Cyber Security and Data Protection

Recently, cyberattacks have become increasingly sophisticated and creative, raising the risk of large-scale incidents and damage, including targeting our business partners and supply chains. Simultaneously, companies must deploy enterprise cyber security measures, as society demands responsibility for addressing security incidents.

The executive officer responsible for cyber security is the Group Chief Information Officer (Group CIO). The Group Chief Technology Officer (Group CTO) is responsible for factory system and product security (as of August 2025). Panasonic Holdings Corporation (“PHD”) established the Cyber Security Supervisory Office, headed by the Group CIO, to oversee the three aspects of information, factory system, and product security, accelerate and focus cyberattack countermeasures, and promote cyber hygiene (prevention under normal conditions) and cyber resilience (response and recovery during incidents). Furthermore, PHD and our Group companies appoint managers in charge of information security, factory system security, and product security. All Group companies promote security strategies for all functions based on PHD’s basic policy and Groupwide regulations.

To mitigate stoppages, unauthorized operation, content falsification, and other damage to the Group’s internal systems, internal and external web services, and other IT systems, Panasonic takes a multifaceted approach to ensure that our IT systems maintain stable operations.

We build and update systems following our security policies, conduct periodic vulnerability assessments, and use periodic committee meetings and other means to ensure that IT system managers at Group companies thoroughly implement our strategies.

Panasonic established guidelines for breach prevention, anomaly detection, and incident response covering defense against cyberattacks on its factories. We review these guidelines on an ongoing basis. All of Panasonic’s sites worldwide defend against cyberattack risks following these guidelines. We also conduct response training for plant personnel on the assumption that security incidents will occur to help raise awareness.

As consumers conveniently use various products equipped with software and connected with networks, we must ensure product security to prevent harm from attacks initiated by malicious third parties who aim to leak or alter data or cause device malfunction. Panasonic establishes internal structure and rules, including guidelines for promoting security-conscious development, and regularly reviews the structure and rules to ensure customer peace of mind when using products. We also promote research and development in AI-based anomaly detection technology to prevent harm from cyberattacks. Moreover, there is training to provide employees with skills necessary to ensure product security such as risk analysis and secure coding.

To jointly tackle the above 3 initiatives, we have a dedicated team that regularly collects and monitors information about threats and vulnerabilities and implements countermeasures as necessary, while another team is dedicated to conducting drills in response to an assumed cyberattack.

In order to gain customer satisfaction and trust through our products and services, the Group believes it is important to recognize various information including personal information entrusted to us by stakeholders such as business partners and customers as important assets for these stakeholders and valuable management resources for the Group. We believe it is important to protect and handle such information appropriately. Furthermore, since the enactment of the EU General Data Protection Regulation (GDPR), personal information protection legislation has been enacted and/or revised in various countries, and its importance is growing as our Group’s data utilization business expands.

Therefore, we are committed to ensuring information security and protecting personal information per the information security policies outlined in the Panasonic Group Code of Ethics and Compliance, as well as management regulations and guidelines related to information security, and the basic information security and personal information protection policies established by all Group companies. We ensure transparency in the handling of personal information by providing timely notice or disclosures to users of our products and services or individuals who are the subjects of personal information regarding our purposes for using personal information and other relevant matters and any updates of our policies, as required by applicable laws and regulations, and depending on individual circumstances. We implement the appropriate organizational, technical, and physical security management measures to accurately record information; properly manage, use, and dispose of it; and prevent its unauthorized use, leakage, and falsification. We set limits on retention periods for personal information, depending on the purpose for which the information is acquired and as required by law. We also strive to raise employee awareness through regular employee training, confirm and evaluate the state of our information handling through internal audits, and make improvements as needed.

Furthermore, we ensure that information provided to third parties is protected at a level consistent with the Group's policies by taking all necessary and appropriate measures, including ensuring that they are adequately managed and contracts are signed to ensure that third parties appropriately manage the information provided to them.

We have established systems to respond to requests from individuals regarding the disclosure, correction, or deletion of their personal information, as well as concerns or complaints related to personal information (privacy). We notify or publish the contact point for inquiries in a manner that is easy for individuals to understand and access.

The executive officer in charge of information security and protection of personal information is Group Chief Information Officer (Group CIO) (as of August 2025).

Panasonic Group has established responsible person in charge of information security and personal information protection in PHD and each operating company, and each operating company promotes information security initiatives in line with the Basic Information Security Policy and Global Rules, established by PHD.

In recent years, many countries have enacted or revised personal information protection laws and regulations. We recognize the importance of thorough compliance with personal information protection.

As our IoT business grows, our employees are increasingly likely to handle customer lifelogs and other personal information worldwide. Therefore, Panasonic is striving to improve its data management to provide a higher level of privacy protection. Additionally, to comply with the EU General Data Protection Regulation (GDPR), and other laws in various countries, we have prepared response manuals and are strengthening our efforts to ensure compliance and accountability to society through employee education and other measures. Panasonic Group strives to protect personal information based on the Personal Information Protection Policy established by each Group company, which mirrors PHD’s policies.

In addition, we are responding to risks by classifying personal information according to its sensitivity and the impact of its disclosure, and then implementing organizational, technical, and physical security control measures depending on that classification. We have mechanisms in place to check how the Panasonic Group is actually handling personal information, and regularly assess risks related to personal information (privacy).

Ex.) PHD

Panasonic has established reporting and response systems in its incident response rules and thoroughly trains employees to minimize harm during an incident. In the unlikely event of an incident, we also work to uncover the cause and prevent recurrence.