LG U+

The LG Uplus information protection departments have established a decision making system to ensure the participation of management in all information protection matters. To enable the effective management of data security according to a variety of business needs, we maintain a committee comprising the Chief Information Security Officer (CISO) with IT operation experiences and information technology-related competence, the security officers of key departments, and working-level managers. We have also made a management system and maintained a company-wide security consultative body tasked with preventing security risks.

Every year, we receive privacy and information security management system certification (ISMS-P) for all information and privacy services. When obtaining a certification, external auditors inspect the privacy protection status and identify issues to strengthen the protection level. Also, with the expanding range of ISO27001 to the management of 5G core network operation, we completed the operational management security system for the entire 5G areas. Especially, we obtained the IoT security certification from the Korea Internet & Security Agency to achieve customer information protection technologies as well as institutional safeguard.

• 

  Privacy & Information Security
  
  Management System Certification

• 

  ISO 27001

To respond to security incidents, we conduct real-time security monitoring 24 hours a day, 365 days a year by linking our security solutions to the privacy flow analysis system. If abnormal behavior is detected in privacy retention and processing, or if a security incident is reported, the ‘Security Incident Emergency Response Team’ is activated to respond rapidly with dedicated personnel to prevent information leakage.

• 

  Privacy collection

  LG Uplus collects
  the minimum amount of privacy.

  Information for verifying users and their claimed identities

  Name, social security number, passport number, driving license number, foreign registration number, etc.

  Subscription information for providing services

  Name, contact information, email address, personal identifiable information (CI/DI), Credit card, bank account information, etc.

  Information for providing location based services

  Individual location information Base station, GPS, WiFi, RFID tag, information collected by a location information system, etc.

  Information generated while using the service

  Service usage record, device information, quality information, membership information, Statistical data, signal strength, cookies and access log, IP, USIM information, etc.

  Information for increasing service quality

  Consultation content

  Information for providing lifestyle and customized services

  Health information such as sleep reports and heart rate

• 

  Use of privacy

  The collected personal is used to provide LG Uplus services and products and improve customer convenience and quality.

  Service Provision

  Service subscription, change, cancellation, fee settlement, warranty service, product delivery, etc.

  Customer-oriented communication

  Service inquiries and complaint improvement notices, etc.

  Confirmation and protection of customer information

  Identity verification, prevention of illegal use of Name, etc.

  Providing customer convenience & better services

  Analysis for quality improvement, service provision, product development, personalized services provision, etc.

• 

  Provision of privacy

  Privacy may be provided or entrusted to a third party for better services and customer convenience.

  Outsourcing the processing of privacy

  Part of the work for service provision and customer service is entrusted to a specialized company

  Compliance with relevant laws and regulations

  Privacy is provided in compliance with the procedures and methods stipulated in the law if there are special provisions in the laws.

  Provision of privacy to third parties

  Privacy is used by and provided to a third party within the scope notified only with a separate consent

• 

  Safe management and destruction of privacy

  LG Uplus customers’ privacy is safely managed and destroyed immediately after achieving the purpose of use.

  Safe management

  Technical protection measures such as encryption/ management and use of vaccine programs

  Administrative protection measures such as limiting access to privacy and information protection training

  Destruction of privacy

  Privacy is immediately destructed when its retention and use period is expired

  Written information is shredded or incinerated while electronic information is deleted using a method ensuring that the records cannot be reproduced

  Period of use and storage

  The period is not expired until the purpose of collection and use of privacy is achieved

  ※ According to the period defined in the relevant laws and regulations

• 

  Information protection certification

  LG Uplus received information protection management system certification from Korean and foreign organizations with public confidence to protect customers’ privacy.

  ISMS-P(information protection and privacy protection management system certification)

  Certification scope: Operation of wired and wireless communication services and IDC and major information communication services

  ISMS (information protection management system)

  Certification scope: Operation of wired and wireless communication services and IDC and major information communication services

  ISO/IEDC 27001: 2013
  (International standard information security management system)