Uber Ordered To Pay $20K To Settle New York Data Breach And 'GodView' Probe

Uber, the cab-hailing company, has settled two investigations that the New York Attorney General's office was pursuing against it. The settlement was announced by Eric Schneiderman, New York's Attorney General, Thursday. These investigations had subjected Uber's data protection policies and practices to a lot of scrutiny. The terms of the settlement include a fine of $20,000 as well as an undertaking by Uber to overhaul its data security processes.

The announcement brings an end to two investigations that had been ongoing for nearly 14 months now. The first related to a data breach that took place last September in which the Personally Identifiable Information (PII) of nearly 50,000 drivers was compromised and accessed illegally. Under New York law, such breaches are required to be reported "in the most expedient time possible and without unreasonable delay." However, Uber informed the Attorney General's office five months after the original incident had taken place, according to CNET.

The second case the Attorney General's office was investigating related to a report by BuzzFeed that claimed Google used a "GodView" of its cabs, drivers and riders to execute its operations. This view also displayed some PII relating to drivers and riders on a grid indicating the location of these parties on a map. The second investigation was looking at whether the display and use of PII was in breach of applicable data protection law and principles, according to BuzzFeed News.

The settlement with the Attorney General's office imposed a fine of $20,000 for the delay of five months between the time the data breach (relating to the PII of the 50,000 drivers) occurred and the time it was actually communicated externally to the people affected. Regarding the internal use and processing of the PII of drivers and riders internally (the "GodView" probe), Uber undertook measurements to strengthen its internal policies on data protection, encrypt PII and permit only those with "a need to know" to access such sensitive data, according to Bank Info Security.

Tags
Uber, Data Breach, New York, Attorney general, Drivers
Real Time Analytics