Xiaomi celebrates Security and Privacy Awareness Month and two Privacy Whites book* demonstrates its commitment to being the industry's leading safety and security data protection standards.
Xiaomi organised Security and Privacy Awareness Month at the Xiaomi Science and Technology Park. During its June activities, Xiaomi showcased its information security and privacy practices to employees, industry leaders, industry experts and the public, and published white papers* on security and privacy, in addition to a data security transparency report. The second edition of Xiaomi Security and Privacy Awareness Month was held, this year under the theme "Security is our shared responsibility. Always think before you act". Xiaomi's main objective was to demonstrate its commitment to following industry-leading security and privacy standards and to transparency.
Cui Baoqiu, Vice President of Xiaomi and Chairman of the Xiaomi Security and Privacy Committee, said, "As a leading Android smartphone manufacturer, we have a great responsibility to inform consumers about how we handle their personal data and what we do to protect it. We are proud to say that Xiaomi adheres to world-class standards in security, privacy and transparency."
Protecting users' data and privacy has always been a priority at Xiaomi. Xiaomi established its Security and Privacy Committee in 2014, and in 2016 Xiaomi became the first Chinese company to receive TrustArc certification. Xiaomi has been using the European Union General Data Protection Regulation (GDPR) compliance assessment since 2018. In 2019, Xiaomi's security and privacy practices were certified to ISO/IEC 27001, ISO/IEC 27018 and the first version of the MIUI Security and Privacy White Paper was published.
During this year's month-long programme, employees and visitors were given the opportunity to learn interactively about security and privacy, including how to protect their personal data. Employees were also able to attend Xiaomi's Security Academy classes, which covered topics from different departments, such as "How to comply with data protection during product development", "General security research and development", "Business risk control", etc. The Xiaomi Cup CTF competition provided an opportunity for thousands of engineers to act as "hackers" and participate in a coding competition to solve privacy challenges. The company also invited International Association of Privacy Professionals (IAPP) certified trainers to conduct professional training for employees.
Xiaomi held an IoT security and privacy panel discussion with industry experts on security and privacy. Participants included Margaret Honda, Global Head of Research at IAPP, Brad Ree, Chief Technology Officer at ioXt, David Mudd, Global Director of Digital Product Certification at BSI, Scott Roberts, Director of Android Security Assurance at Google, Richard Watson, Senior Partner at EY APAC Cybersecurity Risk Management, and Paul Breitbarth, Global Director of Policy and EU Strategy at TrustArc.
Richard Watson, Senior Partner at EY APAC Cybersecurity Risk Management, noted that consumers expect their data to be collected and stored securely. The most important factors when sharing personal data with organisations are secure collection and storage processes (63%), control of the data shared (57%) and trust (51%). Paul Breitbarth, Director of Global Policy and EU Strategy at TrustArc, provided advice to organisations on the international transfer of user data and discussed the importance of ensuring that data exporters provide a substantially equivalent level of data protection by complying with international laws and other verifiable measures.
Two important documents on data protection were published during the month. The MIUI privacy white paper and the Xiaomi loT privacy white paper, which summarises Xiaomi's privacy policies and practices in MIUI and IoT products. They describe what user data is collected and how it is used and protected. These documents are available at Xiaomi's trust center, the https://trust.mi.com/ are available on the website. Xiaomi has also published its 2020 Transparency Report on the https://trust.mi.com/ which details the data requests received from governments and law enforcement agencies around the world and how Xiaomi has responded to these requests.
Transparency, accountability, user control, security and compliance are all part of Xiaomi's privacy principles. Xiaomi complies with local laws in all markets where it does business. It will never stop making safe and reliable products around the world, in order to make life better for everyone through innovative technologies.
*A white paper is a publication that expresses what an organisation/movement/party etc. considers to be an official opinion on a subject.
