상단 정보영역
The LG Uplus information protection departments have established a decision making system to ensure the participation of management in all information protection matters. To enable the effective management of data security according to a variety of business needs, we maintain a committee comprising the Chief Information Security Officer (CISO) with IT operation experiences and information technology-related competence, the security officers of key departments, and working-level managers. We have also made a management system and maintained a company-wide security consultative body tasked with preventing security risks.
Every year, we receive privacy and information security management system certification (ISMS-P) for all information and privacy services. When obtaining a certification, external auditors inspect the privacy protection status and identify issues to strengthen the protection level. Also, with the expanding range of ISO27001 to the management of 5G core network operation, we completed the operational management security system for the entire 5G areas. Especially, we obtained the IoT security certification from the Korea Internet & Security Agency to achieve customer information protection technologies as well as institutional safeguard.
To respond to security incidents, we conduct real-time security monitoring 24 hours a day, 365 days a year by linking our security solutions to the privacy flow analysis system. If abnormal behavior is detected in privacy retention and processing, or if a security incident is reported, the ‘Security Incident Emergency Response Team’ is activated to respond rapidly with dedicated personnel to prevent information leakage.
LG Uplus guarantees the rights of information subjects according to the privacy protection laws. We comply with the Privacy Protection Act and the Act on Promotion of Information and Communications Network Utilization and Information Protection and establish and disclose the ‘Privacy Policy’ following the Standards for Technical and Administrative Measures for Protection of Privacy and the Privacy Policy.
To protect customers’ privacy, we prepared ten guidelines including privacy protection guidelines and privacy processing system security guidelines. These policies are applied to not only our customers but all employees including suppliers.
Privacy collection
LG Uplus collects the minimum amount of privacy.
Information for verifying users and their claimed identities
Name, social security number, passport number, driving license number, foreign registration number, etc.
Subscription information for providing services
Name, contact information, email address, personal identifiable information (CI/DI), Credit card, bank account information, etc.
Information for providing location based services
Individual location information Base station, GPS, WiFi, RFID tag, information collected by a location information system, etc.
Information generated while using the service
Service usage record, device information, quality information, membership information, Statistical data, signal strength, cookies and access log, IP, USIM information, etc.
Information for increasing service quality
Consultation content
Information for providing lifestyle and customized services
Health information such as sleep reports and heart rate
Use of privacy
The collected personal is used to provide LG Uplus services and products and improve customer convenience and quality.
Service Provision
Service subscription, change, cancellation, fee settlement, warranty service, product delivery, etc.
Customer-oriented communication
Service inquiries and complaint improvement notices, etc.
Confirmation and protection of customer information
Identity verification, prevention of illegal use of Name, etc.
Providing customer convenience & better services
Analysis for quality improvement, service provision, product development, personalized services provision, etc.
Provision of privacy
Privacy may be provided or entrusted to a third party for better services and customer convenience.
Outsourcing the processing of privacy
Part of the work for service provision and customer service is entrusted to a specialized company
Compliance with relevant laws and regulations
Privacy is provided in compliance with the procedures and methods stipulated in the law if there are special provisions in the laws.
Provision of privacy to third parties
Privacy is used by and provided to a third party within the scope notified only with a separate consent
Safe management and destruction of privacy
LG Uplus customers’ privacy is safely managed and destroyed immediately after achieving the purpose of use.
Safe management
Technical protection measures such as encryption/management and use of vaccine programs
Administrative protection measures such as limiting access to privacy and information protection training
Destruction of privacy
Privacy is immediately destructed when its retention and use period is expired
Written information is shredded or incinerated while electronic information is deleted using a method ensuring that the records cannot be reproduced
Period of use and storage
The period is not expired until the purpose of collection and use of privacy is achieved
※ According to the period defined in the relevant laws and regulations
Information protection certification
LG Uplus received information protection management system certification from Korean and foreign organizations with public confidence to protect customers’ privacy.
ISMS-P (information protection and privacy protection management system certification)
Certification scope: Operation of wired and wireless communication services and IDC and major information communication services
ISMS (information protection management system)
Certification scope: Operation of wired and wireless communication services and IDC and major information communication services
ISO/IEDC 27001: 2013
(International standard information security management system)
For more details, please refer to LG U+'s Sustainability Report.