News & Knowledge

Add to Portfolio

VLP Partner Melissa Krasnow Quoted in Wall Street Journal Article “What Companies Can Learn From Uber’s Privacy Mistakes”

Posted on Aug 22, 2017 in News by Melissa Krasnow

VLP Partner Melissa Krasnow was quoted in the article “What Companies Can Learn From Uber’s Privacy Mistakes,” in The Wall Street Journal Pro Cybersecurity Newsletter.

The article noted that the U.S. Federal Trade Commission’s (FTC) announcement that Uber Technologies Inc. agreed to settle allegations that it failed to protect sensitive consumer data is just the latest warning that companies need to pay closer attention to cloud security and the collection of geolocation information.

The article reported that the FTC investigation started in 2014 after it was alleged that Uber employees were improperly accessing customer information in several situations, including through an internal tool called “God view” that allowed employees to view the location of specific users. The article also reported that the FTC investigation revealed a data breach that involved the personal information of more than 100,000 Uber drivers. The FTC said that breach resulted from inadequate cloud storage and security practices.

The article noted that the data breach highlighted in the FTC complaint illustrated how a number of low-cost stopgaps could have prevented an incident that exposed thousands of names, drivers’ license numbers, bank account details, physical addresses, and social security numbers.

Ms. Krasnow said, “It highlights the need for access control measures–this is a very important topic when you have large amounts of data collected, stored, and transferred.”

The article also pointed out that another key takeaway from Uber’s settlement is that companies that track the location of consumers will likely have their security practices scrutinized by regulators.

Ms. Krasnow noted: “The complaint mentioned geolocation eight times–this is part of a broader enforcement action. This will be a warning call for companies to look at their privacy policies and check if their geolocation information is adequately disclosed.”

She added, “FTC guidance makes it very clear that geolocation is sensitive information–whether companies understand this is another question.”