Uber is expanding the proposed settlement it made with the Federal Trade Commission (FTC) last August pertaining to data mishandling, privacy and security complaints that date back to 2014 and 2015. In August, Uber agreed to 20 years of privacy audits, reported SCmedia.
That proposed settlement happened prior to Uber’s disclosure of the massive 2016 data breach that affected some 57 million riders and drivers. Now, Uber will be subject to “additional requirements,” according to the FTC.
“After misleading consumers about its privacy and security practices, Uber compounded its misconduct by failing to inform the Commission that it suffered another data breach in 2016 while the Commission was investigating the company’s strikingly similar 2014 breach,” Acting FTC Chairman Maureen K. Ohlhausen said in a statement. “The strengthened provisions of the expanded settlement are designed to ensure that Uber does not engage in similar misconduct in the future.”
As part of the revised settlement, Uber may be subject to civil penalties if it fails to notify the FTC of future privacy breaches. Uber must also submit all third-party audits of the company’s privacy program, as well as retain records pertaining to bug bounty programs that relate to unauthorized access to consumer data.