Lacking in privacy.
Uber just admitted that it had flaws in its privacy guarantees. The ride-hailing giant agreed to settle charges from the Federal Trade Commission that it deceived customers by failing to monitor employee access to their personal information and that it failed to secure sensitive consumer data stored in the cloud.
Uber failed consumers in two key ways: First by misrepresenting the extent to which it monitored its employees access to personal information about users and drivers, and second by misrepresenting that it took reasonable steps to secure that data, FTC Acting Chairman Maureen K. Ohlhausen said in a statement. This case shows that, even if youre a fast-growing company, you cant leave consumers behind: you must honor your privacy and security promises.
As part of its settlement agreement, Uber will implement a new privacy program, and be regularly and independently audited every two years for the next 20 years. Uber is also prohibited from misrepresenting how it monitors internal access to consumer information and how it protects consumer data.
“We are pleased to bring the FTCs investigation to a close,” Uber said in a statement. “The complaint involved practices that date as far back as 2014. Weve significantly strengthened our privacy and data security practices since then and will continue to invest heavily in these programs. In 2015, we hired our first Chief Security Officer and now employ hundreds of trained professionals dedicated to protecting user information. This settlement provides an opportunity to work with the FTC to further verify that our programs protect user privacy and personal information.”
The allegations specifically go back to November 2014, when news reports revealed these potential privacy failures. The next month, Uber developed an automated system for monitoring employee access to consumer information, but stopped using it less than a year later, the FTC said. These breaches applied to the personal information of both Uber riders and drivers.
As for cloud security, Uber relied on Amazon Web Services. A hacker accessed personal information about 100,000 Uber drivers in May 2014, which was especially bad from the FTC’s perspective because Uber promised its customers that data was “securely stored within [its] databases.”
WATCH: Gorgeous Aurora Borealis puts on show over Scotland in timelapse video