On January 6, 2016, the New York State Attorney General’s office announced a settlement reached with Uber Technologies, Inc. (“Uber”). Uber owns and operates a mobile application platform that allows riders to connect with Uber drivers through use of their mobile phones. A series of reports by the online journal BuzzFeed reported on Uber’s “god view,” a tool which tracks and shows an aerial view of all passengers and drivers in a particular area. An employee of Uber used the “god view” tool to track and meet a well-known BuzzFeed writer. The employee subsequently admitted to using the “god view” tool to keep logs of the reporter’s Uber trips and track her movements.

The New York State Attorney General’s office launched a 14-month long investigation involving Uber’s “god view” application, and also investigated reports of a September 2014 data breach where Uber driver names and driver’s license numbers were accessed by an unauthorized third party. The investigations concluded with the announcement of this week’s settlement. The terms of the settlement, according to the New York State Attorney General, will “enhance rider privacy” in the future.

How Will Uber’s Settlement with the NY State Attorney General affect the “God View” app?

Uber Settles “God View” dispute with New York Attorney General

Pursuant to the terms of the settlement reached with the New York State Attorney General, Uber is required to encrypt rider geo-location information, adopt multi-factor authentication before any employee may access especially sensitive rider personal information, as well as other industry leading data security practices. At least one or more Uber employees will now be required to coordinate and supervise Uber’s new privacy and security program. Uber will also now conduct annual employee training to inform those responsible for handling customer sensitive information about Uber’s data security practices.

In addition to the foregoing, Uber must create a separate section in its consumer-facing privacy policy describing its policies concerning the collection, use and sharing of location information collected from riders. Uber will also be required to pay the New York State Attorney General a penalty fee of $20,000.00 for failure to provide timely notice to drivers and the Attorney General’s office about the September 2014 data breach.

Protect Yourself

Federal and state regulators strongly scrutinize policies concerning the collection, use and sharing of consumer sensitive information. Today’s businesses must conduct regular reviews of their consumer data privacy protocols and maintain up to date consumer-facing privacy policies.