TikTok announced today that its head of global security, Roland Cloutier, is stepping down effective September 2. Cloutier will be replaced by Kim Albarella, who has been appointed the interim head of TikTok's Global Security Organization. Cloutier will move into an advisory role at the company to focus on the business impact of TikTok's security and trust programs. The organizational change comes as the popular ByteDance-owned app has been facing increased scrutiny from U.S. officials.
"Part of our evolving approach has been to minimize concerns about the security of user data in the U.S., including the creation of a new department to manage U.S. user data for TikTok," TikTok CEO Shou Zi Chew said in a statement. "This is an important investment in our data protection practices, and it also changes the scope of the Global Chief Security Officer (CSO) role."
The change follows the aftermath of a BuzzFeed News report that revealed TikTok staff in China had access to the company's U.S. users’ data. At the same time, TikTok said it was moving U.S. users’ data to Oracle servers stored in the U.S. The BuzzFeed News report, which cites recordings from 80 TikTok internal meetings it obtained, claims that U.S. employees of TikTok repeatedly consulted with their colleagues in China to understand how U.S. user data flowed because they did not have the “permission or knowledge of how to access the data on their own.”
The report came as U.S. officials have expressed concern for years that TikTok might let China’s authoritarian government have access to the data the firm collects from Americans and users from other nations.
In response to the report, numerous Republican senators wrote to TikTok to express concern about the company's policies regarding data access. TikTok responded to the letter by admitting that some China-based employees have access to data “subject to a series of robust cybersecurity controls and authorization approval protocols overseen by our US-based security team.” The company also assured the senators by noting that it’s working on a program called “Project Texas” to bolster data security for U.S.-based users.
“The broad goal for Project Texas is to help build trust with users and key stakeholders by improving our systems and controls, but it is also to make substantive progress toward compliance with the final agreement with the U.S. government that will fully safeguard user data and U.S. national security interests,” Chew had said in the letter.