Companies are required to retain their records by the following laws:
- The Consumption Tax Act (Act No. 108 of 1988) business operators and special importers to retain consumption tax-related books and records, such as those related to asset transfers or the purchase and collection of taxable goods, for seven years after the year in which they complete the records (Art. 58(1));
- The Corporation Tax Act (Act No. 34 of March 31, 1965): books, records, and documents for seven years (Art. 126(1));
- The Companies Act (Act No. 86 of July 26, 2005): shareholder meeting minutes for ten years (Art. 318(2)), account books and important business materials for ten years (Art. 432(2)), and financial statements, business reports, and supplementary schedules used to prepare financial statements for ten years (Art. 435(4)).

A business operator must retain information for electronic transactions for seven years (Article 10, Act on Special Provisions concerning Preservation Methods for Books and Documents Related to National Tax Prepared by Means of Computers (Act No. 25 of 1998)).
A business operator who uses e-mail for advertising must preserve documents that evidence consents from receivers to send such email prior to the transmission (Article 3(2), Act on Regulation of the Transmission of Specified Electronic Mail ((Act No. 26 of 2002)).

Japan has joined agreements with binding commitments to open transfers of data across borders: the Comprehensive and Progressive Agreement for Trans-Pacific Partnership (CPTPP, Art. 14.11), the Agreement Between The United States Of America And Japan Concerning Digital Trade (Art. 11), and the Agreement between the United Kingdom of Great Britain and Northern Ireland and Japan for a Comprehensive Economic Partnership (Art 8.84).

The Act on the Protection of Personal Information (Act No. 57 of 2003) (APPI), enacted in 2003 and last amended in 2022, is Japan's data protection regime. The Amendment Bill of the Act on the Protection of Personal Information was approved by the Diet in June 2020 and entered into effect on 1 April 2022.
In addition to the APPI, the Personal Information Protection Commission (PPC) issued general guidelines, guidelines on data transfer to a third party in a foreign country, guidelines on confirmation and records for providing to a third party, and guidelines on anonymously processed information. Furthermore, the Guideline on Personal Information Protection in Telecommunications Business issued by the Ministry of Internal Affairs and Communications, genetic information guidelines issued by the Ministry of Economy, Trade and Industry, financial affairs guidelines jointly issued by the PPC and the Financial Services Agency, medical care guidelines jointly issued by the PPC and the Ministry of Health, Labor and Welfare are also relevant.

The Act on the Protection of Personal Information (Act No. 57 of 2003) (APPI) did not originally restrict the transfer of personal information to foreign countries, but amendments enacted in 2015 and which took effect in May 2017 added restrictions on cross-border data flows. The amended APPI prescribes three types of legitimate transfers of personal information to a third party in a foreign country under Article 24: (1) transfers to a country that the Personal Information Protection Commission (PPC) has designated as having an acceptable level of data protection; (2) transfers to a third party in a foreign country in circumstances in which actions have been taken to ensure the same level of data protection as in Japan (such as entering into a data transfer agreement imposing obligations on the transferee meeting the requirements of the APPI); or (3) transfers with the data subject’s consent.
Under the Enforcement Rules for the APPI (promulgated in 2016), as for (2), Article 11 specifies that it means: "(i) a personal information handling business operator and a person who receives the provision of personal data have ensured in relation to the handling of personal data by the person who receives the provision the implementation of measures in line with the purport of the provisions under Chapter IV, Section 1 of the Act by an appropriate and reasonable method or (ii) a person who receives the provision of personal data has obtained a recognition based on an international framework concerning the handling of personal information." To date, the only PPC-recognized international framework is the APEC Cross-Border Privacy Rules System.

The Guidelines on Security Management of Information System and Services Handling Medical Information provide that information systems for the handling of medical data must be located in the territory of Japan so that in the event of an emergency, Japanese governmental authorities can enforce their power to collect information or issue administrative orders. Although this is not a mandatory requirement based on a specific law, it is reported that some medical institutions have requested that service providers maintain servers inside Japan to comply with these Guidelines.

The National Center of Incident Readiness and Strategy for Cybersecurity (NISC) “Common Standards for Information Security Measures for Government Agencies” allows for government agencies to make use of systems that are "isolated" from the internet if necessary. Information on the agencies affected is not readily available. This policy effectively involves the localisation of data used by the public services concerned.

Japan has appended the World Trade Organization (WTO) Telecom Reference Paper to its schedule of commitments.

Japan has a telecommunications authority: The Ministry of Internal Affairs and Communications. However, it is reported that the decision making process of this entity is not fully independent from the government.

Despite the government's responses to complaints about Nippon Telegraph and Telephone Corporation's (NTT) allegedly anticompetitive practice through publishing new guidelines, promulgating regulations, and amending the Telecommunications Business Act (Act No. 86 of 1984), it is reported that the incumbent status of the NTT group has become a concern in the eyes of its competitors and service providers seeking interconnection to its network. For example, NTT only provided access to its fibre optic network on a bulk basis until February 2015, when NTT East and NTT West started to offer single-line fibre optic wholesale access to non-traditional telecommunication companies such as Sohgo Security Services and Tsutaya, a rental vide company.
Another example is that KDDI and Softbank raised concerns that NTT East and NTT West sold their fibre optic wholesale services to NTT service providers such as NTT DOCOMO and NTT Communications at lower prices than to unaffiliated companies. This allegedly enabled the NTT group companies to sell their fibre optic services to end users at lower prices than their competitors. A survey conducted by the MIC showed that NTT DOCOMO and NTT Communications (a data communication company within the NTT group) obtained approximately 60% of the fibre optic wholesale service market by offering large fee discounts on their respective mobile services to end users. However, the MIC's investigation in 2018 did not establish the alleged anticompetitive practices.

Under the Radio Act (Act No. 131 of 1950), the allocation of the spectrum is at the discretion of the Ministry of Internal Affairs and Communication (MIC), based on consultation with the Radio Regulatory Council and consideration of plans submitted by the operators. The MIC's decision-making has been criticized as arbitrary and opaque. The Act was amended in May 2019 to adopt what is called a "partial auction system," whereby the MIC considers the amount of special fees submitted by the applicant based on their own valuation of the spectrum, although it is not a decisive element. In 2015, the MIC allocated spectrum appropriate for 4G to NTT DOCOMO, KDDI, and Softbank. In 2019, 5G spectrum was allocated to NTT DOCOMO, KDDI, Softbank, and Rakuten Mobile.
It reported that "several current spectrum allocations create bands unique to Japan (e.g., for self-driving vehicles) that prevent foreign technologies from functioning in Japan."

Nippon Telegraph and Telephone Corporation (NTT) is incorporated under the Act on Nippon Telegraph and Telephone Corporation, etc. (Act No. 85 of 1984) (NTT Act). NTT, being the incumbent in the telecommunications industry, is partly owned by the Japanese government by one-third of its stock.

It is reported that Japan mandates functional and accounting separation for operators with significant market power (SMP) in the telecom market.

According to Arts. 4-6 of the Act on Nippon Telegraph and Telephone Corporation (Act No. 85 of 1984), foreigners' aggregate ownership cannot exceed one-third of the aggregate voting rights of Nippon Telegraph and Telephone Corporation (NTT), which holds all the issued shares of NTT-East and NTT-West.

The Unfair Competition Prevention Law (Law No. 47 of 1993) provides a framework for the effective protection of trade secrets. A ‘trade secret’ is defined in the law as a production method, sales method, or any other technical or operational information useful for business activities that are kept secret and are not publicly known (Art. 2). According to Art. 3 of the law, those businesses or persons whose business interests have been, or are threatened to be, infringed on by misappropriation or illegal disclosure shall have the right to seek an injunction. The Unfair Competition Prevention Act provides civil and criminal remedies in such cases where secret information about the company is stolen or disclosed illegally. To protect information according to the Act, companies need to manage such data as “trade secrets”.