Uber settles with New York Attorney General over privacy violations and data breach

January 12, 2016 |

Uber has settled an investigation by the New York Attorney General arising from using its app to monitor the whereabouts of passengers.  The financial penalty aspect of the settlement is quite modest, payment of $20,000.  It has to maintain proper security policies and procedures and review its policies at least bi annually.

Uber suffered a data breach in May 2014.  It did not  became aware of it, which involved its drivers personal data, until September 2014.  It did not advise the 50,000 drivers affected until February 2015.  Poor practice but not unusual.  The lag between discovery and notification is often significant.

BBC reports on the settlement in Uber pays $20,000 settlement over data claims which provides:

Uber has agreed to pay $20,000 (£13,700) and to strengthen its privacy policies to settle an investigation by New York’s attorney general.

It follows allegations that the app-based taxi company was able to monitor the whereabouts of passengers through its geolocation technology.

It also failed to report a major data breach to authorities in a timely way.

Uber said it had adopted all of the safety measures requested prior to reaching the settlement.

The investigation followed a BuzzFeed News story in 2014 that alleged one of its reporter’s rides had been tracked without her permission.

This was allegedly done through an internal company tool called “God View”, which shows the location of Uber vehicles and customers who have requested a car and which was reportedly widely available to corporate employees.

Data breach

The attorney general also said Uber had taken five months to inform its drivers about a breach involving their personal data.

The breach, which affected 50,000 drivers, occurred in May 2014 and was discovered by Uber in September 2014.

But the firm admitted it did not tell its drivers or the public until February 2015.

Uber said it had already removed all personally identifiable information of riders from its location system and undergone a privacy audit.

According to the settlement, it must also encrypt GPS-based location information and authenticate any employee accessing this data for business purposes.

An Uber spokeswoman told the Wall Street Journal the firm was “pleased to have reached an agreement”.

“We are deeply committed to protecting the privacy and personal data of riders and drivers,” she said.

It has also been reported by Cnet here.

One Response to “Uber settles with New York Attorney General over privacy violations and data breach”

  1. Uber settles with New York Attorney General over privacy violations and data breach | Australian Law Blogs

    […] Uber settles with New York Attorney General over privacy violations and data breach […]

Leave a Reply





Verified by MonsterInsights