To settle a probe into its privacy practices by New York’s attorney general, Uber has agreed to pay a fine of $20,000 as well as reevaluate how its handles sensitive user data, The Wall Street Journal reported Thursday (Jan. 7).
The case was brought against the ride-sharing company after a senior executive at Uber made comments alluding to the company’s ability to tap into the troves of data to find out the locations of specific riders and possibly use that information against them. It was later disclosed that also in 2014 the data of roughly 50,000 drivers was impacted in a security breach.
The comments, coupled with the car-hailing service company’s decision to wait five months after learning of the breach to notify drivers that their information was compromised, sparked major concerns about how the company was handling the data entrusted to them.
A spokeswoman for Uber told WSJ all of the privacy measures laid out by the attorney general were met by the company before the settlement was reached. The requested actions included performing a privacy audit as well as reducing the access Uber employees have to the sensitive personal information of riders.
“We are deeply committed to protecting the privacy and personal data of riders and drivers,” the Uber spokeswoman said in an emailed statement to WSJ. She also noted that Uber is “pleased to have reached an agreement” on the case.
According to WSJ, the settlement makes Uber legally bound to certain security requirements that are intended to keep user data safeguarded, such as authenticating employees who access sensitive user information and encrypting GPS-based location data.