According to word on the street, the work of two key teams that Twitter Inc. relied on to comply with regulators abruptly stopped amid a rash of layoffs, resignations and firings. That puts the social media giant at risk of investigations and hefty fines.

The latest departures heighten concerns that a staff exodus following Elon Musk’s takeover will undermine the company’s ability to comply with rules intended to protect users’ data.

A data governance committee that had overseen Twitter’s compliance with a Federal Trade Commission consent decree ceased to exist after two of its members were fired and three others resigned.

Under the consent decree, Twitter agreed to better protect users’ personal data.

The committee was formed in November 2021 and was responsible for overseeing decisions on how user data was collected, accessed and disclosed.

The committee also managed internal compliance with Twitter’s privacy policy.

Overall, more than 100 people working on security and privacy teams have left the company since Musk took charge at Twitter in October. That has halved the number of personnel who were responsible for protecting Twitter’s infrastructure from cyberattacks and data breaches.

Twitter’s main EU privacy watchdog pointed out that it was ‘very concerned’ about the ability of Twitter to abide by EU laws. The Irish watchdog said that it had been in almost daily contact with Twitter’s Dublin office after the departure of staff in recent weeks sparked safeguarding fears.

Last month, Twitter’s chief information security officer, chief privacy officer and chief compliance officer resigned. Twitter subsequently appointed Renato Monteiro as its interim data protection officer. Monteiro, who is based in Dublin, formerly served as the company’s data protection counsel for Latin America. However, Monteiro has had little involvement with product engineering and development teams in the US since his appointment.

Individual staff at the company were responsible for maintenance of the standards, which, among other things, ensure that the company is correctly encrypting user data to keep it secure. Compliance with the standards is independently assessed on a biannual basis to ensure the company is meeting the requirements of the FTC’s consent decree.
The FTC has said that it was following developments at Twitter with “deep concern.”
Data watchdogs in Europe saw their powers increased overnight in May 2018, when the GDPR took effect and gave them the power to levy fines of as much as 4% of a company’s annual sales.

The dearth of staff has also meant that the company doesn’t have enough personnel to oversee the maintenance of about 400 different information security standards, known as ISOs.