I’m not seeing any press release from NYS Attorney General Schneiderman’s office yet, but Kenneth Lovett of the NY Daily News reports that Uber has settled two probes stemming from both its “God View” privacy breach scandal and delayed notification of a breach involving drivers’ information.
In addition to paying the $20,000 fine to settle both probes, Uber, whose latest valuation was $62.5 billion, voluntarily agreed to comply with a number of provisions, according to a source who read the agreement.
[…]
Uber also agreed to encrypt rider geo-location information and adopt “multi-factor authentication” that would be required before an employee could access riders’ personal information.
In addition, the company formally agreed to conduct annual privacy and security training for employees, designate someone to supervise a privacy and security program, and maintain reasonable security practices, the source said.
Read more on the NY Daily News.
Attorney General Schneiderman seems to be going lightly with monetary penalties. His recent settlement with U. of Rochester over another breach involved a $15,000 penalty. It looks like he’s trying to make a point and is more focused on correction rather than punitive measures.
This post originally appeared on DataBreaches.net.