Musk’s lawyer Alex Spiro, who’s guiding the authorized workforce following the billionaire’s acquisition, sought to reassure workers that they’d not go to jail if the corporate is present in violation of a Federal Trade Commission consent decree, in line with a message considered by Bloomberg.

“I understand that there have been employees at Twitter who do not even work on the FTC matter commenting that they could go to jail if we were not in compliance — that is simply not how this works,” the Quinn Emanuel Urquhart & Sullivan LLP lawyer wrote in a memo, earlier reported by Insider. “It is the company’s obligation. It is the company’s burden. It is the company’s liability.”

An data safety workforce at Twitter that oversaw sharing of consumer information with advertisers and analysis companions have been laid off after the takeover, a transfer that triggered inside considerations about vulnerability to safety threats and potential violations of FTC guidelines, in line with two individuals conversant in the matter.

The layoffs, which began November 3 and affected 50% of all Twitter workers, have contributed to a chaotic environment throughout the firm and have been adopted this week by the resignations of senior executives, together with Chief Information Security Officer Lea Kissner, Chief Privacy Officer Damien Kieran and Chief Compliance Officer Marianne Fogarty.

Spiro mentioned Twitter had spoken to the FTC and has its first compliance test upcoming. “The legal department is handling it,” he mentioned in his word.

The transfer to scrap the six-person data safety workforce was mixed with layoffs of not less than a dozen different workers engaged on safety, privateness and compliance points on the firm, the individuals mentioned. The full measurement of these groups wasn’t instantly obtainable.

The layoffs and departures are notably noteworthy at an organization that’s underneath an FTC consent decree during which it agreed to raised shield customers’ private information and likewise has to undergo common audits of its privateness and information safety techniques. Twitter has been sharply criticized by former workers for safety lapses, and in May was topic to a $130 million wonderful as a part of a settlement with the FTC and Department of Justice over information privateness.

The data safety workforce was centered on third-party danger administration and was liable for offering safety assurances to advertisers that work with Twitter and share information with the corporate, in line with the 2 individuals conversant in the matter, who spoke on situation of anonymity as they aren’t licensed to debate the scenario publicly.

The workforce additionally monitored Twitter’s sharing of consumer information with dozens of economic companions and analysis organizations, a few of whom have entry to a programming interface that can be utilized to view delicate private details about Twitter customers, equivalent to location information, IP addresses and distinctive system identification codes, the individuals mentioned.

“The people at Twitter doing the checks on that access are simply not there anymore,” one of many individuals mentioned, including that the privateness and safety of consumer information has been put in danger because of this.

The work carried out by the laid off data safety workforce was partly supposed to make sure compliance with a consent decree issued by the FTC in March 2011, in line with the individuals. The decree, efficient till 2042, ordered that Twitter should set up and preserve “a comprehensive information security program that is reasonably designed to protect the security, privacy, confidentiality, and integrity of non-public consumer information.” Violations of the decree may end up in massive fines.

On Thursday, a frontrunner on Twitter’s authorized workforce circulated an inside word that warned workers the corporate would, going ahead, ask engineers to self-certify compliance with FTC necessities, in line with a memo considered by Bloomberg.

“This will put huge amount of personal, professional and legal risk onto engineers,” wrote the unnamed member of the authorized workforce. “I anticipate that all of you will be pressured by management into pushing out changes that will likely lead to major incidents.”

In a press release, the FTC wrote it was monitoring current developments at Twitter with “deep concern.” The company added that no CEO or firm is “above the law,” and corporations should observe consent decrees.

Twitter’s cybersecurity insurance policies have beforehand confronted criticism after high-profile information breaches. In 2014 and 2015, Saudi Arabia recruited spies inside the corporate and used them to acquire data on dissidents working on the platform anonymously, in line with U.S. prosecutors. In 2020, a teen from Florida was charged for compromising the accounts of distinguished individuals, together with Musk and US President Joe Biden, and utilizing them to advertise a cryptocurrency rip-off.

In September, Peiter Zatko, Twitter’s former head of safety who is named “Mudge,” informed the Senate Judiciary Committee that the corporate had poor safety practices, which made it susceptible to “teenagers, thieves and spies.” He mentioned that Twitter’s management had “ignored its engineers” partially as a result of “their executive incentives led them to prioritize profit over security.”

While uncommon, there have been cases of private legal responsibility for executives at firms from safety breaches. Former Uber safety head Joe Sullivan was discovered responsible in San Francisco federal court docket in a case that stemmed from a 2016 hack — particulars of which he tried to maintain hidden. Part of the fees in opposition to Sullivan associated to the truth that Uber is underneath an order with the FTC and required to reveal breaches.