Uber To Pay $20,000 Penalty Over Data Breach In 2014

Updated on

Uber agreed to settle the investigations of the New York Attorney General’s Office regarding its collection, disclosure, and maintenance or rider’s location.

The Attorney General’s Office launched an investigation against Uber in late November 2014 amid reports that it has access to riders’ locations, and it displayed the information in an aerial view, which was called internally as “God View.”

On February 26, 2015, the ride-sharing start-up informed the Attorney General Eric Schneiderman about a data breach. Uber said an unauthorized third-party accessed the names and license numbers of its drivers. The Attorney General’s office also investigated the matter.

Uber settlement agreement

Attorney General Schneiderman announced that Uber reached a settlement agreement with his office.

The ride-sharing app agreed to improve its rider privacy by adopting the best data security protection practices. Uber agreed to pay a penalty of $20,000 for its failure to inform drivers and the Office of New York Attorney General Eric Schneiderman in a timely manner about the data breach in September 2014.

The Attorney General’s office required Ube to encrypt its geo-location information, adopt multi-factor authentication, and other leading data security practices.

Uber has also agreed to limit access to geo-location information to designated employees with legitimate business purpose. It would implement the limitation through technical access controls, and a formalized authorization and approval process.

It will assign one or more employees to coordinate and supervise its privacy and security program. Annual employee training will be conducted, and it will identify the responsible persons handling private information regarding its data security practices.

Uber will also adopt protective technologies to access, store and transfer private information and credentials and perform regular assessments of the effectiveness of its internal controls and procedures related to the security of private information and geo-location information and update such controls.

It will also maintain a separate section describing its procedures regarding the collected location information from riders under its consumer-facing privacy policy.

Settlement protects Uber drivers from potential abuse

In a statement, Attorney General Schneiderman said the settlement protects the personal information of Uber riders from possible abuses by staff and executives of the company.

“We are committed to protecting the privacy of consumers and customers of any product in New York State, as well as that of employees of any company operating here. I strongly encourage all technology companies to regularly review and amend their own policies and procedures to better protect their customers’ and employees’ private information,” said Schneiderman.

Leave a Comment