Information Protection

Due to the diversification of IoT products and services, in addition to constant changes in the business environment, there is an increased demand on companies to be more responsible in terms of information protection. Accordingly, we protect the rights of our employees and customers by identifying risk factors related to cyber security compliance, and by ensuring transparency in disclosing the handling of privacy data both in Korea and overseas.

  • Basic System for Privacy Information Protection

    • In response to the implementation of the EU GDPR (General Data Protection Regulation), and the strengthening of consumer privacy protection regulations in the United States, Brazil, and India, we are striving to proactively identify and mitigate improve privacy information risk factors.
    • We strictly adhere to the five basic principles of privacy protection (minimum data collection, protection of the rights of customers to be informed, measures to ensure security, only using data for the purpose for which it was collected, and safe disposal) in order to meticulously manage the privacy information of our customers.
    • We disclose the safe and legal process of privacy information handling in a transparent manner

  • | Privacy Information Protection Measures |

  • Technical Measures

    • SSL1)
    • Access control measures
    • One-way encryption storage
    • Minimization of the printing of privacy information
    • Prior approval by privacy manager

  • Managerial Measures

    • Limited personnel with access privileges
    • Controlled entry into Information Security Office
    • Manage access privileges
    • Security of information processing PCs
    • Documentation of the purpose of collecting privacy information
    • Separation of privacy information servers

  • Measures to Protect Customer Rights

    • Measures enabling search/change of privacy information and cancellation of membership
    • Inquiries by phone or e-mail
    • Observance of information usage period
    • Response to request for revocation of consent


    1) SSL: A standard security technology that enables secure transfer of privacy information through an encryption algorithm.

  • Privacy Impact Assessment

    • Through privacy impact assessments, we proactively evaluate and mitigate risk factors and make improvements to the adequacy of our privacy protection measures, which enables us to launch products and services with reinforced privacy protection features.
    • We make continuous upgrades to our privacy impact assessment framework so that we can respond to changes in laws and regulations, as well as technical trends.

| Privacy Impact Assessment Framework |
Establish a privacy impact assessment framework Identify subjects Handle and analyze subjects Conduct checklist assessment Conduct risk assessment Establish improvement measures Execute measures Establish a privacy impact assessment framework Identify subjects Handle and analyze subjects Conduct checklist assessment Conduct risk assessment Establish improvement measures Execute measures
  • Integrated Privacy Information Management System

    • We have established a framework for integrated management of the privacy information of our customers in order to promote the efficient use of and prevent leakage of information.
    • We have acquired domestic and international certifications for our privacy information protection system, thereby certifying the security of data protection.

| Framework for Privacy Protection Assessment |
Management System Policy Company Regulations on Information Security / Privacy Protection Rules Organization CPO1) / Dedicated privacy protection team Response to privacy data breaches  Diagnostics/Audit/Certification GSI2) / Diagnostics / ISO3) TSS4) / ISMS5) Training/Promotion Company-wide employee training / Collective training for suppliers Protection of rights of data subjects  Life-Cycle Policy Minimum data collection / Consent to collection Policy Policy Privacy data processing guidelines / Management by a consignee Policy Privacy data destruction Privacy impact assessment / measures for ensuring safety  Protective measures SSL6) PC encryption / Database encryption Database access control / Server access control / Print-i / Privacy-i / Was-i Document shredder / Complete erasure solution Integrated monitoring Management System Policy Company Regulations on Information Security / Privacy Protection Rules Organization CPO1) / Dedicated privacy protection team Response to privacy data breaches  Diagnostics/Audit/Certification GSI2) / Diagnostics / ISO3) TSS4) / ISMS5) Training/Promotion Company-wide employee training / Collective training for suppliers Protection of rights of data subjects  Life-Cycle Policy Minimum data collection / Consent to collection Policy Policy Privacy data processing guidelines / Management by a consignee Policy Privacy data destruction Privacy impact assessment / measures for ensuring safety  Protective measures SSL6) PC encryption / Database encryption Database access control / Server access control / Print-i / Privacy-i / Was-i Document shredder / Complete erasure solution Integrated monitoring
Certifications for Integrated Information Security Management System
International certification ISO 27001
Domestic certification ISMS
International certification ISO 27018
Domestic certification ISMS
International certification ISO 29100
Domestic certification ISMS
International certification ISO 27701
Domestic certification ISMS
  • Basic Principle of Product Security

    • We monitor global security regulations in effect around the world, such as the EU Cybersecurity Act and UNR No.155, and continuously reflect them in our standard security requirements and guidelines in order to ensure that security is considered throughout the lifecycle of product development.
    • We obtain the status of global local regulatory information through a unified collaboration system for security regulation response, and we conduct a preliminary inspection and response such that technical, administrative, and physical protection measures suited to the characteristics of our products can be applied.

  • Product Security Management System

    • In accordance with LG-SDL, our product security activity standard, product development is carried out in compliance with security activities and standards at each stage of development.
    • We operate LGE ISAC (LG Electronics Information Security Analysis Center), an organization specializing in mock hacking, with a view to checking the vulnerabilities of our IoT products and our internal and external server systems.
    • We establish proactive and preemptive security incident prevention measures and improve product security by asking internal and external security experts to diagnose security vulnerabilities.

| Product Security Management System |
Policy / LG Electronics Product Security Activity Standard / LG Electronics Product Security Guide / LG Electronics Product Security Certification / Supplier Security Management Policy Organization / Company-wide/development security team / Breach test team / Product development team / Quality team Training / Security awareness training / Secure coding training / Cybersecurity engineering training / Product security technology/training Cyber breach response / Cyber breach response process / Security event classification standards / Security update / Bug Bounty Program Reference standards / NIST Cybersecurity Framework1) / NIST 800-532) / ETSI EN 303 6453) / ISO/SAE 214344) Policy / LG Electronics Product Security Activity Standard / LG Electronics Product Security Guide / LG Electronics Product Security Certification / Supplier Security Management Policy Organization / Company-wide/development security team / Breach test team / Product development team / Quality team Training / Security awareness training / Secure coding training / Cybersecurity engineering training / Product security technology/training Cyber breach response / Cyber breach response process / Security event classification standards / Security update / Bug Bounty Program Reference standards / NIST Cybersecurity Framework1) / NIST 800-532) / ETSI EN 303 6453) / ISO/SAE 214344)
1) National Institute of Standards and Technology’s Cyber Security Improvement Framework
2) Security controls for security and privacy guidelines required by the U.S. government and critical infrastructure
3) European Telecommunications Standards Association's Security Requirements for IoT Products
4) Cyber Security Engineering Standards for Vehicles made by ISO International Organization and Society of Automotive Engineers (SAE)
| LG-SDL Cycle |
LG-SDL Stage-Specific Security Activities LG Secure Development Lifecycle  Design - Security design review  Realization - Security realization - Analysis of security vulnerabilities of open source - static security analysis - Testing security functions  Test - Fuzz testing - Breach testing  Release - Final product security review/certification  Response - Response to security issues following product launch  Preparation - Security training - Software security specialists training  Requirements - Defining product security grading system - Planning LG-SDL - Analysis of security requirement LG-SDL Stage-Specific Security Activities LG Secure Development Lifecycle  Design - Security design review  Realization - Security realization - Analysis of security vulnerabilities of open source - static security analysis - Testing security functions  Test - Fuzz testing - Breach testing  Release - Final product security review/certification  Response - Response to security issues following product launch  Preparation - Security training - Software security specialists training  Requirements - Defining product security grading system - Planning LG-SDL - Analysis of security requirement
  • LG Electronics Product Security Activity Standard: LG-SDL

    • In 2017, we established in-house standards for core security activities to be performed at each stage of the software development process and applied them before product launch. Thus, we were able to ensure the security of our products by detecting and removing potential security vulnerabilities from products in the early stages of software development.
    • LG-SDL conducts an evaluation on the characteristics of each product and promotes differentiated security activities according to the degree of importance in terms of security designated to each product.
    • Finally, after reviewing the results of LG-SDL activities before mass production and checking whether the related activities are being performed adequately and in accordance with related criteria, we issue a Product Security Certification (PSC).

  • Nurturing Software Security Expert Development

    • We lead product software security activities based on a professional understanding of software security, and provide a software security specialist training course to enhance the capabilities of our software developers with a view to developing key security technologies.
    • Software security specialists produced through our training and certification courses actively contribute to product-specific security technology development and global compliance activities.