Washington, D.C. – The revelation that ride-hailing company Uber experienced a major data breach in October 2016 and not only kept it secret from the customers and drivers who were affected but even paid the hackers to hush it up is another example of why we need better security for our personal information. While we already have state data breach notice laws, and I am confident that state authorities will act on any violations that occurred here, there should be requirements for safeguarding our personal information to deter theft, identify breaches quickly, and take the appropriate action. Furthermore, there must be strong penalties to hold companies such as Uber accountable.
That is why Consumer Federation of America supports the Consumer Privacy Protection Act of 2017, which was recently introduced by Senator Patrick Leahy. It would require companies to implement privacy and security programs to protect the sensitive personally identifiable information that they access, collect, use, transmit or store, such as driver’s license numbers, to notify affected individuals without undue delay if that data has been breached, and to provide breach victims with the appropriate identity theft prevention and mitigation services. Just as importantly, it would empower the Federal Trade Commission to issue regulations, provide for federal and state enforcement, and impose civil penalties for violations. The bill would also make it a crime to conceal a security breach under certain circumstances.
It is time for action to be taken to ensure that companies take data security seriously. This isn’t the first data breach at Uber, but it should be the last.
Contact: Jack Gillis, 202-737-0766
The Consumer Federation of America is a national organization of more than 250 nonprofit consumer groups that was founded in 1968 to advance the consumer interest through research, advocacy, and education.