Protecting personal data and privacy is foundational to the trust between Uber and our riders. To ensure that foundation remains strong, two months ago we embarked on a comprehensive review of our Privacy Program. We enlisted outside experts from the global law firm Hogan Lovells to thoroughly examine how we safeguard rider data, and we’d like to share their findings with you today.
The review was led by Harriet Pearson, who is widely acknowledged as one of the foremost experts on data privacy. Ms. Pearson and her team spent 6 weeks reviewing documents and interviewing members of Uber’s executive team and leaders across the entire company. The review was comprehensive and found that overall our Privacy Program is strong.
“Uber has dedicated significantly more resources to privacy than we have observed of other companies of its age, sector, and size.”
While Uber is encouraged by these findings, we fully acknowledge that we haven’t always gotten it right. Uber grew rapidly in the past two years from a small local company to a large global one. As part of that transformation, we began a comprehensive process to shore up our privacy program last summer. The hiring of Katherine Tassi, our Managing Counsel for Privacy, in August of 2014 was a critical step in bringing focus and leadership to these efforts.
Our approach is to constantly review and iterate on our policies, processes and technology so that we ultimately become a leader in the area of privacy and data protection. We believe this report card from Hogan Lovells is a strong step in that direction and provides a roadmap to do even better going forward.
Hogan Lovells made a series of recommendations on how Uber could take privacy and data security to that next level, bringing more focus and rigor to work already in progress at Uber. The leadership team has reviewed these recommendations and has begun implementing them. You can also read a summary of these recommendations, which include:
Specialized Employee Training: Uber will introduce mandatory, job-specific training on privacy and data security issues, including periodic refresher sessions to make certain all employees are up to date on policies.
Improved Clarity for Users: Hogan Lovells concluded that Uber “comprehensively describes” its data collection and data use, but they find that we can do better and recommend we make policies easier to understand. The report recommends we make it more clear how Uber uses consumer information; to this end, we will be publicly releasing new privacy policies soon.
Reinforced Access Controls: Hogan Lovells finds that Uber has appropriate policies, implemented by technical and other measures to restrict access to user data to authorized employees. But they conclude that we can make these measures more granular, reinforcing and tightening existing technical controls. We are currently working to make these changes.
“At Uber, protecting the personal information of riders is a core responsibility and company value. Delivering on that value means that privacy is woven into every facet of our business, from the design of new products to how we interact with riders, drivers and the public at large. We will continue to make it a priority to ensure that everyone at the company understands just how critically important it is to build and protect this trust with all of these constituents.”
—Travis Kalanick, Uber CEO
Making certain we have strong policies and practices in this ever-evolving world of new technologies is a constant quest. The only way to meet and exceed our users’ expectations is to continuously improve the processes and technology around privacy. Our promise to the Uber Community is that when it comes to privacy, our commitment doesn’t stop with the findings of this report; it is ongoing. We won’t rest until our Privacy Program is world class and we are confident our roadmap will get us there.
Katherine Tassi is Uber’s Managing Counsel of Data Privacy at Uber Technologies. Prior to joining Uber, Tassi spent 4 years at Facebook as the Head of Data Protection and the Associate General Counsel in charge of the global data protection program. She spent 8 years serving in the Washington State Attorney General’s Office as an Assistant Attorney General prosecuting consumer protection violations and working on high-tech litigation.
Harriet Pearson is a partner in the Washington, D.C. office of Hogan Lovells, where her practice focuses on privacy and cybersecurity. Dubbed by one legal publication as the “First Lady of Privacy,” Harriet is one of the first and longest-serving chief privacy officers in the Fortune 500 and an internationally-recognized data privacy and security pioneer. In 2007 the International Association of Privacy Professionals (IAPP) presented Harriet with its highest honor, the Vanguard Award, awarded annually to “the individual professional who best demonstrates outstanding leadership, knowledge and creativity in the field of privacy and data protection.”