Topics: Uber
|
Agency: Federal Trade Commission
Date: 26 October 2018 |
In its complaint, the FTC alleged that Uber failed to monitor employee access to consumers’ personal information on an ongoing basis and to reasonably secure sensitive consumer data it stored in the cloud. As a result of its failure to take reasonable measures to secure both rider and driver data, the company suffered two breaches. The first breach occurred in or about May 2014 when an intruder gained access to personal information about Uber drivers. Uber suffered a second, larger breach of drivers’ and riders’ data in October-November 2016, and failed to disclose that breach to consumers or the FTC for more than a year, despite being the subject of an ongoing FTC investigation of its data security practices during that time.
Following the second data breach, the FTC negotiated an expanded and revised settlement with Uber. Under the final settlement, Uber could be subject to civil penalties if it fails to notify the FTC of certain future incidents involving unauthorized access to consumer information, which includes both driver and rider information. The company is also prohibited from misrepresenting how it monitors internal access to consumers’ personal information and the extent to which it protects the privacy, confidentiality, security, and integrity of personal information. In addition, Uber must implement a comprehensive privacy program and for 20 years obtain biennial independent, third-party assessments, which it must submit to the Commission, certifying that it has a privacy program in place that meets or exceeds the requirements of the FTC order.
The FTC received three comments on the revised settlement with Uber. The Commission voted 4-0-1 to approve the final complaint and order as well as responses to the three commenters. Commissioner Christine S. Wilson did not participate. Commissioners Rohit Chopra and Rebecca Kelly Slaughter issued separate statements.
The Federal Trade Commission works to promote competition, and protect and educate consumers. You can learn more about consumer topics and file a consumer complaint online or by calling 1-877-FTC-HELP (382-4357). Like the FTC on Facebook, follow us on Twitter, read our blogs, and subscribe to press releases for the latest FTC news and resources.
STAFF CONTACT:
Ben Rossen
Bureau of Consumer Protection
202-326-3679
James Trilling
Bureau of Consumer Protection
202-326-3497