Close
Baidu has established a comprehensive security management system around the three dimensions of Security, Safety, and Privacy, creating advanced all-around security technologies and solutions.
Baidu has established a three-tier management structure with the Data Management Committee as the companys top-level data management decision-making body. Security indicators are incorporatedthe performance evaluations of senior executives and relevant staff, promoting the efficient implementation of data security management work.
(P1: Security management organization and responsibilities)
III. Baidu Data Security Management Measures
In the context of the rapid development of large models, Baidu practices a data security management mechanism of "proactive identification in advance, flexible control during the event, and comprehensive tracking after the fact." We have formulated a data governance internal system led by the "Baidu Data Management Measures," established a data management platform, and strengthened data security governance through methods such as whole lifecycle management, Personal Information Protection Impact Assessment (PIA), data circulation evaluation and approval, strict protection of key information and sensitive data, hierarchical classification management, de-identified transmission, encrypted storage, personal information inventory, and security incident management. Baidu also regularly carries out updates and optimizations of management systems and processes to meet the developmental needs of generative artificial intelligence technology and achieve a win-win situation for all parties involved.
(P2:Data full life cycle security management mechanism)
In regard to data export, Baidu strictly adheres to the "Cybersecurity Law of the Peoples Republic of China," the "Data Security Law of the Peoples Republic of China," the "Personal Information Protection Law of the Peoples Republic of China," the "Data Export Security Assessment Measures," and other laws and regulations. From the aspects of systems and technology, it maintains national security and public safety, protects the rights and interests of personal information subjects, and ensures the data security and legal rights of Baidu.
Baidu actively carries out certification work related to information security and privacy protection. In 2023, Baidu specifically focused on the security risk control and monitoring frequency of mobile products such as APPs/SDKs, conducting special investigations and rectifications on privacy risks of major regulatory concerns, including unauthorized collection, unauthorized use, service expiration, and informed notification.
Baidu Security builds a security ecosystem centered on AI, exporting capabilities and solutions to the entire industry.
Leveraging its experience in security practices within the domain of large models, Baidu employs technologies such as blockchain, trusted computing, big data, and artificial intelligence to develop data security and privacy protection products covering the entire lifecycle of key aspects such as large model training, deployment, and business operations. These products empower industries including finance, government, automotive, education, and the internet.
Baidu actively conducts internal and external security audits to ensure the effectiveness and reliability of the security management system: internally, Baidus internal audit department regularly carries out assessments and audits on the risks of personal information data and highly sensitive data; externally, Baidu invites third-party institutions with professional qualifications annually to audit and evaluate the companys data security policies, systems, processes, and governance.
