FTC & Uber: Compromise in the matter of Uber's data protection policy
Federal Trade Commission, 15.8.2017The FTC alleged Uber to misrepresent the extent to which its employees had access to information about riders and drivers and the monitoring of this access. Furthermore, the FTC puts forward that in its opinion sensitive personal data Uber stored on a third-party cloud provider's server is not securely locked down. Although Uber had the possibility to adopt suitable measures, the data were easy of access and private information was stored in plain readable text in the cloud, which ended up in a hacker attack in 2014 with 100,000 names and drivers licenses numbers uncovered.
The background
As allegations had come up in 2014, Uber stated to have strict regulations concerning its employees' access to user data and reasonable security measures to prevent unauthorized access. Nevertheless, it only used its automated access monitoring system for less then a year.
The agreement
According to the FTC's report, Uber is now prohibited to misrepresent how it monitors the employees' access to consumer data and how it protects and secures the data. In addition, Uber agreed to launch a comprehensive privacy program that addresses privacy risks related to new and existing products and services and guarantees the privacy of all personal data collected. Moreover, the company will implement regular third-party audits certifying the privacy program.
Links:
Click here to read the FTC's press release.