Uber submits to privacy audits for 20 years

Ride-hailing firm agrees to measures to settle FTC privacy complaints

Uber is to face 20 years of privacy audits after settling Federal Trade Commission (FTC) complaints that it deceived customers and didn't protect their personal data securely enough.

The ride-hailing firm has agreed to roll out a privacy programme that tackles any privacy risks to Uber's services, and protects people's personal information, as well as subjecting itself to a third-party audit every two years for the next 20 years.

It comes after alleged privacy breaches dating back to 2014 that led the FTC to file two complaints with the company.

"Uber failed consumers in two key ways: first by misrepresenting the extent to which it monitored its employees' access to personal information about users and drivers, and second by misrepresenting that it took reasonable steps to secure that data," said the FTC's acting chairman, Maureen Ohlhausen.

The FTC claims Uber allowed its employees to access personal customer and driver records after it decided to stop using a self-developed solution that monitored employee access to its customers' data. The monitoring platform was only in operation for less than a year and after it terminated the use, it didn't introduce any other process to monitor access.

Although at the time, Uber said its data was securely stored in its database, it has since transpired this wasn't the case and it actually failed to provide any kind of system that prevented unauthorised access to customers' confidential information.

Responding to media reports that Uber employees were improperly accessing customer data, Uber issued a statement in November 2014 saying a "strict policy" forbade such access to customer and driver information except for certain business purposes, and that their access would be closely monitored.

The following month it developed an automated system to monitor employee access to customer data, but the FTC claimed it stopped using this system less than a year later, and rarely monitored access for nine months afterwards.

Meanwhile, the FTC also claimed that while Uber said people's data was "securely stored within our databases", its security measures did not prevent unauthorised access to databases stored in Amazon Web Services' cloud. That allegedly enabled an intruder to steal 100,000 names and driver's license numbers from Uber's database in May 2014.

"This case shows that, even if you're a fast growing company, you can't leave consumers behind: you must honour your privacy and security promises," Ohlhausen said.

Featured Resources

Digital document processes in 2020: A spotlight on Western Europe

The shift from best practice to business necessity

Download now

Four security considerations for cloud migration

The good, the bad, and the ugly of cloud computing

Download now

VR leads the way in manufacturing

How VR is digitally transforming our world

Download now

Deeper than digital

Top-performing modern enterprises show why more perfect software is fundamental to success

Download now

Recommended

'Robin Hood' hackers donate stolen Bitcoin to charity
ransomware

'Robin Hood' hackers donate stolen Bitcoin to charity

21 Oct 2020
Mobile browser flaw exposes users to spoofing attacks
Security

Mobile browser flaw exposes users to spoofing attacks

21 Oct 2020
Lumen's digital portal simplifies the ordering of IT solutions
Business strategy

Lumen's digital portal simplifies the ordering of IT solutions

20 Oct 2020
US charges six Russians behind NotPetya and Olympics hacks
Security

US charges six Russians behind NotPetya and Olympics hacks

20 Oct 2020

Most Popular

The top 12 password-cracking techniques used by hackers
Security

The top 12 password-cracking techniques used by hackers

5 Oct 2020
Google blocked record-breaking 2.5Tbps DDoS attack in 2017
Security

Google blocked record-breaking 2.5Tbps DDoS attack in 2017

19 Oct 2020
What is a 502 bad gateway and how do you fix it?
web hosting

What is a 502 bad gateway and how do you fix it?

5 Oct 2020