Uber covered up a data breach in 2016 that affected the privacy of 1.2 million Australians; as a result, the Australian Privacy Commissioner has ordered Uber to comply with Australian Privacy Principles.
In October and November 2016, hackers stole the data of over 57 million people worldwide from Uber's database. Acting out of self-interest, Uber concealed this data breach and did not inform its customers.
- Protect the personal data of 1.2 million Australians.
- Notify those impacted.
- Conduct an assessment of the personal information accessed.
- Comply with the Privacy Act 1988 (APA) and several Australian Privacy Principles (APP) requirements.
Further, Falk said Uber concealed the breach for over 12 months and paid the hackers for their silence.
Falk ordered Uber to:
- Review and report on AAP policies and programs.
- Submit the reports to the Office of the Australian Information Commissioner, and make the recommended changes.
Falk requested that Uber:
- Prepare data retention and destruction policy.
- Establish an information security program and an individual to run it.
- Implement an incident response plan to data breaches.
- Conduct an independent assessment of Uber's adherence to the APA.
Learn more about how Uber failed to inform their customers that the customer's data had been compromised.