Customer Privacy Protection
As we face the cutting-edge technology era of the 21st century, global enterprises are making every effort to protect valuable corporate information and customer information. Information security activity is recognized as an essential factor for LG Electronics’ sustainable growth and LG Electronics is implementing diverse activities as a world leading enterprise.
Information Security Training
LG Electronics conducted training on information security and personal information protection for domestic and overseas employees. The training was provided in 14 different languages to increase effectiveness for overseas employees and organized into sessions on information security practices, understanding personal information protection, and management issues at each stage of personal information lifecycles.
In 2013, 98.7% of our Korean employees and 98.2% of overseas employees (excluding those on long-term leave) signed and submitted a pledge to protect the personal information of our customers. Additionally, 96% of our employees who regularly handle personal information and 97% of supplier staff in charge of system administration have completed the required training.
Industrial Security Management System Certification for Suppliers
As part of our efforts to create an information security environment that facilitates Win-Win Growth, LG Electronics conducts regular assessment and training for information security. Of our suppliers, five that produce design models and require a high level of information security completed the certification process for their industrial security management system in March 2013.
The Industrial Security Management System Certification, issued by the Korean Association for Industrial Technology Security, is awarded to businesses that hold the rights to industrial technologies and have in place preventative measures against improper information leaks and asset loss from a wide range of disasters for each of their production processes. Businesses are evaluated on over 300 items from 65 criteria in 5 areas (general management, physical infrastructure, technical infrastructure,responsiveness to security breaches, and security knowledge management) for the certification.
PIMS Certification/ Compliance Risk Management on Personal Information Protection
As part of our efforts to promote systematic protection of customers’ personal information, LG Electronics acquired the Personal Information Management System (PIMS) certification in December 2012. Also, LG Electronics is making a wide range of efforts to effectively prevent information breach and respond to compliance requirements, such as establishing control measures against information leaks and judiciously complying with the legal requirements prescribed by countries. LGE also requires all its business sites, Korean and overseas, to carry out risk management activities based on the list of requirements issued by HQ, while assessing their performance on a semiannual basis. The assessment results are reported to top management and follow-up measures are implemented. We are responding effectively to compliance risks by carefully managing risks commonly shared by our business sites in Korea and overseas.
Assessment of Personal Information Management
Under the leadership of HQ, LG Electronics conducts a corporate-level annual assessment of its business sites and subsidiaries to evaluate their level of personal information management, and all business sites and subsidiaries are required to perform the same assessment internally on a semiannual basis. We also added “Personal Information” to our Compliance Risk Management criteria to ensure that all our business sites and subsidiaries regularly measure their compliance risk level and address risks year round. In order to gain public confidence in our stewardship of personal information, we submit ourselves to an annual certification process performed by the Korea Internet & Security Agency (KISA), and receive a biannual assessment from LG Corp. to identify and address risks. Based on the systematic risk management, LG Electronics ensures that effective compliance efforts are made at all of its business sites, both in Korea and overseas.
Establishment of Personal Information Impact Assessment System
LG Electronics has established a personal information impact assessment system to prevent compliance risks associated with related laws and regulations and to systematically and automatically manage personal information data and associated risks at a corporate level. With the system in place, we have the infrastructure to prevent non-compliances and information breaches, and to manage personal information systematically at a corporate level, thereby minimizing risks as well as potential damages.
Read more_ ‘Customer Privacy Protection’