Customer Privacy Protection
As we face the cutting-edge technology era of the 21st century, global enterprises are making every effort to protect valuable corporate information and customer information. Information security activity is recognized as an essential factor for LG Electronics’ sustainable growth and LG Electronics is implementing diverse activities as a world leading enterprise.
GLOBAL INFORMATION SECURITY POLICY
With the Corporate Information Security Regulations as the governing principle, LG Electronics established the Corporate Information Security Rules and the Personal Information Protection Rules as the policy standard for corporate information security and personal information protection. All related policies conform to these rules to ensure that information security management at all business sites is operating at the highest level. These measures allow us not only to maintain a high level of information security management across the board, but also to enhance our corporate credibility by ensuring policy consistency across all business sites.
PIMS Certification/ Compliance Risk Management on Personal Information Protection
As part of our efforts to promote systematic protection of customers’ personal information, LG Electronics acquired the Personal Information Management System (PIMS) certification in December 2012. Also, LG Electronics is making a wide range of efforts to effectively prevent information breach and respond to compliance requirements, such as establishing control measures against information leaks and judiciously complying with the legal requirements prescribed by countries. LGE also requires all its business sites, Korean and overseas, to carry out risk management activities based on the list of requirements issued by HQ, while assessing their performance on a semiannual basis. The assessment results are reported to top management and follow-up measures are implemented. We are responding effectively to compliance risks by carefully managing risks commonly shared by our business sites in Korea and overseas.
Assessment of Personal Information Management
Under the leadership of HQ, LG Electronics conducts a corporate-level annual assessment of its business sites and subsidiaries to evaluate their level of personal information management, and all business sites and subsidiaries are required to perform the same assessment internally on a semiannual basis. We also added “Personal Information” to our Compliance Risk Management criteria to ensure that all our business sites and subsidiaries regularly measure their compliance risk level and address risks year round. In order to gain public confidence in our stewardship of personal information, we submit ourselves to an annual certification process performed by the Korea Internet & Security Agency (KISA), and receive a biannual assessment from LG Corp. to identify and address risks. Based on the systematic risk management, LG Electronics ensures that effective compliance efforts are made at all of its business sites, both in Korea and overseas.
Establishment of Personal Information Impact Assessment System
LG Electronics has established a personal information impact assessment system to prevent compliance risks associated with related laws and regulations and to systematically and automatically manage personal information data and associated risks at a corporate level. With the system in place, we have the infrastructure to prevent non-compliances and information breaches, and to manage personal information systematically at a corporate level, thereby minimizing risks as well as potential damages.
PROACTIVE MEASURES TO PROTECT PERSONAL INFORMATION
LG Electronics recently disposed of more than eight million sets of personal information collected from registered website users. Although our corporate website previously required customers to register their personal information to provide features such as access to product information and manuals, we have taken off part of the clause, “limited to registered members,” from our terms of service and suspended the collection of personal information and disposed the personal information previously collected and maintained. Now, our corporate website provides product information and other convenience features to all customers including registered members. We strongly believe that suspending the collection of unnecessary personal information all together is a more fundamental and effective solution against risks such as breach of personal information than colleting such information and making best effort to protect it.
Also, LG Electronics bases its policies and actions concerning personal information protection on the OECD Eight Privacy Principles, and makes every effort towards complying with the local privacy and data protection laws, such as the Data Protection Principles (DPP) of the European Union and the Children’s Online Privacy Protection Act (COPPA) of the United States. As part of our compliance efforts, we are in the process of signing the Data Transfer Agreement (DTA) between HQ and our European subsidiaries to honor one of the core compliance requirements of the DPP, and fully comply with the prohibition on collecting the personal information of children, one of the main requirements of the COPPA. Based on close communication and collaboration between our information security and legal teams, LG Electronics carefully monitors privacy protection legislations around the world and responds to them as immediately as possible. Thanks to our vigilant response, LG Electronics received no customer complaints concerning breach or protection of personal information in 2014.
DEVELOPING GLOBAL SECURITY SPECIALISTS
In order to raise employee awareness on information security at the fundamental level, LG Electronics is focusing on improving the capabilities of security managers at our business sites in both Korea and overseas. In particular, we developed a roadmap for each specialty (managerial security, physical security, technical security, personal information security, etc.) and defined clearly the level of expertise required from security managers at each step to ensure that an improvement in individual capability directly leads to an increase in the quality of information security at the corporate level.
In 2014, 97.4% of our Korean employees and 93.3% of overseas employees (excluding those on long-term leave) completed online training on information security and personal information protection. We also conducted the Global Security Training simultaneously in four different regions (China, Dubai, Indonesia, and Panama) with the participation of 78 security managers from 59 subsidiaries in order to enhance the capabilities of managers and to discuss regional security issues.
Additionally, we conduct hospitality training for staff in charge of security at our business site to raise their awareness of sexual harassment and improve case-bycase response to customers. This training is conducted to prevent infringement on human rights that may occur during the performance of security procedures, which ultimately helps us to protect the human rights of both our employees and customers who visit our business sites.
Industrial Security Management System Certification for Suppliers
As part of our efforts to create an information security environment that facilitates Win-Win Growth, LG Electronics conducts regular assessment and training for information security. Of our suppliers, five that produce design models and require a high level of information security completed the certification process for their industrial security management system in March 2013.
The Industrial Security Management System Certification, issued by the Korean Association for Industrial Technology Security, is awarded to businesses that hold the rights to industrial technologies and have in place preventative measures against improper information leaks and asset loss from a wide range of disasters for each of their production processes. Businesses are evaluated on over 300 items from 65 criteria in 5 areas (general management, physical infrastructure, technical infrastructure,responsiveness to security breaches, and security knowledge management) for the certification.
READ MORE_ ‘CUSTOMER PRIVACY PROTECTION_2012’
READ MORE_ ‘CUSTOMER PRIVACY PROTECTION_2013’
READ MORE_ ‘CUSTOMER PRIVACY PROTECTION_2014’