During the activities in June, Xiaomi highlighted its information security and privacy protection practices to its employees, industry executives, industry experts and the public. It also distributed white papers on security and privacy as well as a transparency report about data security.
This is the second year for Xiaomi’s Security and Privacy Awareness Month. This year, the theme was “Security is our shared responsibility. Always think before you act.” The goal was to show Xiaomi’s determination to pursue industry-leading standards on security and privacy and to reinforce its commitment to transparency.
Cui Baoqiu, Xiaomi Vice President and Chairman of Xiaomi Security and Privacy Committee, said, “As a leading Android smartphone manufacturer, we carry a great responsibility. We are committed to letting consumers know how their personal information is collected, used, and protected. We are proud to say that Xiaomi upholds world-class standards on security, privacy, and transparency.”
The protection of users’ data and privacy has always been Xiaomi’s priority. In 2014, Xiaomi established its Security and Privacy Committee. In 2016, Xiaomi became the first Chinese enterprise to receive certification from TrustArc. Xiaomi adopted the General Data Protection Regulation (GDPR) of European Union compliance assessment in 2018. In 2019, Xiaomi security and privacy practices were certificated on ISO/IEC 27001, ISO/IEC 27018. It also published its first version of the MIUI security and privacy white paper.
At this year’s monthlong program, employees and visitors learned about security and privacy related topics. These included how to protect personal information through interactive exhibition. Classes from Xiaomi’s Security Academy were also held for employees, covering topics for different departments, for example, “How to Stick to the Privacy Protection in Product Development”, “General Safety Research and Development”, and “Business Risk Control”, etc. Xiaomi Cup CTF competition offered an opportunity for thousands of engineers to act as “hackers” and to participate in a coding competition to solve privacy challenges. The company also invited International Association of Privacy Professionals (IAPP) certificated instructors to conduct professional training for employees.
Xiaomi held an IoT Security Panel and a Privacy Protection Panel with industry experts on security and privacy. Participants included Margaret Honda, Global Research Manager at IAPP, Brad Ree, CTO at ioXt, David Mudd, Global Digital Product Certification Director at BSI, Scott Roberts, Director of Android Security Assurance at Google, Richard Watson, Lead Partner of APAC Cybersecurity Risk Management at EY, and Paul Breitbarth, Director of Global Policy & EU Strategy at TrustArc.
Richard Watson, Lead Partner of APAC Cybersecurity Risk Management at EY, noted that consumers expect their data to be collected and stored securely. The most important factors when sharing personal data with an organization were secure collection and storage processes (63%), control over what data is being shared (57%), and trust (51%) . Paul Breitbarth, Director of Global Policy & EU Strategy at TrustArc, advised organizations about the international transfer of user data. He discussed the importance for data exporters to ensure an essentially equivalent level of data protection by adhering to international laws and undertaking other verifiable actions.
Transparency, accountability, user control, security and compliance are Xiaomi’s privacy protection principles. Xiaomi complies with local laws in all markets in which it does business. It will never cease to produce safe and reliable products around the world to help everyone enjoy a better life through innovative technologies.
The sharp pace of technological development and lifestyle changes due to the current pandemic have led to a rapid awareness of the importance of personal data. How are they collected? How are they processed? How are they used against us? These are just a few questions from a long list.
Who is responsible for protecting this information? Everyone involved. Developers. Manufacturers. Traders. Users. Everyone has a responsibility at their level. A simple user will never be able to identify secret data collection techniques. Only the manufacturer can do it. And other teams that have an obligation to supervise him. Also, it is not the developer’s fault if the user continues to use a standard password with a minimum level of complexity.
This topic is extremely complex. Its approach requires a certain level of technological maturity and confidence..