Time Is Ticking for TikTok – The Countdown to Change In New York’s Privacy Laws.

Time Is Ticking for TikTok
By Amanda J. DeFeo and Jeffrey T. Miller.

The right of privacy has been called the most esteemed right of a civilized man. This right however, as esteemed as it may be, is facing extinction due to the civilized man.

In the late 90’s, the rise of the Internet changed the way society was able to obtain and share information on the “Info Highway.” By the dawn of the 21st Century, the switch from the Blackberry to the I-Phone started a revolution to the extent that technology is now an integral part of daily life. Even further, social media has transformed personal and professional interactions. Platforms such as Instagram, Facebook and Twitter have become a fundamental marketing tool for all businesses and have changed the realm of e-commerce and sales. In the wake of COVID-19, we have experienced communications, business meetings, classrooms, and legal hearings make an unprecedented shift to the digital platform. In our nation’s most desperate times, these advancements are most certainly a positive step towards a more effective and efficient future. However, every rose has its thorns. As technology continues to advance, there will be an increasing need for new privacy laws that keep pace with the changing times. This article will address the privacy issues we are currently facing today and how we can protect the esteemed right of privacy.

In this digital age, we download, log-in, accept the terms and fail to consider the risk. That risk is the disclosure of personally identifiable information, or PII. PII can include your name, address, date of birth, employee data, login credentials, global positioning, financial information, and biometric data. Similarly in business, Business Identifiable Information, or BII, is defined as “trade secrets and commercial or financial information obtained from a person and is privileged or confidential. BII can be contained in company emails, servers, or even websites and social media. As businesses move towards efficient and cost-effective technological solutions, it is imperative that business owners and employees remain informed on how to keep BII protected.

TikTok has quickly become one of the most popular social media interfaces across the globe. As the most downloaded app in the world in 2020, its global impact spans from America, to Europe, China, Indonesia, India, and South Korea, to name a few.  Users are able to share 15 second comedic clips, usually involving lip-syncing, dancing and music. While 60% of its users range from the ages of 16 – 24 years old, celebrities and influencers such as actors, professional athletes and musicians are among the active user base. For example, with 9.2 million views, the famous artist, Jennifer Lopez, and her fiancé Alex Rodriguez, the former third baseman for the New York Yankees, have mastered the craft of TikTok. However, aside from its success among Generation-X, TikTok has raised several concerns as being a system by which foreign governments may gain access to our most private information.

ByteDance, the parent organization and owner of TikTok, was founded as a startup in Beijing, China in 2012. The startup is now the world’s largest with $7 billion USD of revenue in its first quarter and estimated to be valued at $78 billion USD. Founder, Zhang Yiming, is well known in China as a tech giant. Consider him the “Mark Zuckerberg of China.” According to Forbes, Yiming carries an estimated net worth of about $16.2 billion USD. In 2017, ByteDance acquired the $1 billion USD company, Musical.ly, a video sharing app birthed in California in 2014.  When ByteDance acquired Musical.ly, it thereby acquired all of the US based user’s information. In August 2018, TikTok became available in the United States. All of this laying the foundation for Beijing’s access to US citizen data posing national security risks in the United States.

In March of 2020, United States senators introduced legislation to ban all federal employees from using TikTok. The legislation was drafted by Senator Hawley, who led the charge against TikTok.

“The company even admitted it collects user data while their app is running in the background – including the messages people send, pictures they share, their keystrokes and location data, you name it. As many of our federal agencies have already recognized, TikTok is a major security risk to the United States, and it has no place on government devices.” – Senator Hawley

This was following an appeal from Senator Marco Rubio to Treasury Secretary Steven Mnuchin to launch the Committee of Foreign Investment in the United States’ (CFIUS) investigation into TikTok’s acquisition of Musical.ly.  Rubio cited ample and growing evidence that TikTok removes content that is out of step with “Chinese Government and Communist Party directives.” Another appeal by Senator Chuck Schumer and Tom Cotton to the acting director of National Intelligence, Joseph Maguire, addressed concerns about the potential national security risks posed by TikTok’s collection of users’ personal data and about the app’s content censorship practices.

While you may not be signing up for TikTok anytime soon, these privacy concerns are not isolated to TikTok. There is no individual, small business or large that is immune to these risks.  If you have a cell phone, these concerns apply to you. Time after time, social media platforms have been proven to be unsecure. In 2018, Facebook’s security was breached and exposed accounts of 50 million users.  In 2019, Verizon’s Data Breach Investigation Report provided data from 41,686 security incidents and 2,013 data breaches spanning 86 countries worldwide.  Of those victims, 43% involved small businesses. In 2020, millions of businesses were forced to rely on video conferencing in light of COVID-19.  Zoom, the most popular video conferencing tool is also the most vulnerable for data breach. Zoom users, especially those who reuse the same password from other accounts, face the risk of having their information sold on the dark web. In an April 13th report verified by NBC News, a cybersecurity intelligence firm revealed that over a half a million Zoom users’ emails and passwords had been sold on the dark web.  Clearly, data hackers both domestic and foreign, have a keen interest in digital intelligence collection on United States citizens.

The solution is not to retreat, back down or avoid an online presence. Instead, the solution is to remain informed, understand the threats as they evolve over time, and take the necessary precautions. When the time comes, you can be prepared to manage the risks.

In 2019, the New York Senate introduced The New York Privacy Act (NYPA), Bill S5642 which would add to Section 1100-1110 of the General Business Law. NYPA proposed special safeguards on the disclosure of identifying personal information. The safeguards included the legal concept of a “fiduciary” requiring the duty to exercise a certain standard of “loyalty and care” in the use of consumer information. This Bill never made it to the senate floor. However, the countdown starts now, a legislative change may be on the horizon.

Here are a few simple steps you can take to protect PII/ BII:

  • When it comes to TikTok, just say no.
  • Consider using a secure video conferencing platform such as Cisco’s WebEx instead of Zoom.
  • Keep strong passwords on all of your devices, which includes uppercase letters, numbers and no words. Change your passwords every ninety (90) days and never use the same password for different accounts.
  • Look for the “https” on websites which means the website is a secure one that uses encryption to protect your data.
  • Keep your social media accounts set on “private.”
  • Avoid posting pictures or content which reveal PII such as your full name, phone number, license plate, home/business location and/or address.
  • Be aware of what posts you are tagged in. Most of the time, when PII data is retrieved, it’s through another friend or acquaintance’s account that wasn’t maintained securely.
  • Keep your antivirus and malware security up to date.
  • Ensure Bluetooth is turned off when not being used.
  • Do periodic Google searches and social media searches for yourself to be aware of your own online presence.
  • Avoid phishing emails and know how to spot them. For more information, consider taking a training course on how to spot phishing emails.
  • Be aware that some public Wi-Fi hotspots are not secure, it is better to use your 3G or 4G wireless network on your device because it is secure.
  • Dare to read privacy policies.