Uber Moves to Better Protect That Trove of Customer Data It Collects


Ride service Uber has been slowly maturing in its privacy and data security practices and is now moving to expand its workforce dedicated to safeguarding customer and company information. Looking for a job as a security applications team member? Uber is accepting applications.

Uber’s privacy and security childhood hasn’t always been smooth.

In 2014 as a five-year old, Uber collected customer geolocation and other data in ways that some thought weren’t cool and threatened to retaliate against journalists who wrote bad things about the company. 

But facing increased scrutiny about its privacy practices, Uber hired law firm Hogan Lovells US LLP to check out how the company collected and used customer data. In January 2015, the firm reported that Uber should expand its privacy program to improve disclosures, training and employee accountability.

So the company released a new privacy policy that more clearly notified customers that it can pretty much track everything they do while using the Uber application. But stronger notice of its practices wasn’t enough for the Electronic Privacy Information Center. EPIC complained to the Federal Trade Commission that Uber shouldn't be allowed to track customers when they aren't actually using its ride-sharing app.

Regardless of what data Uber is collecting, it would be a good thing to keep customer and company information safe from hackers, right? In February, the company revealed that cybercriminals had compromised its database resulting in the possible theft of information on 50,000 of its drivers.

Then in April, Uber hired former cybercrime prosecutor and Facebook Inc. security leader Joe Sullivan as chief security officer. The company is reportedly looking to expand its in-house security team from 25 to 100 members by the end of 2015.

To keep up with the constantly evolving world of privacy and security sign up for the Bloomberg BNA Privacy and Security Update.