Qualcomm's Commitment to Data Protection and Privacy
As featured in Qualcomm's 2021 Corporate Responsibility Report
Privacy is a leading concern for people and governments around the world today. Qualcomm considers data protection and privacy to be critical not only for maintaining business continuity but also for upholding the trust that customers place in us when they purchase and use our products and services.
Information collected from our devices helps improve our ability to invent better technologies, products and services. We believe that the collection of information should promote trust, respect individuals’ privacy and be based upon a foundation of responsible security and privacy practices. Our Qualcomm Privacy Policy provides information about how we collect, use, process and transfer personal data.
Our best-in-class product security features protect personal data, among other assets owned by multiple stakeholders, along the value chain of our products. The Qualcomm security mechanisms protect against adversaries attempting to access their targets through various means. For example, our Cellular Connection Security (CCS) solution protects against an attacker operating a faked cellular base station and our Trust Management Engine (TME) allows sensitive assets (users, OEM’s) to be protected in a fully isolated internal environment with strictly enforced access rules. The CCS and TME are just examples of various such Qualcomm security mechanisms aimed at raising the security bar and lowering the commercial viability of an attack.
We provide annual training on privacy and data protection to employees whose roles include the processing of personal data.
In 2021, we trained 3,180 targeted employees in our privacy training sessions. The sessions covered our relevant internal policies and procedures as well as topics such as lawful basis, transparency, privacyby-design, data subject rights, information security, contracting requirements, international data transfer restrictions, breach notice obligations and accountability.
We provide all new employees with privacy and data protection awareness training as part of the new employee onboarding experience. In 2021, we also hosted a series of awareness-raising events on privacy and security for our employees, which we do each year as part of Data Privacy Day.
Our privacy team meets monthly with two committees to educate the Company on changes in privacy and data protection law and to coordinate the Company’s compliance program and training activities. Our Privacy Steering Committee is focused on customer and consumer privacy and data protection issues, and is comprised of relevant stakeholders from Engineering, Product Management, Marketing, Government Affairs, Public Relations and Legal. Separately, our Internal Privacy Committee is focused on employee privacy and data protection, and includes representatives from HR, IT, Payroll, Physical Security, Stock Administration and others.
We prioritize working with business partners and suppliers who view data protection and privacy as critical to their business. In 2021, we performed cybersecurity and privacy assessments for hundreds of our vendors and key suppliers based on risk and total spend.
Qualcomm sees value in ongoing external engagement on privacy issues. We are members or sponsors of many organizations that work on advancing responsible privacy and security practices. These include the International Association of Privacy Professionals (through which we have a number of employees certified as Information Privacy Professionals), Cyber Information Sharing and Analysis Centers, Future of Privacy Forum, Centre for Information Policy Leadership, Information Systems Audit and Control Association and the San Diego Cyber Center of Excellence. We also engage with subgroups of industry associations focused on privacy and security issues, such as the U.S. Chamber of Commerce, Information Technology Industry Council, Digital Europe, 5GAA and others.
Our participation and, in some cases, leadership in these groups allows us to listen and advocate for privacy and data protection standards that pertain to our business and the semiconductor industry.
Learn more in Qualcomm's 2021 Corporate Responsibility Report