Ride-hailing company Uber should expand its privacy program by helping customers understand how it handles user data, strengthening the privacy around its products, and giving its employees refresher training on data privacy, according to an internal review conducted by law firm Hogan Lovells.
The review, led by privacy lawyer Harriet Pearson, was conducted over a six-week period in late 2014, shortly after Uber’s high-profile privacy snafu in which a top exec suggested hiring researchers to dig into the “personal lives” and “families” of the company’s media critics. Pearson’s team of lawyers interviewed members of Uber’s executive team and leaders across the company, and also reviewed its privacy policies.
The review found that “Uber has in place appropriate policies and procedures,” and has “dedicated significantly more resources to privacy than we have observed of other companies of its age, sector, and size.” But there's room for improvement.
The review made “10 core recommendations” where the company could do better. Those included more strictly regulating how employees access customer data, creating mandatory job training on data privacy for its employees, deleting inactive accounts, and setting up a whistleblower hotline to handle complaints.
“Keeping the program evolving and keeping up with the evolution of the company is going to be the most challenging,” Pearson said.
In a blog post, Uber admitted it hasn’t “always gotten it right,” but it will begin implementing some of the recommendations made by the Hogan Lovells review.