
Error message
In order to filter by the "in queue" property, you need to add the Entityqueue: Queue relationship.-
County NewsWhat threat does TikTok pose to data security, and how should counties regulate its use on government-issued devices?TikTok: It’s hip, it’s fun and it’s a security risk
-
County News Article
TikTok: It’s hip, it’s fun and it’s a security risk
Introduced in September 2016 by a Chinese company and in the United States in 2018, TikTok allows users to create and share short videos that include music or other audio in the background.
It’s become a popular social media platform for users to share their talents, comedy, lip-syncing, vlogs and more, allowing users to promote their talents and brands to make money. Media, celebrities and politicians have used it in marketing campaigns to reach younger audiences, and businesses and organizations weren’t far behind.
Learn more
Why TikTok is the Latest Security Threat
Oracle begins auditing TikTok's algorithms
What You Should Know About The TikTok National Security Debate
TikTok's privacy policy
County Tech Xchange
Local governments have hopped on, too. Health and human services departments spread information about prenatal programs along with COVID-19 updates. Some have promoted official campaigns and messages, such as mental health awareness, voter registration and other civic engagements.
But it has its downsides. Security concerns have grown over how user data is being used, and are further magnified by the fact that TikTok was developed and has its base in China. The Trump administration tried to ban TikTok in 2020, but was overturned by the higher courts.
On Dec. 2, 2022, FBI Director Christopher Wray warned that TikTok’s privacy and data collection policies could allow for the capture of sensitive, personally identifiable information and that data could be accessed by the Chinese government for use other than permissions given by the user. The FBI called TikTok a risk to national security in testimony before the House Homeland Security Committee in November 2022.
Security InfoWatch helped project light on the difference between TikTok and other social media platforms:
The experts say TikTok is different. [Facebook and Twitter] are based in the U.S. and are using it to market products or sell data. Law enforcement typically must go through the courts to get access.
China doesn't require that and could easily track data for the purpose of gathering information on Americans..At least 25 states have banned TikTok on state-issued devices, all citing privacy concerns.
Many counties are now following a similar course of action. In a recent discussion on the NACo Tech Xchange, many counties have either banned TikTok use by employees on work devices or are in discussions to take that approach.
“There are county data security and privacy concerns, constituent data security and privacy concerns, and the perception that if we used it for our government purposes, it means we are comfortable with its use, so they should be ok with it,” said DeKalb County, Ga. CIO John Matelski. “with the fear of cyber backdoors, hacking, facial recognition, location tracking, spyware, and other personally invasive technologies at the forefront of everyone’s mind, TikTok’s data collection and storage practices need to be concerning unless or until they can be aligned with U.S. data privacy laws.”
So what can a county do? Options vary from banning TikTok completely, or having employees stop the use of TikTok on county owned devices. Not only is it the responsibility of counties to understand the concerns and evaluate the risks, but it is also vital that counties take a perspective that sends a positive message of safety and privacy to county residents.
If a county does allow use, employees should be aware of and agree to several key points:
- I acknowledge that I am aware of the security risks associated with using TikTok for the county and will ensure the following:
- I will use a unique username and password (at least 14 characters including letters and numbers), store my credentials in the current county password management tool, and change at least annually in accordance with our county password management practice.
- I understand posting videos where sensitive county information is displayed is prohibited (e.g., HIPAA, PII, etc.).
- I will ensure I use the InPrivate browser window via internet on any county device to limit tracking (preferred as anti-virus software is running).
- If I use a personal device, I understand that my location and cookies via Internet will be tracked (not as secure).
- I will exit the TikTok app or website once I am done using it to avoid running in the background.
- If I leave my department, I will verify with my management that my TikTok account has been de-activated prior to my last day working
Other recommendations include:
- Not allowing TikTok on corporate devices and barring personal devices with the TikTok application into sensitive areas.
- Recommending users decline TikTok’s prompts to access their phone contacts, which happens routinely. Once granted, this provides some contact information (e.g., name and phone number) for capture or review. TikTok’s Privacy Policy does state that the company may collect additional information about users from other publicly available sources.
- Warning users against using other social media accounts to create a new TikTok account. This could provide TikTok with personal information from other apps, including demographic data and social network connections.
- Practicing basic social media hygiene. Do not post too much information about family/friends, work and professional information, location, or other sensitive information. No not to reveal personal information in comments or direct messages.
- Reviewing third-party app permissions in the TikTok security menu (under manage app permissions) to ensure any connected apps are known and should have access to data. Deny any apps that are not recognized or not necessary. This list should be empty.
- Using mobile device management tools on corporate devices to monitor what applications are installed.
- If using a “bring your own device” model, enroll devices into mobile device management software that allows for work-related apps and information to be containerized. This will separate work and personal app data and allow for remote data deletion in the event of a security incident. TikTok will have access to camera and phone applications that may allow it to collect environmental intelligence, even if it doesn’t have access to sensitive business information due to containerization.
What threat does TikTok pose to data security, and how should counties regulate its use on government-issued devices?2023-01-24County News Article2023-01-24
Introduced in September 2016 by a Chinese company and in the United States in 2018, TikTok allows users to create and share short videos that include music or other audio in the background.
It’s become a popular social media platform for users to share their talents, comedy, lip-syncing, vlogs and more, allowing users to promote their talents and brands to make money. Media, celebrities and politicians have used it in marketing campaigns to reach younger audiences, and businesses and organizations weren’t far behind.
Learn more
Why TikTok is the Latest Security Threat
Oracle begins auditing TikTok's algorithms
What You Should Know About The TikTok National Security Debate
Local governments have hopped on, too. Health and human services departments spread information about prenatal programs along with COVID-19 updates. Some have promoted official campaigns and messages, such as mental health awareness, voter registration and other civic engagements.
But it has its downsides. Security concerns have grown over how user data is being used, and are further magnified by the fact that TikTok was developed and has its base in China. The Trump administration tried to ban TikTok in 2020, but was overturned by the higher courts.
On Dec. 2, 2022, FBI Director Christopher Wray warned that TikTok’s privacy and data collection policies could allow for the capture of sensitive, personally identifiable information and that data could be accessed by the Chinese government for use other than permissions given by the user. The FBI called TikTok a risk to national security in testimony before the House Homeland Security Committee in November 2022.
Security InfoWatch helped project light on the difference between TikTok and other social media platforms:
The experts say TikTok is different. [Facebook and Twitter] are based in the U.S. and are using it to market products or sell data. Law enforcement typically must go through the courts to get access.
China doesn't require that and could easily track data for the purpose of gathering information on Americans..
At least 25 states have banned TikTok on state-issued devices, all citing privacy concerns.
Many counties are now following a similar course of action. In a recent discussion on the NACo Tech Xchange, many counties have either banned TikTok use by employees on work devices or are in discussions to take that approach.
“There are county data security and privacy concerns, constituent data security and privacy concerns, and the perception that if we used it for our government purposes, it means we are comfortable with its use, so they should be ok with it,” said DeKalb County, Ga. CIO John Matelski. “with the fear of cyber backdoors, hacking, facial recognition, location tracking, spyware, and other personally invasive technologies at the forefront of everyone’s mind, TikTok’s data collection and storage practices need to be concerning unless or until they can be aligned with U.S. data privacy laws.”
So what can a county do? Options vary from banning TikTok completely, or having employees stop the use of TikTok on county owned devices. Not only is it the responsibility of counties to understand the concerns and evaluate the risks, but it is also vital that counties take a perspective that sends a positive message of safety and privacy to county residents.
If a county does allow use, employees should be aware of and agree to several key points:
- I acknowledge that I am aware of the security risks associated with using TikTok for the county and will ensure the following:
- I will use a unique username and password (at least 14 characters including letters and numbers), store my credentials in the current county password management tool, and change at least annually in accordance with our county password management practice.
- I understand posting videos where sensitive county information is displayed is prohibited (e.g., HIPAA, PII, etc.).
- I will ensure I use the InPrivate browser window via internet on any county device to limit tracking (preferred as anti-virus software is running).
- If I use a personal device, I understand that my location and cookies via Internet will be tracked (not as secure).
- I will exit the TikTok app or website once I am done using it to avoid running in the background.
- If I leave my department, I will verify with my management that my TikTok account has been de-activated prior to my last day working
Other recommendations include:
- Not allowing TikTok on corporate devices and barring personal devices with the TikTok application into sensitive areas.
- Recommending users decline TikTok’s prompts to access their phone contacts, which happens routinely. Once granted, this provides some contact information (e.g., name and phone number) for capture or review. TikTok’s Privacy Policy does state that the company may collect additional information about users from other publicly available sources.
- Warning users against using other social media accounts to create a new TikTok account. This could provide TikTok with personal information from other apps, including demographic data and social network connections.
- Practicing basic social media hygiene. Do not post too much information about family/friends, work and professional information, location, or other sensitive information. No not to reveal personal information in comments or direct messages.
- Reviewing third-party app permissions in the TikTok security menu (under manage app permissions) to ensure any connected apps are known and should have access to data. Deny any apps that are not recognized or not necessary. This list should be empty.
- Using mobile device management tools on corporate devices to monitor what applications are installed.
- If using a “bring your own device” model, enroll devices into mobile device management software that allows for work-related apps and information to be containerized. This will separate work and personal app data and allow for remote data deletion in the event of a security incident. TikTok will have access to camera and phone applications that may allow it to collect environmental intelligence, even if it doesn’t have access to sensitive business information due to containerization.

About Rita Reynolds (Full Bio)
Chief Information Officer
Rita serves as NACo's chief information officer. In this capacity, she oversees the internal technology operations of NACo, and leads NACo’s technology programs and initiatives for counties.More from Rita Reynolds
-
Webinar
OnBase as the Enabler to Integrate All Lines of Business
Jan. 12, 2023 , 2:00 pm – 3:00 pmSee how Horry County has successfully integrated multiple lines of business using OnBase as the foundation. From sharing documents across different lines of business, to automating workflows between departments and using RPA as a tool to increase efficiencies. -
Webinar
Exploring Digital Transformation as a Key Driver to Modernizing Voting Infrastructure – The Los Angeles County Experience
Jan. 4, 2023 , 2:00 pm – 3:00 pmDigital transformation represents a wealth of potential for governments to change how they create value for society and modernize for the future. Taking a project from ideation to reality requires not only leadership and vision, but dedication and resources. -
Blog
Data sharing paramount in modern county operations
Everyone wants data. Everyone needs authoritative data. GIS is the underlying infrastructure for sharing data instantly in your county. -
Webinar
Ring in the New Year with a Strong Records Management Strategy – A Fireside Chat
Dec. 14, 2022 , 1:00 pm – 2:00 pmUnable to attend? Watch the recording here. As we near the start of a new year, many of us are already thinking about our New Year’s resolutions. What if one of your resolutions was better records management? -
Webinar
In Whole-of-State Cybersecurity, Counties are Not Only One Piece of the Pie
Dec. 12, 2022 , 1:00 pm – 2:00 pmUnable to attend? Watch the recording here. -
Webinar
Familiar Faces Initiative Data-Sharing Technology for Behavioral Health and Justice Learning Series: IBM
Dec. 8, 2022 , 2:00 pm – 2:30 pmUnable to attend? Watch the recording here.
-
Webinar
Executive Perspectives on Preparing for an ERP Replacement Project
February 22, 2023 , 3:00 pm – 4:00 pmReplacing your finance and human capital management systems can be stressful for public sector organizations.02223:00 pm<p>Replacing your finance and human capital management systems can be stressful for public sector organizations.
-
Webinar
NACo Cyberattack Simulation: Election Disruptions
February 27, 2023 – March 3, 2023Presented by the NACo County Tech Xchange and Professional Development Academy02271:00 pm<p><em>Presented by the NACo County Tech Xchange and Professional Development Academy</em></p>
-
Webinar
NACo Cyberattack Simulation: Internet of Things
June 12, 2023 – June 16, 2023Presented by the NACo County Tech Xchange and Professional Development Academy06121:00 pm<p><em>Presented by the NACo County Tech Xchange and Professional Development Academy</em></p>
-
Webinar
NACo Cyberattack Simulation: Ransomware
September 11, 2023 – September 15, 2023Presented by the NACo County Tech Xchange and Professional Development Academy09111:00 pm<p><em>Presented by the NACo County Tech Xchange and Professional Development Academy</em></p>
-
Webinar
NACo Cyberattack Simulation: Employee Management
December 4, 2023 – December 8, 2023Presented by the NACo County Tech Xchange and Professional Development Academy12041:00 pm<p><em>Presented by the NACo County Tech Xchange and Professional Development Academy</em></p>
-
Basic page
TestIT: How Fast is Your Broadband
NACo has partnered with the Local Initiatives Support Corporation (LISC) and the Rural Community Assistance Partnership (RCAP) to develop a mobile app designed to identify areas with low or no connectivity to help ensure adequate funding for broadband infrastructure is provided across the country.pagepagepage<table border="1" cellpadding="1" cellspacing="1" style="width:100%" summary="call-out">
<tbody>
<tr>
<td> -
Basic page
Telecommunications & Technology Steering Committee
All matters pertaining to telecommunications and technology policy, including, but not limited to, the county role as a telecommunications regulator, service provider, and consumer, cable services technology and implementation, information technology development and implementation, information technology innovation, e-governance, and geo-spatial data collection and utilization.pagepagepage<p>All matters pertaining to telecommunications and technology policy, including, but not limited to, the county role as a telecommunications regulator, service provider, and consumer, cable services technology and implementation, info
-
Reports & Toolkits
Implementing Infrastructure Investments at the County Level: The Bipartisan Infrastructure Law (P.L. 117-58)
As intergovernmental partners, counties play a key role in ensuring the successful interpretation and implementation of the BILReports & Toolkitsdocument100710:00 amReports & Toolkits<table border="1" cellpadding="1" cellspacing="1" style="width:100%" summary="call-out transparent jump">
<tbody>
<tr>
<td>
Contact
-
Chief Information Officer(202) 942-4248
Related Resources
-
Blog
Data sharing paramount in modern county operations
Everyone wants data. Everyone needs authoritative data. GIS is the underlying infrastructure for sharing data instantly in your county. -
Blog
How municipalities can better manage snow events
Municipalities can now tap into the smart features of RUBICONSmartCity’s platform for an entirely new Public Works category: snow removal. Using Rubicon’s simple in-cab interface and desktop portal, users can set priority streets, view all snow removal vehicles at once, provide digital turn-by-turn directions to drivers, track route progress and completion, and ensure all streets get plowed. -
Blog
FCC releases new consumer label requirements for broadband providers
On November 18, the Federal Communications Commission (FCC) released its new requirements for internet service providers (ISPs) to display consumer labels with broadband services upon the point of sale.
-
Reports & Toolkits
Implementing Infrastructure Investments at the County Level: The Bipartisan Infrastructure Law (P.L. 117-58)
As intergovernmental partners, counties play a key role in ensuring the successful interpretation and implementation of the BIL -
Video
Counties testify on rural broadband ahead of 2023 Farm Bill negotiations
Stearns County, Minn. Commissioner Tarryl Clark testifies before the U.S. House Agriculture Committee on rural broadband ahead of 2023 Farm Bill negotiations. -
Reports & Toolkits
Technology GIS Guide
The NACo IT Advisory Council is developing layman’s guides for county elected officials, as well as other county executive leadership to help raise the awareness and understanding of the technology that is needed to support county essential functions.
Related Events
-
22Feb2023Webinar
Executive Perspectives on Preparing for an ERP Replacement Project
Feb. 22, 2023 , 3:00 pm – 4:00 pm -
27Feb2023
-
12Jun2023
-
11Sep2023
More From
-
Implementing Infrastructure Investments at the County Level: The Bipartisan Infrastructure Law (P.L. 117-58)
As intergovernmental partners, counties play a key role in ensuring the successful interpretation and implementation of the BIL
Learn More