• In response to the implementation of the EU GDPR (General Data Protection Regulation), and the strengthening of consumer privacy protection regulations in the United States, Brazil, and India, we are striving to proactively identify and mitigate improve privacy information risk factors.
• We strictly adhere to the ﬁve basic principles of privacy protection (minimum data collection, protection of the rights of customers to be informed, measures to ensure security, only using data for the purpose for which it was collected, and safe disposal) in order to meticulously manage the privacy information of our customers.
• We disclose the safe and legal process of privacy information handling in a transparent manner
• Access control measures
• One-way encryption storage
• Minimization of the printing of privacy information
• Prior approval by privacy manager
• Limited personnel with access privileges
• Controlled entry into Information Security Office
• Manage access privileges
• Security of information processing PCs
• Documentation of the purpose of collecting privacy information
• Separation of privacy information servers
• Measures enabling search/change of privacy information and cancellation of membership
• Inquiries by phone or e-mail
• Observance of information usage period
• Response to request for revocation of consent
1) SSL: A standard security technology that enables secure transfer of privacy information through an encryption algorithm.
• Through privacy impact assessments, we proactively evaluate and mitigate risk factors and make improvements to the adequacy of our privacy protection measures, which enables us to launch products and services with reinforced privacy protection features.
• We make continuous upgrades to our privacy impact assessment framework so that we can respond to changes in laws and regulations, as well as technical trends.
• We have established a framework for integrated management of the privacy information of our customers in order to promote the efﬁcient use of and prevent leakage of information.
• We have acquired domestic and international certiﬁcations for our privacy information protection system, thereby certifying the security of data protection.
|International certification||ISO 27001|
|International certification||ISO 27018|
|International certification||ISO 29100|
|International certification||ISO 27701|
• We monitor global security regulations in effect around the world, such as the EU Cybersecurity Act and UNR No.155, and continuously reflect them in our standard security requirements and guidelines in order to ensure that security is considered throughout the lifecycle of product development.
• We obtain the status of global local regulatory information through a uniﬁed collaboration system for security regulation response, and we conduct a preliminary inspection and response such that technical, administrative, and physical protection measures suited to the characteristics of our products can be applied.
• In accordance with LG-SDL, our product security activity standard, product development is carried out in compliance with security activities and standards at each stage of development.
• We operate LGE ISAC (LG Electronics Information Security Analysis Center), an organization specializing in mock hacking, with a view to checking the vulnerabilities of our IoT products and our internal and external server systems.
• We establish proactive and preemptive security incident prevention measures and improve product security by asking internal and external security experts to diagnose security vulnerabilities.
• In 2017, we established in-house standards for core security activities to be performed at each stage of the software development process and applied them before product launch. Thus, we were able to ensure the security of our products by detecting and removing potential security vulnerabilities from products in the early stages of software development.
• LG-SDL conducts an evaluation on the characteristics of each product and promotes differentiated security activities according to the degree of importance in terms of security designated to each product.
• Finally, after reviewing the results of LG-SDL activities before mass production and checking whether the related activities are being performed adequately and in accordance with related criteria, we issue a Product Security Certiﬁcation (PSC).
• We lead product software security activities based on a professional understanding of software security, and provide a software security specialist training course to enhance the capabilities of our software developers with a view to developing key security technologies.
• Software security specialists produced through our training and certiﬁcation courses actively contribute to product-speciﬁc security technology development and global compliance activities.