Uber submits to privacy audits for 20 years

Ride-hailing firm agrees to measures to settle FTC privacy complaints

Uber is to face 20 years of privacy audits after settling Federal Trade Commission (FTC) complaints that it deceived customers and didn't protect their personal data securely enough.

The ride-hailing firm has agreed to roll out a privacy programme that tackles any privacy risks to Uber's services, and protects people's personal information, as well as subjecting itself to a third-party audit every two years for the next 20 years.

It comes after alleged privacy breaches dating back to 2014 that led the FTC to file two complaints with the company.

"Uber failed consumers in two key ways: first by misrepresenting the extent to which it monitored its employees' access to personal information about users and drivers, and second by misrepresenting that it took reasonable steps to secure that data," said the FTC's acting chairman, Maureen Ohlhausen.

The FTC claims Uber allowed its employees to access personal customer and driver records after it decided to stop using a self-developed solution that monitored employee access to its customers' data. The monitoring platform was only in operation for less than a year and after it terminated the use, it didn't introduce any other process to monitor access.

Although at the time, Uber said its data was securely stored in its database, it has since transpired this wasn't the case and it actually failed to provide any kind of system that prevented unauthorised access to customers' confidential information.

Responding to media reports that Uber employees were improperly accessing customer data, Uber issued a statement in November 2014 saying a "strict policy" forbade such access to customer and driver information except for certain business purposes, and that their access would be closely monitored.

The following month it developed an automated system to monitor employee access to customer data, but the FTC claimed it stopped using this system less than a year later, and rarely monitored access for nine months afterwards.

Meanwhile, the FTC also claimed that while Uber said people's data was "securely stored within our databases", its security measures did not prevent unauthorised access to databases stored in Amazon Web Services' cloud. That allegedly enabled an intruder to steal 100,000 names and driver's license numbers from Uber's database in May 2014.

"This case shows that, even if you're a fast growing company, you can't leave consumers behind: you must honour your privacy and security promises," Ohlhausen said.

Featured Resources

Key considerations for implementing secure telework at scale

Identifying the security risks and advanced requirements of a remote workforce

Download now

The State of Salesforce 2020

Your guide to getting the most from Salesforce

Download now

Fast, flexible and compliant e-signatures for global businesses

Be at the forefront of digital transformation with electronic signatures

Download now

Rethink your cybersecurity strategy for the new world

5 steps to secure the enterprise and be fit for a flexible future

Download now

Recommended

Court orders Uber and Lyft to consider drivers as employees
IT regulation

Court orders Uber and Lyft to consider drivers as employees

11 Aug 2020
Andrew Daniels joins Druva as CIO and CISO
Cloud

Andrew Daniels joins Druva as CIO and CISO

22 Jul 2020
Uber launches contact-tracing service for public health officials
communications

Uber launches contact-tracing service for public health officials

20 Jul 2020
Uber reportedly in talks to buy Postmates in $2.6 billion deal
Acquisition

Uber reportedly in talks to buy Postmates in $2.6 billion deal

30 Jun 2020

Most Popular

How to find RAM speed, size and type
Laptops

How to find RAM speed, size and type

3 Aug 2020
How to use Chromecast without Wi-Fi
Mobile

How to use Chromecast without Wi-Fi

4 Aug 2020
How do I fix the Windows 10 Start Menu if it's frozen?
operating systems

How do I fix the Windows 10 Start Menu if it's frozen?

3 Aug 2020