In a report from The Telegraph , of the 57 million, 600,000 drivers were affected, with their names and licence details downloaded by the hackers in the cyber attack. Uber said outside forensics "have not seen any indication that trip location history, credit card numbers, bank account numbers, social security numbers or dates of birth were downloaded".
Uber did not notify individuals or regulators last year at the time of the breach, in October, despite having been in talks with US regulators over separate claims of privacy violations.
Instead of reporting the hack, it said it took immediate steps to secure the data and shut down further unauthorised access by those individuals. The company paid the hackers £75,000 to delete the stolen data.
Dara Khosrowshahi who was appointed as CEO in September recently said in a statement "You may be asking why we are just talking about this now, a year later. I had the same question, so I immediately asked for a thorough investigation of what happened and how we handled it…None of this should have happened, and I will not make excuses for it. While I can’t erase the past, I can commit on behalf of every Uber employee that we will learn from our mistakes,"
Uber’s chief security officer, Joe Sullivan, and one of his deputies have been fired for their roles in covering up the breach.
CIPP comment GDPR (General Data Protection Regulation) should be on the radar of all businesses – it comes in to force on 25 May 2018 and applies to all EU and foreign companies that offer services to individuals in the EU (regardless of what happens with the Brexit negotiations). This report about Uber acts as a timely reminder - sanctions for non-reporting of a data breach under GDPR are steep – up to approximately £7m or 2% of global turnover, whichever is greater.
The CIPP’s Policy News Journal (a benefit for members only) contains all the latest information on GDPR – go to My CIPP on our website to access the journal.
The CIPP also run a half day training course which will help delegates understand and prepare for the changes, including how they affect payroll and HR functions, so that they can help their organisations become fully compliant by May 2018.
Back to Contents
General Data Protection Regulation (GDPR) 26 January 2018
New research has revealed that 82 percent of European consumers plan to exercise their new rights under GDPR to view, limit, or erase the information businesses collect about them.
Among the seven EU countries surveyed (UK, France, Germany, Spain, Sweden, Italy, and The Netherlands), the top three nationalities most likely to use their GDPR rights are Italy, Spain and France. UK residents were the least likely to act on GDPR, however at 74 percent, this still represents a significant majority of the country. Global Newswire has reported on a new global study released by Pegasystems Inc. where more than 7,000 consumers in seven EU countries were surveyed to help businesses anticipate how frequently their customers plan to use their newfound rights come 25 May 2018, when the EU General Data Protection Regulation (GDPR) comes into force. The research shows that while awareness of GDPR itself is low today, consumers are overwhelmingly interested in querying companies that hold their personal information. For example, 90 percent want direct control over how companies use their data, while 89 percent want to see the data companies store on them.
However, only 21 percent know what GDPR is or what it will enable them to do, indicating that widespread consumer action may be delayed until more awareness of these rights reaches the mainstream.
Among the many new rights that GDPR will grant consumers, they view the ‘right to access’ as the most critical. According to the survey, nearly half (47 percent) identified the ability to simply see the data companies possess on them as the most important right. The top three new GDPR empowerments in the minds of consumers are:
The Chartered Institute of Payroll Professionals
Policy News Journal
cipp.org.uk
Page 54 of 516
Made with FlippingBook - Online magazine maker