Lawyer said it depends on the data stored on the device
Employees who use the social media application TikTok, which is owned by the Chinese corporation ByteDance, are coming under more scrutiny from national governments all around the world.
The capacity to track users is one of its practises, and this can sometimes be done without the users’ full consent or awareness. What happens if private information gets into the wrong hands, like the hands of the Chinese government or of organised crime, for example?
Many people are curious about whether or not employers are within their legal rights when they act in such a manner.
According to Daniel Tsai, a lecturer on law and technology at the University of Toronto and Toronto Metropolitan University (TMU), “the technology is owned by the government so, in other words, handheld devices, smartphones, because they own it, they can do what they want in terms of how the device is used.” Tsai teaches courses on law and technology at both institutions.
The decision makes a lot of sense, according to him, despite the fact that it is obvious that those working for the government could potentially have access to more sensitive data than those working in the private sector.
Hearing that [governments are] prohibiting TikTok on government phones does not cause me to feel alarmed; rather, it seems natural to me.
Employer prohibition
Should other employers, particularly those in the private sector, think about implementing a restriction similar to this one? According to Savvas Daginis, an associate practising business law at Siskinds Law Firm, there are certain laws that need to be taken into consideration.
According to him, the most important consideration to make when determining the level of security that must be provided is the kind of data that is being stored.
“If all you have is somebody’s name and maybe their address, and let’s say that name and address are listed in a phonebook that anyone can get their hands on, then you won’t need to implement incredibly detailed security measures. All you’ll need is to make sure no one steals what you have.” On the other hand, if you had access to medical data, you might be required to take such precautions.
According to Liam Ledgerwood, associate labour and employment law also at Siskinds Law Firm, there are numerous things that companies should take into mind in order to keep everything safe when it comes to securing data that might be found on or be available via a company-issued phone. One of these things is ensuring that the data is encrypted.
According to Ledgerwood, “each individual employer will most likely set out what their expectations are about the extent to which employees need to safeguard confidential and proprietary information, and this will generally be dictated by contract — or by an employer policy, about what employees are required to do.”
The federal government in the United States is also taking action against the video sharing app TikTok.
The White House has indicated its support for a bill that would give the president the authority to prohibit or compel a sale of the popular app TikTok. This endorsement has the potential to speed up the legislative process and break a stalemate about how to address privacy concerns regarding the app.
The recently proposed legislation would provide the President with the authority to compel the sale of any foreign-owned technology, applications, software, or e-commerce platforms that are deemed to be a threat to the national security of the United States.
The video-sharing application TikTok, which is owned and operated by Beijing-based Bytedance and has around 100 million users in the United States, is the most obvious target of this attack.
This is the first time that the administration of Vice President Joe Biden has weighed in on legislation to deal with the app, which the White House identifies as posing concerns to the country’s national security. TikTok is one of the most popular applications in the world, and its detractors claim that it gives the Chinese government access to the data and viewing tendencies of the approximately 100 million Americans who use the app, as well as users in other countries around the world.
While governments are starting to become aware of a potential security risk posed by a variety of dubious apps, businesses and other organisations are engaged in a fight of a similar nature.
Who is launching the assault?
The terms ransomware, backdoor exploits, and phishing are all familiar to those who work in the information technology industry.
The question now is, how can businesses better prepare themselves for the onslaught? According to the experts, the first step is to have an awareness of the “enemy,” to become familiar with the vulnerabilities of your organisation, and to recognise that cyber attacks are a business risk and not only an IT issue.
According to Adil Palsetia, partner in cyber security at KPMG, there are two primary threats that businesses need to be aware of in addition to the classic masked person who may seek to inflict harm.
“On the one hand, you have sovereign nation-states. Some of these are our enemies, and they are assaulting not only our physical infrastructure but also our organisations, our Internet Protocol (IP) infrastructure, our connection infrastructure, our communications infrastructure, and our financial and banking infrastructure.
According to him, there are also organised criminal groups that have a straightforward objective. “Their mission statement is typically criminal activity as a means to make more money, and as a result, they are the ones that we are hearing about in relation to this increase in ransomware attacks.”
According to Evan O’Regan, associate partner for digital trust and IAM at IBM, the criminal underworld is constantly looking for new ways to exploit organisations, and these new methods are frequently rewarded.
“Whereas our credit card number might fetch ten dollars on the dark web, our identity information might fetch a much higher price due to the fact that it can be used to create synthetic identities that can be used to commit more complex forms of fraud and even more.” Therefore, if I create an exploit, also known as a backdoor into a corporation, I will be able to sell that exploit on the dark web several times at a price of $10,000 each time.
