TikTok’s global security chief is stepping down amid US user data controversy
TikTok’s global security chief is stepping down amid US user data controversy
Roland Cloutier is moving into a ‘strategic advisory role.’
TikTok’s global chief security officer (CSO) will step down from that position and shift into a strategic advisory role. Roland Cloutier’s change in duties follows concerns about how the company is handling US user data. TikTok recently admitted that employees outside of the country were able to access that information, although “robust cybersecurity controls and authorization” from its US security team were required.
Cloutier will be an adviser on the business impact of TikTok’s security and trust programs. TikTok’s head of security risk, vendor and client assurance, Kim Albarella, will take over as the chief of the company’s worldwide security teams on an interim basis.
“Part of our evolving approach has been to minimize concerns about the security of user data in the US, including the creation of a new department to manage US user data for TikTok,” CEO Shou Zi Chew wrote in a memo to TikTok staff. “This is an important investment in our data protection practices, and it also changes the scope of the global chief security officer role. With this in mind, Roland has decided to step back from his day-to-day operations as global CSO, effective September 2nd.”
A TikTok spokesperson told The Wall Street Journal Cloutier wasn’t overseeing the new team that manages US user data. That department reports to Chew directly. Cloutier’s departure wasn’t related to lawmakers’ concerns over US data security, the spokesperson said, and the shift had been in the works for a couple of months.
Last month, BuzzFeed News reported that China-based engineers at TikTok’s parent company ByteDance accessed non-public data on US TikTok users on multiple occasions between at least last September and January. TikTok said it’s now storing all US users’ data on Oracle cloud servers located in the country and that it was working to remove such private data from its own servers. In a letter to a group of Republican senators this month, Chew wrote that the company is focused on removing “any doubt about the security of US user data.”
(9)