Xiaomi completed its Security and Privacy Awareness Month at the Xiaomi Science and Technology Park. During the activities in June, Xiaomi highlighted its information security and privacy protection practices to its employees, industry executives, industry experts and the public. It also distributed white papers on security and privacy as well as a transparency report about data security.
This is the second year for Xiaomi’s Security and Privacy Awareness Month. This year, the theme was “Security is our shared responsibility. Always think before you act.” The goal was to show Xiaomi’s determination to pursue industry-leading standards on security and privacy and to reinforce its commitment to transparency.
Cui Baoqiu, Xiaomi Vice President and Chairman of Xiaomi Security and Privacy Committee, said, “As a leading Android smartphone manufacturer, we carry a great responsibility. We are committed to letting consumers know how their personal information is collected, used, and protected. We are proud to say that Xiaomi upholds world-class standards on security, privacy, and transparency.”
The protection of users’ data and privacy has always been Xiaomi’s priority. In 2014, Xiaomi established its Security and Privacy Committee. In 2016, Xiaomi became the first Chinese enterprise to receive certification from TrustArc. Xiaomi adopted the General Data Protection Regulation (GDPR) of the European Union compliance assessment in 2018. In 2019, Xiaomi’s security and privacy practices were certificated on ISO/IEC 27001, ISO/IEC 27018. It also published its first version of the MIUI security and privacy white paper.
At this year’s month-long program, employees and visitors learned about security and privacy-related topics. These included how to protect personal information through an interactive exhibition. Classes from Xiaomi’s Security Academy were also held for employees, covering topics for different departments, for example, “How to Stick to the Privacy Protection in Product Development”, “General Safety Research and Development”, and “Business Risk Control”, etc. Xiaomi Cup CTF competition offered an opportunity for thousands of engineers to act as “hackers” and to participate in a coding competition to solve privacy challenges. The company also invited International Association of Privacy Professionals (IAPP) certificated instructors to conduct professional training for employees.
Xiaomi held an IoT Security Panel and a Privacy Protection Panel with industry experts on security and privacy. Participants included Margaret Honda, Global Research Manager at IAPP, Brad Ree, CTO at ioXt, David Mudd, Global Digital Product Certification Director at BSI, Scott Roberts, Director of Android Security Assurance at Google, Richard Watson, Lead Partner of APAC Cybersecurity Risk Management at EY, and Paul Breitbarth, Director of Global Policy & EU Strategy at TrustArc.
Richard Watson, Lead Partner of APAC Cybersecurity Risk Management at EY, noted that consumers expect their data to be collected and stored securely. The most important factors when sharing personal data with an organization were secure collection and storage processes (63%), control over what data is being shared (57%), and trust (51%) . Paul Breitbarth, Director of Global Policy & EU Strategy at TrustArc, advised organizations about the international transfer of user data. He discussed the importance for data exporters to ensure an essentially equivalent level of data protection by adhering to international laws and undertaking other verifiable actions.
Two important documents on privacy were issued during the month: the MIUI Privacy White Paper and the Xiaomi loT Privacy White Paper. They summarize Xiaomi’s privacy policies and practices in MIUI and IoT products and explain what kind of user data is collected and how it is used and protected. They also illustrate the privacy policy of each app that comes with MIUI and all commonly-used loT products. These papers can be found in the Xiaomi trust center https://trust.mi.com/. In addition, Xiaomi published its Transparency Report 2020 at https://trust.mi.com/, details the data requests Xiaomi received from governments and law enforcement agencies around the world and how Xiaomi responded to them.
Transparency, accountability, user control, security and compliance are Xiaomi’s privacy protection principles. Xiaomi complies with local laws in all markets in which it does business. It will never cease to produce safe and reliable products around the world to help everyone enjoy a better life through innovative technologies.