On September 26, attorneys general from all 50 states and the District of Columbia announced a $148 million settlement with a ride-sharing company to address the company's one-year delay in reporting a data breach. The company learned in November 2016 that hackers had gained access to some personal information of about 57 million riders and drivers, including drivers' license information of approximately 600,000 drivers nationwide, but the company did not notify the affected individuals pursuant to state laws until November 2017. The settlement also requires the company to implement certain data security safeguards, incorporate privacy-by-design into its products, and hire a third-party company to audit its data security practices.
The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.