From Data Breach to Data Privacy: Uber’s Wild Ride

Uber hired two new senior-level, privacy-specific staff on July 18, after a tumultuous two years of legal woes regarding a 2016 data breach — the latest effort on the part of the ubiquitous tech startup to convince consumers they’re committed to protecting their personal data.

Uber’s chief legal officer, Tony West, announced the hires — Reby Zefo and Simon Hania — to employees in a July 18 internal email obtained by DMN. Zefo, coming from a similar role at Intel, will join the team as Uber’s first-ever Chief Privacy Officer — filling a “critical global role” in which she’ll develop and implement “privacy standards, procedures, and processes.” Hania is joining as Data Protection Officer — a GDPR-specific role for Uber’s European markets.

C-level roles handling data privacy are nothing new — especially in the tech industry. What’s significant is how the positions fit into Uber’s long-term plans after a rocky couple of years.

In April, the company settled a case stemming from an investigation by the Federal Trade Commission (FTC) alleging that Uber misled customers about a 2016 data breach concerning some 57 million customers’ private information (that breach wasn’t made public until late 2017, when Uber revealed that it paid the hackers $100,000 to destroy the data). The two new privacy hires followed Uber’s internal investigation into why the company didn’t alert authorities or consumers — and some data analysts were somewhat surprised that Uber wasn’t the subject of more public pressure to act sooner.

Brian Byer VP, content and commerce practice lead, Blue Fountain Media, said that there is certainly consumer interest in the proper handling of data, if not a whole lot of wherewithal to do anything about it.

“There is pent-up consumer demand for holders of big data to behave correctly,” he said, but “for the most part I think people tend to just go about their merry way and aren’t concerned until there’s an issue.”

A May 2018 survey by Blue Fountain Media, a New York-based digital marketing firm, which surveyed more than 1,000 18- to 44-year-olds, seems to suggest that consumers feel hopeless in the face of massive data breaches. Despite 81 percent of the U.S. population having social networking profiles, the survey found just four percent trust social media sites with their personal information (only three percent trust search engines). Nearly two-thirds of those polled download apps without reading the terms and conditions — and if they discovered their favorite app tracked their whereabouts, only 33 percent of those surveyed said they would stop using it.

So, what’s a brand like Uber to do? Well, it seemingly can do whatever it wants.

“They’re the ones liable for the risk because they’re going to be the ones that are having to provide all of the protections to the consumer,” Byer said. “And I think that’s why these types of hires are important — not just from a PR standpoint. The reality is that these types of security breaches just aren’t gonna go away.”

Particularly with respect to Hania’s hire, Byer said, GDPR compliance is going to be absolutely critical.

“GDPR and the regulations that the E.U. has put in place have had a ripple on effect globally — especially amongst our clients with anybody that either does business or has website traffic from outside the U.S.,” he said. “They really need to ensure that they have expertise to maintain compliance with these regulations because the fines are just potentially tremendous for not complying.” 

Uber’s multi-billion dollar brand has the resources to hand pick top security officials to that end. But for smaller organizations, Byer said, it doesn’t make sense, but there are other ways to be proactive.

“There exists in the world platforms and outside counsel that you can use in combination to affect enough compliance that you’re gonna at least diminish your risk to an acceptable level,” he said.

Still, though, Chief Privacy and Data Protection Officers are nothing new, Byer said. Most of the veteran technology players have known this for quite some time. A 2014 IBM-commissioned report claimed that “as executives witness data’s proven impact on performance and innovation and recognize its strategic significance, they also realize the growing need for a leader whose primary role is to understand and advocate on behalf of data.”

Daniel Hughes, a chief data officer at Publicis Groupe, a French communication services provider, stressed the need for brands to understand why they are hiring data- and privacy-specific in a June 2017 blog post on Medium.

“Effective data governance and compliance with data privacy regulations are a serious responsibility that is worthy of a C-level title and significant investment,” Hughes wrote. “ … But unfortunately staying out of trouble is not a strategy for winning in the marketplace. Instead, companies are better served by viewing the CDO role as a strategic position with the potential to create vast differentiation for the business as a whole.”

This story was updated on July 30 at 12:09 p.m.

Related Posts