
Error message
In order to filter by the "in queue" property, you need to add the Entityqueue: Queue relationship.-
County NewsWhat threat does TikTok pose to data security, and how should counties regulate its use on government-issued devices?TikTok: It’s hip, it’s fun and it’s a security risk
-
County News Article
TikTok: It’s hip, it’s fun and it’s a security risk
Introduced in September 2016 by a Chinese company and in the United States in 2018, TikTok allows users to create and share short videos that include music or other audio in the background.
It’s become a popular social media platform for users to share their talents, comedy, lip-syncing, vlogs and more, allowing users to promote their talents and brands to make money. Media, celebrities and politicians have used it in marketing campaigns to reach younger audiences, and businesses and organizations weren’t far behind.
Learn more
Why TikTok is the Latest Security Threat
Oracle begins auditing TikTok's algorithms
What You Should Know About The TikTok National Security Debate
TikTok's privacy policy
County Tech Xchange
Local governments have hopped on, too. Health and human services departments spread information about prenatal programs along with COVID-19 updates. Some have promoted official campaigns and messages, such as mental health awareness, voter registration and other civic engagements.
But it has its downsides. Security concerns have grown over how user data is being used, and are further magnified by the fact that TikTok was developed and has its base in China. The Trump administration tried to ban TikTok in 2020, but was overturned by the higher courts.
On Dec. 2, 2022, FBI Director Christopher Wray warned that TikTok’s privacy and data collection policies could allow for the capture of sensitive, personally identifiable information and that data could be accessed by the Chinese government for use other than permissions given by the user. The FBI called TikTok a risk to national security in testimony before the House Homeland Security Committee in November 2022.
Security InfoWatch helped project light on the difference between TikTok and other social media platforms:
The experts say TikTok is different. [Facebook and Twitter] are based in the U.S. and are using it to market products or sell data. Law enforcement typically must go through the courts to get access.
China doesn't require that and could easily track data for the purpose of gathering information on Americans..At least 25 states have banned TikTok on state-issued devices, all citing privacy concerns.
Many counties are now following a similar course of action. In a recent discussion on the NACo Tech Xchange, many counties have either banned TikTok use by employees on work devices or are in discussions to take that approach.
“There are county data security and privacy concerns, constituent data security and privacy concerns, and the perception that if we used it for our government purposes, it means we are comfortable with its use, so they should be ok with it,” said DeKalb County, Ga. CIO John Matelski. “with the fear of cyber backdoors, hacking, facial recognition, location tracking, spyware, and other personally invasive technologies at the forefront of everyone’s mind, TikTok’s data collection and storage practices need to be concerning unless or until they can be aligned with U.S. data privacy laws.”
So what can a county do? Options vary from banning TikTok completely, or having employees stop the use of TikTok on county owned devices. Not only is it the responsibility of counties to understand the concerns and evaluate the risks, but it is also vital that counties take a perspective that sends a positive message of safety and privacy to county residents.
If a county does allow use, employees should be aware of and agree to several key points:
- I acknowledge that I am aware of the security risks associated with using TikTok for the county and will ensure the following:
- I will use a unique username and password (at least 14 characters including letters and numbers), store my credentials in the current county password management tool, and change at least annually in accordance with our county password management practice.
- I understand posting videos where sensitive county information is displayed is prohibited (e.g., HIPAA, PII, etc.).
- I will ensure I use the InPrivate browser window via internet on any county device to limit tracking (preferred as anti-virus software is running).
- If I use a personal device, I understand that my location and cookies via Internet will be tracked (not as secure).
- I will exit the TikTok app or website once I am done using it to avoid running in the background.
- If I leave my department, I will verify with my management that my TikTok account has been de-activated prior to my last day working
Other recommendations include:
- Not allowing TikTok on corporate devices and barring personal devices with the TikTok application into sensitive areas.
- Recommending users decline TikTok’s prompts to access their phone contacts, which happens routinely. Once granted, this provides some contact information (e.g., name and phone number) for capture or review. TikTok’s Privacy Policy does state that the company may collect additional information about users from other publicly available sources.
- Warning users against using other social media accounts to create a new TikTok account. This could provide TikTok with personal information from other apps, including demographic data and social network connections.
- Practicing basic social media hygiene. Do not post too much information about family/friends, work and professional information, location, or other sensitive information. No not to reveal personal information in comments or direct messages.
- Reviewing third-party app permissions in the TikTok security menu (under manage app permissions) to ensure any connected apps are known and should have access to data. Deny any apps that are not recognized or not necessary. This list should be empty.
- Using mobile device management tools on corporate devices to monitor what applications are installed.
- If using a “bring your own device” model, enroll devices into mobile device management software that allows for work-related apps and information to be containerized. This will separate work and personal app data and allow for remote data deletion in the event of a security incident. TikTok will have access to camera and phone applications that may allow it to collect environmental intelligence, even if it doesn’t have access to sensitive business information due to containerization.
What threat does TikTok pose to data security, and how should counties regulate its use on government-issued devices?2023-01-24County News Article2023-04-11
Introduced in September 2016 by a Chinese company and in the United States in 2018, TikTok allows users to create and share short videos that include music or other audio in the background.
It’s become a popular social media platform for users to share their talents, comedy, lip-syncing, vlogs and more, allowing users to promote their talents and brands to make money. Media, celebrities and politicians have used it in marketing campaigns to reach younger audiences, and businesses and organizations weren’t far behind.
Learn more
Why TikTok is the Latest Security Threat
Oracle begins auditing TikTok's algorithms
What You Should Know About The TikTok National Security Debate
Local governments have hopped on, too. Health and human services departments spread information about prenatal programs along with COVID-19 updates. Some have promoted official campaigns and messages, such as mental health awareness, voter registration and other civic engagements.
But it has its downsides. Security concerns have grown over how user data is being used, and are further magnified by the fact that TikTok was developed and has its base in China. The Trump administration tried to ban TikTok in 2020, but was overturned by the higher courts.
On Dec. 2, 2022, FBI Director Christopher Wray warned that TikTok’s privacy and data collection policies could allow for the capture of sensitive, personally identifiable information and that data could be accessed by the Chinese government for use other than permissions given by the user. The FBI called TikTok a risk to national security in testimony before the House Homeland Security Committee in November 2022.
Security InfoWatch helped project light on the difference between TikTok and other social media platforms:
The experts say TikTok is different. [Facebook and Twitter] are based in the U.S. and are using it to market products or sell data. Law enforcement typically must go through the courts to get access.
China doesn't require that and could easily track data for the purpose of gathering information on Americans..
At least 25 states have banned TikTok on state-issued devices, all citing privacy concerns.
Many counties are now following a similar course of action. In a recent discussion on the NACo Tech Xchange, many counties have either banned TikTok use by employees on work devices or are in discussions to take that approach.
“There are county data security and privacy concerns, constituent data security and privacy concerns, and the perception that if we used it for our government purposes, it means we are comfortable with its use, so they should be ok with it,” said DeKalb County, Ga. CIO John Matelski. “with the fear of cyber backdoors, hacking, facial recognition, location tracking, spyware, and other personally invasive technologies at the forefront of everyone’s mind, TikTok’s data collection and storage practices need to be concerning unless or until they can be aligned with U.S. data privacy laws.”
So what can a county do? Options vary from banning TikTok completely, or having employees stop the use of TikTok on county owned devices. Not only is it the responsibility of counties to understand the concerns and evaluate the risks, but it is also vital that counties take a perspective that sends a positive message of safety and privacy to county residents.
If a county does allow use, employees should be aware of and agree to several key points:
- I acknowledge that I am aware of the security risks associated with using TikTok for the county and will ensure the following:
- I will use a unique username and password (at least 14 characters including letters and numbers), store my credentials in the current county password management tool, and change at least annually in accordance with our county password management practice.
- I understand posting videos where sensitive county information is displayed is prohibited (e.g., HIPAA, PII, etc.).
- I will ensure I use the InPrivate browser window via internet on any county device to limit tracking (preferred as anti-virus software is running).
- If I use a personal device, I understand that my location and cookies via Internet will be tracked (not as secure).
- I will exit the TikTok app or website once I am done using it to avoid running in the background.
- If I leave my department, I will verify with my management that my TikTok account has been de-activated prior to my last day working
Other recommendations include:
- Not allowing TikTok on corporate devices and barring personal devices with the TikTok application into sensitive areas.
- Recommending users decline TikTok’s prompts to access their phone contacts, which happens routinely. Once granted, this provides some contact information (e.g., name and phone number) for capture or review. TikTok’s Privacy Policy does state that the company may collect additional information about users from other publicly available sources.
- Warning users against using other social media accounts to create a new TikTok account. This could provide TikTok with personal information from other apps, including demographic data and social network connections.
- Practicing basic social media hygiene. Do not post too much information about family/friends, work and professional information, location, or other sensitive information. No not to reveal personal information in comments or direct messages.
- Reviewing third-party app permissions in the TikTok security menu (under manage app permissions) to ensure any connected apps are known and should have access to data. Deny any apps that are not recognized or not necessary. This list should be empty.
- Using mobile device management tools on corporate devices to monitor what applications are installed.
- If using a “bring your own device” model, enroll devices into mobile device management software that allows for work-related apps and information to be containerized. This will separate work and personal app data and allow for remote data deletion in the event of a security incident. TikTok will have access to camera and phone applications that may allow it to collect environmental intelligence, even if it doesn’t have access to sensitive business information due to containerization.

About Rita Reynolds (Full Bio)
Chief Information Officer
Rita serves as NACo's chief information officer. In this capacity, she oversees the internal technology operations of NACo, and leads NACo’s technology programs and initiatives for counties.More from Rita Reynolds
-
Webinar
US Counties & Emerging Cybersecurity Trends
Sep. 13, 2023 , 1:00 pm – 2:00 pmSeptember 13th, 2023 | 1 P.M. Eastern Time -
Webinar
NACo Cyberattack Simulation: Ransomware
Sep. 11, 2023 – Sep. 15, 2023Presented by the NACo County Tech Xchange and Professional Development Academy -
Series
TechKnow Series: NACo Tech Xchange Overview – Resources and Tools for your CIO Strategy
Sep. 7, 2023 , 1:00 pm – 2:00 pmSeptember 7th, 2023 | 1 P.M. Eastern Time -
Webinar
The Modern Edge for County Government
Sep. 6, 2023 , 1:00 pm – 2:00 pmModernization with Juniper AIOps (artificial intelligence for IT operations) is the industry’s best alternative to a network refresh if user experience, automation, and fiscal efficiency are important to county IT departments. Attend this session to discover how Juniper AIOps addresses these challenges and more: -
Webinar
Understanding Enterprise Service Management
Aug. 31, 2023 , 1:00 pm – 2:00 pmAugust 31st, 2023 | 1 PM Eastern -
Blog
DHS Announces New Funding Round for the State and Local Cybersecurity Grant Program
On August 8, the Department of Homeland Security (DHS) announced a new funding round for the State and Local Cyber Grant Program (SLCGP). The SLCGP was established by the State and Local Cybersecurity Improvement Act, which is part of the Bipartisan Infrastructure Law (BIL).
-
Webinar
Responding to Ransomware Attacks
September 26, 2023 , 1:00 pm – 2:00 pmSeptember 26, 2023 | 1 PM Eastern Time09261:00 pm<p><strong>September 26, 2023 | 1 PM Eastern Time </strong><br />
<br /> -
Webinar
How Overloaded County IT Organizations Can Address Traditional and New AI-Generated Cyber Threats
September 28, 2023 , 1:00 pm – 2:00 pmCounty IT organizations are already overloaded dealing with cyber threats that could result in data breaches, loss of system access resulting in the unavailability of critical services, and more. New cyber threats generated by AI or chat add additional complexity on top of everything else.09281:00 pm<p>County IT organizations are already overloaded dealing with cyber threats that could result in data breaches, loss of system access resulting in the unavailability of critical services, and more.
-
Webinar
Transforming Digital Government Experiences
October 5, 2023 , 1:00 pmOctober 5th, 2023 | 1 PM Eastern10051:00 pm<p><strong>October 5th, 2023 | 1 PM Eastern </strong><br />
<br /> -
Series
TechKnow Series: October, November, & December Sessions
October 18, 2023 – December 13, 2023October 18, 2023 | 1 PM Eastern - Charting Your AI Growth: A Practical Guide on the Use of Generative AI - What Are All Those Tools -
Series
TechKnow Series: Charting Your AI Growth: A Practical Guide on the Use of Generative AI - What Are All Those Tools
October 18, 2023 , 1:00 pmOctober 18th, 2023 | 1 PM Eastern10181:00 pm<p><strong>October 18th, 2023 | 1 PM Eastern </strong></p>
-
Webinar
Unlocking Opportunity by Increasing Digital Equity
October 23, 2023 , 1:00 pm – 2:00 pmOctober 23rd, 2023 | 1 PM Eastern10231:00 pm<p><strong>October 23rd, 2023 | 1 PM Eastern </strong></p>
-
Basic page
County Tech Xchange
The NACo County Tech Xchange is an online portal designed to connect county CIOs, IT Directors, CISOs, and other county IT leadership. This portal provides valuable resources in a central location that counties can use to improve their overall technology infrastructure.pagepagepage<table border="1" cellpadding="1" cellspacing="1" style="width:100%" summary="call-out transparent">
<tbody>
<tr> -
Basic page
TestIT: How Fast is Your Broadband
NACo has partnered with the Local Initiatives Support Corporation (LISC) and the Rural Community Assistance Partnership (RCAP) to develop a mobile app designed to identify areas with low or no connectivity to help ensure adequate funding for broadband infrastructure is provided across the country.pagepagepage<table border="1" cellpadding="1" cellspacing="1" style="width:100%" summary="call-out">
<tbody>
<tr>
<td> -
Basic page
Telecommunications & Technology Steering Committee
All matters pertaining to telecommunications and technology policy, including, but not limited to, the county role as a telecommunications regulator, service provider, and consumer, cable services technology and implementation, information technology development and implementation, information technology innovation, e-governance, and geo-spatial data collection and utilization.pagepagepage<p>All matters pertaining to telecommunications and technology policy, including, but not limited to, the county role as a telecommunications regulator, service provider, and consumer, cable services technology and implementation, info
-
Reports & Toolkits
Implementing Infrastructure Investments at the County Level: The Bipartisan Infrastructure Law (P.L. 117-58)
As intergovernmental partners, counties play a key role in ensuring the successful interpretation and implementation of the BILReports & Toolkitsdocument100710:00 amReports & Toolkits<table border="1" cellpadding="1" cellspacing="1" style="width:100%" summary="call-out transparent jump">
<tbody>
<tr>
<td>
Contact
-
Chief Information Officer(202) 942-4248
Related Resources
-
Blog
DHS Announces New Funding Round for the State and Local Cybersecurity Grant Program
On August 8, the Department of Homeland Security (DHS) announced a new funding round for the State and Local Cyber Grant Program (SLCGP). The SLCGP was established by the State and Local Cybersecurity Improvement Act, which is part of the Bipartisan Infrastructure Law (BIL). -
Blog
DOJ proposes new rule for nondiscrimination on the basis of disability for state and local web-based services
On August 4, the Department of Justice published a proposed rule to create technical requirements for state and local web-based services to conform to regulations pertaining to Title II of the Americans with Disabilities Act, contained in 28 CFR Part 35. -
County News
Counties build AI framework to harness its potential, bolster protection
When Peter Crary left his job helping to develop software to read license plate numbers, he thought his days working in the nascent field of artificial intelligence were over.
-
Press Release
Counties Applaud Release of Broadband Allocations
NACo today applauded the National Telecommunications & Information Administration’s (NTIA) announcement of the state allocations that will be granted under the Broadband Equity, Access, and Deployment (BEAD) Program. -
Press Release
National Association of Counties Launches Exploratory Committee on Artificial Intelligence
County leaders and partners to examine best practices and considerations for deployment of AI -
Reports & Toolkits
Cybersecurity and Resilient Counties
NACo has partnered with Acccenture to survey counties on their cybersecurity resiliency. This publication is a cumulation of focus groups and a survey. Download the Report
Related Events
-
26Sep2023
-
28Sep2023Webinar
How Overloaded County IT Organizations Can Address Traditional and New AI-Generated Cyber Threats
Sep. 28, 2023 , 1:00 pm – 2:00 pm -
5Oct2023
-
18Oct2023
More From
-
Outreach Toolkit for Counties: the FCC’s Affordable Connectivity Program
Through the FCC's Affordable Connectivity Program, counties have a central role in providing all residents with an equal chance to connect to high-speed internet in their homes.
Learn More