Close
Please enter keywords
Baidu Security Management Measures
Time:2024-03-26

I. Baidu Security Management Principles

Baidu has established a comprehensive security management system around the three dimensions of Security, Safety, and Privacy, creating advanced all-around security technologies and solutions.

 

from clipboard 

 

II. Baidu Security Management System

Baidu has established a three-tier management structure with the Data Management Committee as the companys top-level data management decision-making body. Security indicators are incorporatedthe performance evaluations of senior executives and relevant staff, promoting the efficient implementation of data security management work.

 

from clipboard 

P1: Security management organization and responsibilities

 

III. Baidu Data Security Management Measures

1. Data full life cycle security management mechanism

In the context of the rapid development of large models, Baidu practices a data security management mechanism of "proactive identification in advance, flexible control during the event, and comprehensive tracking after the fact." We have formulated a data governance internal system led by the "Baidu Data Management Measures," established a data management platform, and strengthened data security governance through methods such as whole lifecycle management, Personal Information Protection Impact Assessment (PIA), data circulation evaluation and approval, strict protection of key information and sensitive data, hierarchical classification management, de-identified transmission, encrypted storage, personal information inventory, and security incident management. Baidu also regularly carries out updates and optimizations of management systems and processes to meet the developmental needs of generative artificial intelligence technology and achieve a win-win situation for all parties involved.

 

from clipboard 

P2:Data full life cycle security management mechanism

 

1. Data Export Management Measures of Baidu

In regard to data export, Baidu strictly adheres to the "Cybersecurity Law of the Peoples Republic of China," the "Data Security Law of the Peoples Republic of China," the "Personal Information Protection Law of the Peoples Republic of China," the "Data Export Security Assessment Measures," and other laws and regulations. From the aspects of systems and technology, it maintains national security and public safety, protects the rights and interests of personal information subjects, and ensures the data security and legal rights of Baidu.

 

 from clipboard

 

IV. Baidu Information Security and Privacy Protection Related Certifications

Baidu actively carries out certification work related to information security and privacy protection. In 2023, Baidu specifically focused on the security risk control and monitoring frequency of mobile products such as APPs/SDKs, conducting special investigations and rectifications on privacy risks of major regulatory concerns, including unauthorized collection, unauthorized use, service expiration, and informed notification.

  

 from clipboard


V. Baidu Security Management Services

Baidu Security builds a security ecosystem centered on AI, exporting capabilities and solutions to the entire industry.

1. Baidu Security Products

Leveraging its experience in security practices within the domain of large models, Baidu employs technologies such as blockchain, trusted computing, big data, and artificial intelligence to develop data security and privacy protection products covering the entire lifecycle of key aspects such as large model training, deployment, and business operations. These products empower industries including finance, government, automotive, education, and the internet.

 

 from clipboard

 

2. Large Model Data Security Protection Products

 

 from clipboard

 

VI. Baidu Security Audit

Baidu actively conducts internal and external security audits to ensure the effectiveness and reliability of the security management system: internally, Baidus internal audit department regularly carries out assessments and audits on the risks of personal information data and highly sensitive data; externally, Baidu invites third-party institutions with professional qualifications annually to audit and evaluate the companys data security policies, systems, processes, and governance.

Next