1. How do I know if my personal devices are in scope for this policy?
A. If your personal devices are used in the performance of a federal research contract, you would be in scope for this, and this policy would apply to you. Common departments that are included are: Sponsored Programs Administration, Technology Transfer, researchers performing federal research funded on contracts, Office of General Counsel, Research Security and Compliance, etc. If you are a student who is not working on a federal research contract, your personal devices are not in scope for this and this policy would not pertain to you. If you are not sure whether your personal devices are in scope for this, please reach out to your Research Security and Compliance point of contact, available at: /ums/ecas/research.
2. Federal workers often have employer-issued phones for security. Will any of the affected employees at the university have 鈥渨ork phones鈥 issued in order to comply with this policy?
A. UM System has a policy around Telephones & Communication Devices outlining when the university will pay for cell phones, service or data plans, or pagers. No changes are needed to the existing policy; the new TikTok policy will cover both employer-issued and personal cell phones and communication devices if they are used in the performance of a federal contract.
3. Can I use TikTok at all?
A. Yes! Although you may not download the actual application on the same device used in the performance of a federal contract, you can go to the TikTok website, and you may view TikTok videos embedded on other platforms like Facebook, X, etc. Additionally, if you use your cell phone in the performance of a federal contract but have a tablet that does not have your university email on it, you could still download the TikTok application to your tablet.
4. I work in a lab, and our work is funded via a federal grant. Does this apply to me?
A: No, this policy applies to those associated with federal contracts only. Grants typically help support an activity 鈥 like research or artistic endeavors 鈥 to carry out a public purpose. Contracts primarily are for services or contracts under specific parameters to create a definable work product or scope of work.
5. Does this also apply to apps that have TikTok links embedded in them, such as Reddit and Facebook? What about an employee who receives a text with a TikTok video link?
A. The prohibition outlined in this policy is specifically for the TikTok application itself. Downloading and installing the TikTok application grants additional permissions to TikTok to collect data on your device. It is permissible to link to a tiktok.com site in your browser or view an embedded video on another platform, such as Reddit or Facebook. You are only prohibited from downloading the application itself.
6. What if I am on my cell phone scrolling through an application like Facebook or X and a TikTok video is posted there? Can I watch it?
A. Yes. The policy pertains to having the TikTok application itself downloaded and installed on the device since that grants additional permissions to TikTok to view data on your device.
7. How do I know what apps are provided by ByteDance Limited?
A. Currently, the only application of concern is TikTok. If ByteDance Limited provides additional applications that fall under this policy, we will communicate that to impacted audiences and this FAQ will be updated with that information.
8. What if I don鈥檛 have university email on my phone but I do have Multi-Factor Authentication (MFA) on my phone?
A. If you have information used in the performance of a federal contract on your personal device, you would not be able to also have TikTok on that same personal device. However, if you don鈥檛 have any information used in the performance of a federal contract on your personal device and only have MFA so that you can authenticate to log into university applications on other devices, it would be acceptable to have TikTok on your personal device.
9. Does this apply to students?
A. Only if they are working on a federal contract. Currently, there is no prohibition in place for students not working in the performance of a federal contract.
10. What if I am performing research using TikTok as part of my research? For example, I鈥檓 in the field of social sciences where we are reaching out to people on Instagram, X, Facebook, TikTok, etc.?
A. To request an exception, please visit /ums/ecas/research to find your university鈥檚 contact information. Requests are reviewed by the Research Security and Compliance team.
11. I鈥檓 an IT professional supporting PeopleSoft servers. Am I prohibited from having TikTok on my phone?
A. If your cell phone is not being used in the performance of a federal contract, you can have TikTok on your cell phone.
12. Would the policy apply to consultants who are involved in proposal development and/or consultants helping in compliance on existing contracts?
A. Yes, it does. As such, an agreement with consultants should include the federal clause requiring compliance with the prohibition. Any existing agreements with consultants should be amended to ensure the federal requirement is being met. For assistance, please reach out to the Office of Procurement or the Office of General Counsel.
13. HR and Title IX teams regularly receive misconduct reports involving social media, including TikTok. Would accessing this evidence violate this policy?
A. If the employee responsible for reviewing misconduct reports involving social media also performs services in connection with a federal research award, it is recommended that they access TikTok using their browser, rather than downloading the app onto their device. Alternatively, it may be possible to use a separate device to gather necessary data. Consult with your IT support professional on approaches for conducting the review while keeping federal information off devices that contain the TikTok app.
14. The application of this policy extends not only to individuals performing research or services called for by a federal contract, but also to individuals who provide supporting services (including but not limited to business, compliance, and research security services) for the negotiation or execution of federal contracts. How far does 鈥渟upporting services鈥 extend? What about custodians performing services in a lab which is funded by a federal contract? Or employees/departments who use TikTok for marketing purposes?
A. If the custodian performing services in the lab that is funded by a federal contract and has data on his or her personal device related to his work, then he or she should not have TikTok on the device.
15. The Policy indicates that this regards any federal contract containing FAR 52.204-27 or any similar clause or requirement. What constitutes a 鈥渟imilar clause or requirement鈥?
A. Per the federal rule, all federal contracts must contain FAR 52.204-27, so if you are performing services in connection with a federal contract, this clause applies to you. The university also accepts federal grants through which a FAR clause cannot be applied. Federal grants may copy and paste the text of FAR 52.204-27 into the grant as a custom contract clause.
16. What happens if I forget to uninstall the TikTok app from my device and it is found on my phone? What are the possible disciplinary actions?
A. If you have forgotten to remove the TikTok app from your phone, please contact IT as soon possible to remove the application from your device and to ensure there was no breach of data. Any type of disciplinary actions will be handled in accordance with HR policies.
17. How will the university monitor and enforce this new policy?
A. The UM System IT teams will be ensuring compliance with this regulation on university owned and managed devices. It is your responsibility to ensure this regulation is also followed on any personal devices you use while working on a federal contract.
18. Who do I call if this policy has not been followed?
A. Please contact the Ethics and Accountability Hotline at /ums/ecas/reportingconcerns
Reviewed 2024-09-10