The Federal Trade Commission ("FTC") provided final approval to a settlement with Uber Technologies, Inc. ("Uber") concerning allegations that the company deceived customers about its privacy and data security practices and failed to secure consumer data.
As previously covered, the FTC alleged that Uber failed to disclose a significant breach of customer data that occurred in 2016 while the company was still in negotiation with regulators regarding its mishandling of a still-earlier data breach incident from 2014. Under the expanded settlement, Uber will be required to (i) submit all reports regarding third-party audits of its privacy program and (ii) retain records concerning its "bug bounty" reports on vulnerabilities for unauthorized access to consumer data. Uber could also be subject to civil penalties if it fails to notify the FTC of future incidents involving unauthorized access to consumer information.
The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.
