TikTok's Commitment to Security and Privacy

By Roland Cloutier, TikTok Chief Information Security Officer

When people think of TikTok, they often associate it with creativity and joy. However, my goal is to add safety to that list. Protecting the privacy of our community has always been a priority for TikTok, but we understand that security is an ongoing process. We are constantly striving to improve and adapt to the ever-changing challenges in the industry.

To achieve this, my team of security experts and I have initiated a comprehensive review of TikTok's security infrastructure and practices. Over the past few months, we have developed a Security Roadmap that will guide us in building a top-notch security infrastructure. Our focus areas include championing transparency and accountability, partnering with third-party experts and regulators, and continuously enhancing our security measures.

In order to build the best-in-class security infrastructure, we are committed to hiring the world's top security experts. We will be expanding our security teams in Mountain View, California and Washington, D.C., with the goal of hiring an additional 100 security, data, and privacy protection experts in the U.S. by the end of the year. We are also establishing a centralized global security function that will be headquartered in the U.S. and deployed internationally across all the markets we serve. This will ensure consistency, availability, and faster responses to emerging global issues and threats.

Transparency and accountability are crucial in maintaining the trust of our users and stakeholders. To achieve this, we have opened a Transparency Center in Los Angeles, California, and will soon be opening another one in Washington, D.C. These centers will provide lawmakers and experts with the opportunity to assess our security practices and infrastructure. Additionally, we will release a Transparency Report twice a year, providing detailed information on accounts that have been taken down for violating our terms of service, engaging in unlawful acts, or posing threats to user safety.

While we are confident in the security infrastructure we have built, we understand the importance of testing and validation. We are actively collaborating with leading global security firms to ensure compliance with internationally recognized security control standards such as ISO 27001, SOC2, and NIST CSF. In the coming months, we will announce more partnerships with security experts and regulators to further enhance the protection of our community's data and privacy.

We are committed to continuously improving our security program and will keep our users updated on our progress. If you have any questions or concerns, please do not hesitate to reach out to us. We are here to support you.