At Yandex, everybody is responsible for keeping users’ data safe. While there is a dedicated Information Security Department headed by Chief Information Security Officer and an appointed Chief Privacy Officer who are in charge of in-depth oversight and reporting to the Board of Directors, all our employees regularly get trained on information security, personal data protection and are expected to follow strict security guidelines.
Cybersecurity risk monitoring is a continuous process that is accompanied by proactive measures to detect vulnerabilities, such as sensitivity testing, as well as clear protocols on how to act in case an incident has occurred. While we have been working hard over years to build secure, reliable systems that make such incidents highly unlikely, there is always a negligible chance we want to be vigilant about. We believe honest communication is the key to minimizing damage and are therefore committed to informing our users immediately if their data has been compromised.
- We empower users to manage their data.
- We only use our users’ data to create new services for them and improve those that already exist.
- We never sell any user data to anyone.
- We only process personal data that for a specific purpose only.
- We only keep personal data for as long as it is necessary to fulfil the purpose for which it was collected or to comply with legal and regulatory requirements.
- If we are required to disclose our user information at the request of a law enforcement agency, we do so in strict accordance with the law and only to the minimum extent necessary. We regularly report on the number of requests where some information was disclosed in our Transparency Report.
- We commit to acting in strict compliance with applicable data protection laws.