A few weeks ago, there was a news report that an employee of the company’s internal audit team may have attempted to improperly access user location data. Although many of the allegations in the article were speculative, our Global Legal Compliance team immediately launched an investigation into the facts asserted in the article and engaged a highly reputable law firm to assist in the investigation. I requested.
In connection with an investigation into the material leak of confidential company information to the media by an employee (including allegedly leaked documents, screenshots, and audio), the It turned out that a plan had been formulated and carried out. Records of internal meetings.
It is standard practice for companies to have an internal audit group empowered to investigate code of conduct violations. However, as part of an initiative to investigate leaks related to this incident, officials abused their powers to gain access to TikTok user data. The aim was to identify potential connections between two journalists (a former BuzzFeed reporter and a Financial Times reporter) and their company’s employees. It then hoped that information about these connections would help identify the employee responsible for the leak. For example, an individual has looked up the IP address of a journalist to try to determine if he or she is in the same location as an employee suspected of leaking sensitive information, but the fact that the IP address only provides approximate location Not surprisingly, their rash efforts prevented us from determining the cause of the leak. Nonetheless, accessing user data related to these efforts was a serious violation of our company’s code of conduct, and we are taking the following steps immediately.
No individual found to have directly participated in or supervised a misguided program shall remain employed by ByteDance. Our legal team continues to investigate.
We are reorganizing our Internal Audit and Risk Management (IARC) department.
Chief Financial Officer Julie Gao takes over the IARC division and immediately begins a search for a new leader. The leader will report directly to her.
The global research function that was part of IARC will be split and reorganized. Going forward, the Global Legal Compliance team will oversee all investigations that were previously within the scope of he IARC.
We plan to redesign our investigation process to include an oversight board. The Oversight Board oversees, among other responsibilities, the development and refinement of the policies and procedures governing the Company’s investigative function and monitors the function’s compliance with applicable laws and Company policies.
Removed all user data access and permissions for the IARC division.
Going forward, where it is necessary and appropriate for IARC to be granted access to the appropriate scope of user data (for example, to investigate fraud involving company employees), that access will be subject to company policies and protocols. This step is combined with training his IARC team on new policies and protocols.
In addition, we will continue to evaluate and enhance access controls. In fact, in this case, access to certain US user information in the context of the erroneous investigation was already restricted by prior transfer of control to the US Data Security Team.
I also want to emphasize that ByteDance has an open and candid culture. This is the core part of ByteStyles. If you face an ethical dilemma or issue to report, anonymously notify your supervisor, Human Resources, or the Speak Up Her hotline. There are many avenues for sharing your concerns.
I hope that we can all learn from this situation and move forward with a clear understanding and awareness of our responsibilities as employees and leaders to building and operating an ethical business.