestamp and /send download log excerpt. 6) Disposal note (when and how the sender's local .enc file was deleted).

For a small operation this can be a single row in a spreadsheet per delivery — the goal is traceability, not bureaucracy. If a privacy incident later occurs, this is exactly the evidence trail the PPC expects you to produce.

Sources

FAQ

Is it actually illegal to email a My Number?
The My Number Act doesn't literally say "no email," but it requires technical safeguards against leakage and misdelivery. Standard email fails those requirements in practice, which is why primary sources like NRI Secure describe email attachment as non-compliant. The safer reading is: treat raw email attachment as a rule violation unless you have compensating controls like end-to-end encryption.
Do I need to buy クリプト便 or Box for this?
No. Those tools are fine if your budget and compliance program require them, but the legal requirement is end-to-end protection with logging — not a specific vendor. SecureMint satisfies the technical requirements with free, browser-only, zero-knowledge encryption plus a download log. For occasional or solo use, it is a valid compliant option.
My accountant insists on receiving My Number by LINE or Chatwork. Is that safe?
Messaging apps like LINE, Chatwork, and Slack do not provide end-to-end encryption for regular chats or file uploads, so the attachment is visible to the vendor's servers and retained in history. Encrypt the file with SecureMint first, then send the ciphertext through the chat tool and the passphrase via a separate channel. That gives you compliance regardless of what tool the accountant uses.
What about the passphrase — can't I just put it in the same message?
No. If the passphrase travels with the ciphertext, a single point of compromise (mis-sent email, exported chat log, server breach) leaks both. This is exactly the PPAP anti-pattern the Cabinet Office and FSA told organizations to stop. Use a different channel — a phone call or a one-time memo link in a separate app.
How long should I keep the encrypted file and logs?
Follow your organization's My Number retention policy (typically tied to tax law retention periods — 7 years for many use cases). Delete the .enc file after the retention period expires, and keep the SecureMint download log alongside your other safety-management records. If you only needed to send it once, set /send's expiry to 24 hours and let it auto-delete.

Related Tools

Encrypt FileSecure Send with Download LogStrip EXIF from Card PhotosShare Passphrase as Burn Memo

If you want to turn this guide into an operational workflow

These use-case guides show how the same pattern fits real workflows for accountants, HR teams, and legal professionals.

See the accountant workflow

How to turn secure send, PPAP replacement, and metadata cleanup into a client delivery flow.

See the HR workflow

How to collect resumes and share interview details with file requests and secure memos.

Related Articles

PPAP Alternative: Secure File Sharing with SecureMint

Replace insecure PPAP (password-protected ZIP via email) with E2E encrypted file sharing. No more sending passwords in separate emails.

How to Encrypt Files for Free

Encrypt any file for free with AES-256-GCM in your browser. No upload, no signup. Your file never leaves your device.

How to Send Files Securely

Learn how to send files securely with end-to-end encryption. Free, no signup. AES-256-GCM encryption with zero-knowledge design.