Xiaomi, the world’s leading consumer electronics and smart manufacturing company, recommitted itself to protecting customer data during its annual Security and Privacy Awareness Month completed today. It held employee training events and expert seminars at the Xiaomi Technology Park in Beijing, China and at Xiaomi’s Technology Operation Center in Singapore.
This was the third consecutive year that it held special classes for its engineers and other employees and led discussions with industry executives, IT security experts, and the public about the importance of data security and user privacy protection. Xiaomi also released updated white papers on security and privacy along with its annual transparency report detailing its data security activities.
The purpose of the month-long series of events was to bolster its user security and privacy protection practices and to build trust in Xiaomi’s products through transparency and accountability.
Xiaomi has built a comprehensive governance structure to protect data security and user privacy. This involves cooperation between cybersecurity experts, smartphone operating system engineers, lawyers, and legal compliance experts. Overseeing these specialists is a Security and Privacy Committee led by senior executives.
Cui Baoqiu, Xiaomi Vice President and Chairman of the Xiaomi Security and Privacy Committee, called data security and user privacy protection a key to the long-term, sustainable development of the company’s global business. “Protecting the data security and privacy of our users is the top priority,” he said. “Our customers care about this issue more than any other. Xiaomi is committed to offering safe and reliable Android smartphones and IoT products.”
Eugene Liderman, Director of Android Security Strategy of Google, highlighted Xiaomi’s contribution to the Android system. “One of Android’s biggest strengths is the diverse ecosystem of partners. Xiaomi is a great example of this and it’s great to see their continued investment in cyber security hygiene across their product portfolio”, he added.
Professor Liu Yang, School of Computer Science and Engineering, Nanyang Technological University, said, “As the security challenge is becoming the focus of many technology discussions, industry stakeholders attach more importance to the urgency of managing vulnerabilities at hardware, software and even in the massive open source space. Xiaomi has made tremendous effort to address the issue, safeguarding users with technology expertise, and continuously exploring new methods for better data protection.”
With the world’s largest consumer IoT platform, Xiaomi is constantly working to improve IoT security and privacy protections. Xiaomi held its fifth annual IoT security summit on June 29 and 30 in Beijing. Industry executives and experts discussed a wide range of issues from data security governance frameworks and cross-border data transfers to the security of internet-connected electric vehicles and solutions for software supply chain security threats.
During the June event, Xiaomi announced that its Electric Scooter 4 Pro obtained IoT Security Rating Gold level certification from Underwriter Laboratories Inc, an international safety research institute based in the U.S. This designation made Electric Scooter 4 Pro the world’s first electric scooter with such a high-level safety rating. The certificate also indicated that the security baseline of Xiaomi’s IoT product development is in line with international standards.
Xiaomi created its Security and Privacy Committee in 2014. In 2016, Xiaomi became the first Chinese company to receive certification from TrustArc. Xiaomi adopted the General Data Protection Regulation (GDPR) of European Union compliance assessment in 2018. In 2019, Xiaomi security and privacy practices were certificated on ISO/IEC 27001, ISO/IEC 27018. Last year, Xiaomi published its first transparency report, making it the first Android smartphone brand to do so. Xiaomi this year obtained the certificate of registration of NIST CSF (National Institute of Standards and Technology, Cybersecurity Framework), further strengthening its data security protection capabilities.