Global Confidentiality Policy ManualThe basis of Honda’s group companies

11. When using the intra-company computer network• In cases of storing information onto a Honda computer network

adhere to company policy(*)• Before connecting a Company-provided electronic information

device to any other network pre-authorisation is required from Division Manager.

12. Use of code names• New products and services, etc., should be referred to by an

internal code name that prevents identification of its nature or contents.

• Actual names and internal code names should not be used in the same document.

13. When you are inside Company facilities• Always wear your Honda ID card.• Observe the HSAF policy for use of personal mobile phones. (*) 14. When arriving at the Company• Do not bring any personal electronic information storage device

with a data recording function such USB memory device. • Do not bring any personal video cameras, digital cameras and

still cameras. Mobile phones may not be used to record or store confidential company information.

15. When leaving the Company• Do not take any confidential document or electronic confidential

document from the Company’s facilities. • Do not remove any PC from the Company’s facilities, except for

business purposes. • When leaving the Company, your laptop must be locked away in a

secure cupboard or safe.16. When outsourcing work• If it is necessary to disclose confidential information to an outside

company, you must conclude a confidentiality agreement with that company beforehand.

17. When admitting an outside person(s) into Company facilities• Ensure that each visitor always carries the designated “Visitor”

identification.• Obtain necessary authorisation in advance, before receiving a

worker from an outside contracting company. • When necessary, a confidentiality agreement must be signed with

the visitor or contractor.

18. When using any social media or website• Obtain the necessary authorisation before you disclose any

confidential information through any form of social media.19. When announcing or disclosing confidential information

outside of the Company• Obtain authorisation in advance from the Division Manager of the

division that manages the confidential information.• This approval should cover the timing of the announcement, its

content, and other necessary matters. (Examples of external disclosures: Public relations announcements; disclosures to a court, disclosures in response to a request by a government office)

20. Taking photos and recording visual or audio data• Do not take photos, record visual or audio data on Honda

premises without permission. If required for business purposes, follow the internal procedures. (*)

21. Receiving phone calls• If you receive a suspicious call, confirm the caller’s name and

phone number. You may return the call or consult with your Division Manager should you need to clarify an appropriate response.

My responsibility• I will use confidential information only for Company

business purposes.• I will provide information only to Associates who have a

need to know it.• I will handle personal information with special care.• If I discover any violation of the rules on confidential

information, disclosure or loss of confidential information, I will promptly report the incident to my Division Manager.

• I will always maintain the security of confidential information, whether during or after my period of employment.

• I will always ensure privacy protection and observe the laws and ordinances.

Adapted from Global Confidentiality Policy Pocket ManualDate issued : May 20, 2016 Produced and issued by : The HSAF GCP Committee

(*): See HSAF GCP policy for specific rules

Purpose of GCPCreate a unified policy for preventing leakage of confidential information and create an environment in which assets are protected and utilized on a global scale.Basic PolicyHonda wants to be a company that society wants to exist. Honda is committed to maintaining and enhancing information security based on the following policies:• Understand the importance of customer information and

Company’s information assets;• Observe the laws, guidelines and social norms;• Anticipate changes in the environment and take appropriate

measures for continuous improvement; • Establish a system and committee for preventing leakage, loss,

theft and other negative outcomes according to the Company’s rules and structures;

• Provide continual education and training to increase awareness;• In the event of leakage, loss or theft of information, promptly

investigate to determine cause, minimise damage and to prevent further reoccurrence.

Handling of confidential informationSecrecy categoryAll tangible or intangible information assets are considered as confidential information and must be handled with the appropriate level of secrecy as outlined below:Secrecy S – Information having significant influence on corporate managementE.g. Information regarding the Steering Committee business strategies, new model information (sketches, photographs, illustration) etc. Secrecy A Information having an influence on business operations, such as business decisions, know-how, etc.E.g. Personal Information, financial statement information, master development schedules, documents & materials for new model presentation events, audit-related documents, production & sales plans, job performance appraisal results for Associates, roles and results reports, etcSecrecy B Information restricted to the Company’s AssociatesE.g. Internal rules, a directory of telephone extension numbers, organisational charts, etc.For Secrecy S & A, the manager who created the confidential information designates its secrecy level.If the confidential information is assigned to two or more secrecy levels, the most restrictive level must be applied.

Rules for Honda Associates1. Responsibility of Associates• Associates to use confidential information for business use only.• Associates must not disclose confidential information to

unauthorised recipients.• Associates to report any leakage of confidential or potentially

confidential information to GCP committee / management.• Associates to comply with the “Need-to-know principle*” • To use Company devices for Company business only.2. When creating a document• Determine the secrecy level when creating a document.• Display the secrecy level on the document via symbol allocation.3. When sending any confidential document by e-mail• Do not send any Secrecy S documents by e-mail, either inside or

outside the Company. (*)• When sending Secrecy A documents by e-mail, either inside or

outside the Company, do the following: A) Obtain your Division Manager’s approval B) Protect the document with a password or encryption and

send it as an attached file. Content must not be specified on the name of the document .

C) Send a copy (CC) of the e-mail to your Division Manager. D) After sending the e-mail, confirm receipt by the recipient(s) E) Password must be communicated in separate email• Do not send any e-mail under someone else’s name, such as by

using that person’s password. (Misrepresentation of this type is strictly prohibited.)

4. When removing any document from the Company’s facilities• Division Manager’s approval is required before removing any

Secrecy S documents from the premises (*)5. When copying a document• Division Managers’ approval is required.• A copy retains same secrecy level as the original.6. When distributing a document• Secrecy S documents require a control number and records must

be kept of the recipients.• Limit distribution of Secrecy A documents to only the necessary

number of recipients and keep a record thereof.• Distribute Secrecy B documents by a method that will prevent any

leakage outside the company.• If you distribute copies of Secrecy S or A documents, for which

the issuer has granted copy permission, you must keep a record of the recipients copied.

7. When sending documents• Secrecy S documents should be carried by hand and delivered

to the recipient by the issuer or a Division Manager in charge. (*)• Secrecy A documents should be distributed via return receipt

method. • Secrecy B documents should be sent by a method that prevents

their contents from being recognized.8. When storing and retaining documents• For Secrecy S and A documents, specify its storage location, and

store it in a restricted access protected folder on the server or secure storeroom. If the data must be stored in another location, protect each file to be stored by encryption or password. As soon as storage is no longer required, dispose of the data promptly.

• Secrecy B documents should be stored in a way that prevents disclosure outside the Company. Store any information in your private drive on the server.

• When storing or retaining data on a USB, use an encrypted USB memory device designated by the Company. After using the device, erase all stored data.

9. When disposing of documents• Dispose of any document whose retention period has expired.• Dispose of temporary and interim documents periodically as

necessary.• Promptly dispose of copied documents after use.• To dispose of a confidential document stored on removable

electronic media, destroy the device physically to make it impossible to restore any data. Also delete data using a data erasure software program, so that data cannot be restored through any conceivable means.

• Dispose of paper documents by shredding them.10. When using a Company-provided electronic information

device (personal computer(PC), mobile phone, or external storage media such as a USB memory device)

• Be aware that passwords and other authentication information for the network, e-mail system and the device, are the keys to maintaining security and should not be disclosed to other parties.

• You are responsible for proper password management by changing your passwords for access to the network, e-mail systems, and other systems, on a regular basis.

• Paste the specified identification mark onto each device in accordance with the governing regulations.

• To prevent unauthorized access to the device, set a screensaver timeout period of five minutes or less and set a screensaver password.

• Before removing a PC from Company premises please refer to internal IT policy (*)

(*): See HSAF GCP policy for specific rules