CNBC reported earlier this afternoon that Uber has agreed to privacy audits for the next 20 years and will be implementing a new privacy program as part of the settlement. The ride-hailing start-up stopped using an automated system for monitoring employee access to consumer data after less than a year, the FTC said. More than 100,000 names and driver’s license numbers were stolen in a 2014 data breach of Uber’s database, operated by Amazon Web Services. Malcolm Harkins, Chief Security and Trust Officer at Cylance commented below.
Malcolm Harkins, Chief Security and Trust Officer at Cylance:
“In the age of digital business and increasing cyber risk, it’s critical for senior executives and boards to put the building of trust at the top of the priorities list. Trust is a function of two things: competence and character. While I respect the work of Uber’s more recent executive hires, this settlement may be an indication of things that were lacking to deliver that trust earlier in Uber’s history. Not only for security, but for privacy, all organisations should have a set of principles in place to guide the placement of the anchor points for security and privacy to deliver trust. Equally important is the right governance model to oversee the evolution of trust throughout the company.”