The parent company of TikTok has accessed the data of American journalists


Several weeks ago, a news report emerged alleging that employees of the company’s internal audit team attempted to improperly access user location data. Although many of the claims in the article were speculative, our Global Legal Compliance team immediately launched an investigation into the alleged facts in the story and engaged a highly reputable law firm to assist in the investigation.

We have since learned that a misguided plan was hatched and implemented by a few people in the internal audit department last summer as part of an investigation into major leaks of confidential information from the company by employees to the media – including leaked documents, screenshots and audio files. recordings of internal meetings.

It is common practice for companies to have an internal audit group authorized to investigate breaches of the code of conduct. However, as part of the initiative to investigate the leaks related to this case, the individuals involved abused their authority to gain access to TikTok user data. These individuals were seeking to identify potential links between two journalists, who reported on the contents of leaked documents and recordings – a former BuzzFeed reporter and a Financial Times reporter – and company employees. In turn, they hoped that information about those connections would help identify the employees responsible for the leaks. For example, the individuals examined the IP addresses of journalists in an attempt to determine whether they were in the same location as the employees suspected of leaking confidential information, despite the fact that the IP addresses would only provide location information. approximate. Unsurprisingly, their reckless efforts failed to identify the sources of the leaks. Nonetheless, their access to user data as part of these efforts was a material violation of the company’s code of conduct, and so we are immediately taking the following action:

None of the people who directly participated in or oversaw the misguided scheme remain employed at ByteDance. We are continuing the investigation led by the Legal team.

We are restructuring the Internal Audit and Risk Control department (IARC):

Julie Gao, CFO, will take over the IARC department and immediately begin the search for the new head, who will report to her.

The Global Investigations function which was part of IARC will be split up and restructured. Going forward, the Global Legal Compliance team will oversee all investigations that previously fell within the scope of IARC.

We will redesign the investigative process to include an oversight board that, among other responsibilities, will oversee the development and improvement of policies and procedures governing the company’s investigative functions and oversee the functions’ compliance with laws. applicable and company policies.

We have removed all user data access and permissions for the IARC department.

In the future, if it is necessary and appropriate for IARC to have access to properly delimited user data (for example, to investigate fraud involving Company employees), such access will be subject to and only granted in accordance with policies and protocols. This step will be coupled with the training of the IARC team regarding the new policy and the new protocols.

In addition, we will continue to evaluate and improve our access controls. In this case, in fact, access to certain information of US users under the erroneous investigation was already limited by the prior transfer of control to the US data security team, and these controls have been significantly improved and strengthened since this initiative.

I also want to emphasize that we have an open and frank culture within ByteDance. It is an essential part of our ByteStyles. If you face an ethical dilemma or a challenge to report, let your manager, HR or the Speak Up hotline know to do so anonymously. There are many avenues for you to share your concerns.

I hope we can all learn from this situation and move forward with a clear understanding and appreciation of our responsibilities – as employees and leaders – to build and operate an ethical business.



Not all news on the site expresses the point of view of the site, but we transmit this news automatically and translate it through programmatic technology on the site and not from a human editor.
Back to top button