Jason London, Director of Technology Services
In our current age of ever-growing privacy concerns, new privacy legislation is front of mind for both government leaders and business leaders. On June 23, 2022, the House Energy and Commerce Committee voted in favor of the American Data Privacy and Protection Act (ADPPA), a significant step forward in enacting a federal data privacy law.
Similar legislation has already been implemented in Europe (GDPR) and California (CCPA). It is only a matter of time and agreement until something similar passes federally, due to growing concerns over United States citizens’ identities, personal information, and likenesses being used maliciously.
There are numerous examples of consumer data being used maliciously. For business owners, it’s crucial to take steps to safeguard confidential customer information. Your customers have trusted you with this valuable data, and you don’t want to be the latest company in the headlines over the misuse of customer data.
Privacy in Focus: TikTok
TikTok is the latest example of an “unacceptable security risk” posed to privacy, according to the Federal Communications Commission (FCC). The short-form video sharing app, used by close to 100 Million people in the U.S. alone, has seen a dramatic increase in popularity in recent years, but not without controversy.
Brendan Carr, the Commissioner of the FCC, recently made a public call to CEOs of Apple and Google to pull TikTok from their app stores.
In a letter sent this past June, Carr told Tim Cook and Sundar Pichai that “TikTok poses an unacceptable national security risk due to its extensive data harvesting being combined with Beijing’s apparently unchecked access to that sensitive data”.
When it comes to data, TikTok is collecting “everything” per FCC Commissioner Carr: search and browsing histories, keystroke patterns, biometric identifiers including faceprints and voiceprints, location data, draft messages, metadata, data stored on the clipboard, and more. ByteDance, the developer of TikTok, is based in Beijing and is therefore beholden to the surveillance demands of the Chinese Government, according to Carr.
For their part, TikTok refutes these claims. Michael Beckerman, VP, Head of Public Policy, Americas at TikTok, stated “there’s obviously a lack of trust across the Internet right now, and for us, we’re aiming for the highest, trying to be one of the most trusted apps, and we’re answering questions and being as transparent as we can be.”
The data which TikTok is accused of collecting and sharing with the Chinese Government, including biometric identifiers, is data that can be easily abused in 2022 via deepfakes. Deepfakes are computer-generated overlays that mimic a person’s likeness and voice for the purposes of harming the reputation or stealing the identity of a person.
On June 28, the FBI released a public service announcement that warned of an increase in complaints reporting the use of deepfakes to apply for remote work and work-at-home positions. These deepfakes used a “video, an image, or recording convincingly altered and manipulated to misrepresent someone as doing or saying something that was not actually done or said.”
The FBI warning hints at it, but it’s likely these interviews were used to gain access to corporate databases and confidential customer data. Of course, employees faking identities is not a new threat exactly, but this new use of AI-powered imagery further threatens controls surrounding the hiring process.
What Does This Mean For Business Owners
If you own a business, it’s natural to be concerned about these changes. It’s important to know and follow your obligations under the law, as well as monitor the latest developments in the technology and cybersecurity industry to make sure your business is well-protected.
Consider an audit of the data your business stores on customers and employees and how that data is secured and transmitted within their organization. As privacy worries continue to grow in the minds of consumers, expect customers and vendors to demand due diligence surrounding the protection of their data privacy.
Need a partner to provide your business with guidance through this process? Look no further. Strothman+Co is equipped to help your business navigate complex concerns around cybersecurity, data privacy, and more. To learn more, contact us today.