Uber settles federal agency charges for privacy breaches

Updated 2017-08-16 15:35:51 Xinhua

Uber Technologies, Inc. has agreed to implement a privacy program and obtain independent audits in the next 20 years to settle Federal Trade Commission (FTC) charges that it failed to protect consumer and driver data.

As an independent agency of the U.S. federal government, the FTC announced the settlement Tuesday in Washington, D.C.

One of FTC charges was that due to the San Francisco-based company's failure to provide ride-hailing services, an intruder accessed personal information about Uber drivers in May 2014, including more than 100,000 names and drivers' license numbers that Uber stored in a datastore operated by Amazon Web Services.

In addition, following media reports alleging Uber employees were improperly accessing consumer data, the company stated in November 2014 that it had a "strict policy prohibiting" employees from accessing rider and driver data, except for a limited set of legitimate business purposes, and that employee access would be closely monitored.

However, the FTC found that Uber developed an automated system for monitoring employee access to consumer personal information in December 2014, but the company stopped using the system less than a year after it was put in place; and that for more than nine months afterwards, the company rarely monitored internal access to personal information about users and drivers.

The FTC alleged that Uber did not require engineers and programmers to use distinct access keys to access personal information stored in the cloud. Instead, it allowed them to use a single key that gave them full administrative access to all the data, and did not require multi-factor authentication for accessing the data. And, it stored sensitive consumer information, including geolocation information, in plain readable text in database back-ups stored in the cloud.

"Uber failed consumers in two key ways: First by misrepresenting the extent to which it monitored its employees' access to personal information about users and drivers, and second by misrepresenting that it took reasonable steps to secure that data," FTC Acting Chairman Maureen Ohlhausen was quoted as saying in a news release. "This case shows that, even if you're a fast growing company, you can't leave consumers behind: you must honor your privacy and security promises."

To settle with the FTC, Uber agreed not to misrepresent its monitoring of internal access to consumers' personal information and its protection of such data; agreed to implement a program that addresses privacy risks related to new and existing products and services and protects the privacy and confidentiality of personal information; and agreed to obtain every two years for the next 20 years, independent, third-party audits certifying that it has a privacy program in place that meets or exceeds the requirements of the FTC order.

Also in the News

Nicole Kidman Recalls Oscar Glory: Loneliest Time
Showbiz2016/06/16 13:58July 17 2018 06:18:47

Nicole Kidman Recalls Oscar Glory: Loneliest Time

Attending Shanghai International Film Festival, Nicole Kidman talks about her role in "Grace of Monaco".

Labor Day Travel Peak Starts
Also in the News2014/05/01 12:16July 17 2018 06:18:47

Labor Day Travel Peak Starts

Johnny Depp Delivers a Speech 'Evolve the Future' in 'Transcendence'
Also in the News2014/04/18 13:18July 17 2018 06:18:47

Johnny Depp Delivers a Speech 'Evolve the Future' in 'Transcendence'

Hollywood star Johnny Depp's speech in the upcoming new film "Transcendence" has been disclosed on Friday, April 11th.

Most Watched

News:
China World Business Sports Showbiz Audio
Video:
C4 My Chinese Life The Sound Stage China Revealed Showbiz Video Travel Video
Photos:
China World Fun Travel Entertainment Sports
Travel:
Beijing Shanghai Guangzhou
Lifestyle:
Live Music Opera & Classical Movies Traditional Shows Exhibitions
Learn Chinese:
Chinese Studio Living Chinese Everyday Chinese Just For Fun Chinese Culture Buzzwords