FTC Approves Settlement Relating to Data Breach

The Federal Trade Commission ("FTC") provided final approval to a settlement with Uber Technologies, Inc. ("Uber") concerning allegations that the company deceived customers about its privacy and data security practices and failed to secure consumer data.

As previously covered, the FTC alleged that Uber failed to disclose a significant breach of customer data that occurred in 2016 while the company was still in negotiation with regulators regarding its mishandling of a still-earlier data breach incident from 2014. Under the expanded settlement, Uber will be required to (i) submit all reports regarding third-party audits of its privacy program and (ii) retain records concerning its "bug bounty" reports on vulnerabilities for unauthorized access to consumer data. Uber could also be subject to civil penalties if it fails to notify the FTC of future incidents involving unauthorized access to consumer information.

Commentary

The final approval of the revised settlement should be another reminder of the importance of implementing measures to secure sensitive information, as well as identifying and adequately disclosing cyber incidents when they unfortunately occur.

Premium Content

Available only to Premium subscribers.

 

Tags