Security & privacy

Development process

  • System security reviews with threat modelling
  • Data privacy reviews
  • Quality assurance reviews
  • Sony security experts

Activities

  • Penetration testing of software and hardware *
  • Continuous monitoring of system with alarms
  • Scheduled vulnerability scanning *

Amazon Web Services

  • Multi factor authentication login
  • Audit trail
  • Principle of least privilege

Incident Management

  • Proven Sony process

* Performed by external security company and Sony

Personal data

  • Personal data encrypted at rest
  • HTTPS is used everywhere
  • Certificate pinning from apps to cloud

Personal data handling process

  • Personal data has an owner
  • Process to grant access to data for development

GDPR compliance

  • Terms of usage and privacy policy
  • Data retention limits
  • Process for handling end user data access and deletion requests
  • Data processing agreement with Amazon
  • The Swedish Data Protection Authority has been consulted

Data analytics

  • All data is aggregated, individual users not identifiable

Sony corporate legal approval

  • All handling of personal information is reviewed by Sony’s legal department

Sony Global Information security and privacy

https://www.sony.net/SonyInfo/csr_report/governance/internal_control/information_security.html