How Safe is Your Private Data?

By Joe Grist
Blog Content Contributor

We’re in a golden era of technology. There’s no doubt about it. It seems that new apps, startups, companies and even forms of currency are popping up every day. It’s almost impossible to keep track of every service that comes out, but we should be aware of how our information is used and how we can protect it.

The old saying “information is power” is more relevant than ever. Many “free” internet and business services are only free because they make a profit from selling the data they collect from users. This is done through the information we voluntarily give: signing up for apps or services through your email, Facebook or your phone number; filling out these same forms with personal information such as your name, address or license number; signing user agreements, and even posting photos, videos and texts to social media. There is even information known as a digital “footprint” which consists of not only what you intentionally post online but all data that is relative to you, whether it’s something you posted or something that someone else posted about you.

Maybe you already knew this, or maybe you had a general idea that your information was being used in some way or another, but what happens when the apps or services we trust violate our privacy?

On Jan. 25, tech news website The Information published a story on Lyft initiating an internal investigation due to allegations that its employees abused customer data. According to the article, a former employee posted on an anonymous message board app called Blind, which allows current and former employees to talk about employers without fear of retaliation. The post claimed that he had witnessed Lyft employees look up exes, Hollywood actresses and even Facebook CEO Mark Zuckerberg.

Lyft soon responded to these allegations stating that its engineers are required to go through training and sign a “confidentiality and responsible use” agreement upon signing with the company.

The agreements “bar them from accessing, using, or disclosing customer data outside the confines of their job responsibilities,” said a Lyft spokeswoman in the statement.

It’s policies also “categorically prohibit accessing and using customer data for reasons other than those required by their specific role at the company.”

“The specific allegations in this post would be a violation of Lyft’s policies and a cause for termination,” the statement said. “We are conducting an investigation into the matter.”

This wasn’t the first incident of privacy violations by a rideshare company either. Just last year, Uber settled a lawsuit with the Federal Trade Commission (FTC) over the “God View” privacy fiasco, and they also received a huge amount of flak for paying off a hacker who found a breach in Uber’s security systems in 2016.

If you missed either of these incidents, here’s a recap: The God View incident happened due to a failure to protect consumer’s data which led to Uber accidentally allowing employees to access rider and driver information, which led to a data breach in 2014 that exposed thousands of drivers’ names and license numbers to the public.

The breach in 2016 was even more extensive.

In 2016, hackers received two payments of $50,000 each from Uber on Dec. 8, 2016. The breach, which had exposed 57 million driver and rider accounts, wasn’t made public until Nov. 2017. Nearly a year later.

Here’s the kicker, Uber didn’t have to pay one single dime for it. That’s right, you read this correctly. Uber received a slap on the wrist for the God View incident and was told by the FTC to acquire an outside firm to audit its privacy practices every two years for the next two decades. As for the data breach? Nothing whatsoever. Uber fired their chief security officer Joe Sullivan, forced out their former chief executive Travis Kalanick and made the hackers sign non-disclosure agreements (NDAs) and that was it

Sure, Uber added additional “privacy settings” to their mobile app, but does that really mean anything? The private data of customers, for both Lyft and Uber alike, were supposed to be protected by company policy and that didn’t mean a thing. The ridesharing industry is already massive and is expected to grow exponentially in the next decade. Shouldn’t there be some sort of third party regulations and punishments for not only rideshare companies, but any app that handles our personal data?

That’s just it though, there are no national regulatory laws when it comes to the collection and use of personal data.

“In the US, there is no single, comprehensive federal (national) law regulating the collection and use of personal data.” Wrote Ieuan Jolly from Loeb & Loeb. “Instead, the US has a patchwork system of federal and state laws and regulations that can sometimes overlap, dovetail and contradict one another. In addition, there are many guidelines, developed by governmental agencies and industry groups that do not have the force of law, but are part of self-regulatory guidelines and frameworks that are considered ‘best practices’.”

So, what can we do? Not much. The best act of prevention for users is to seriously consider whether you want information that you’re submitting out there. Even if you think it’s private. It’s also good practice to check your privacy settings on your mobile apps, computer software and online accounts. Turn off location services unless you need it and make sure to sign out when you’re finished using an app or device. The tech boom isn’t slowing down anytime soon, so it pays to be aware, informed and vigilant. Stay safe out there.

Featured image by Erin Garrigan.