The federal scrutiny has added to the pressures on Uber, a company that has undergone several public business crises in recent months, including the ouster of its chief executive, Travis Kalanick, an employee exodus and lawsuits from a competitor and an investor.
In the privacy case, the F.T.C. accused Uber of two violations. The first stemmed from the company’s announcement in 2014 that it had developed an automated system to monitor employee access to consumer personal information.
The extra privacy measures were announced in response to news reports that some Uber employees were using a tool known as “God View” to track trips taken by users. On its website and in a statement, Uber announced that it had “a strict policy prohibiting all employees at every level from accessing a rider or driver’s data.” It said, “The only exception to this policy is for a limited set of legitimate business purposes.”
But the commission said it found that the company did not live up to that promise. In its complaint, the commission said that Uber stopped using its automated system of monitoring employee access to information less than a year after it was announced and that when it was in place, the company rarely monitored it.
“The system was not designed or staffed to effectively handle ongoing review of access to data,” the commission said.
The F.T.C. also said that Uber had not done enough to protect consumer data stored with a third-party cloud vendor, Amazon Web Services. Uber’s lax practices led an intruder to access the personal information, including names, drivers licenses and some banking and social security numbers of 100,000 Uber drivers.
Uber said it strengthened its privacy and security measures in recent years.
“We’ve significantly strengthened our privacy and data security practices since then and will continue to invest heavily in these programs,” the company said in a statement.
Continue reading the main story