Security & privacy
Development process
- System security reviews with threat modelling
- Data privacy reviews
- Quality assurance reviews
- Sony security experts
Activities
- Penetration testing of software and hardware *
- Continuous monitoring of system with alarms
- Scheduled vulnerability scanning *
Amazon Web Services
- Multi factor authentication login
- Audit trail
- Principle of least privilege
Incident Management
- Proven Sony process
* Performed by external security company and Sony
Personal data
- Personal data encrypted at rest
- HTTPS is used everywhere
- Certificate pinning from apps to cloud
Personal data handling process
- Personal data has an owner
- Process to grant access to data for development
GDPR compliance
- Terms of usage and privacy policy
- Data retention limits
- Process for handling end user data access and deletion requests
- Data processing agreement with Amazon
- The Swedish Data Protection Authority has been consulted
Data analytics
- All data is aggregated, individual users not identifiable
Sony corporate legal approval
- All handling of personal information is reviewed by Sony’s legal department
Sony Global Information security and privacy
https://www.sony.net/SonyInfo/csr_report/governance/internal_control/information_security.html