What have we learned about Uber’s concealment of a data breach?
By Audrey Friel <audrey@torquesol.co.uk>
Safeguarding consumer data and ensuring that companies have appropriate data policies is a growing problem. In 2016 a breach in Uber exposed the details of 57 million customers and drivers. Uber chose not to report the breach and paid a ransom to hackers to delete the data.
The breach was concealed for a year. This raises concerns in many areas. How could Uber ignore the need to inform its customers of the breach? At least customers could have taken some action to protect their data. How could Uber guarantee that the hackers did not keep copies of the data for further malicious intent? By concealing the breach for a year Uber effectively gave the hackers free rein to carry out maximum damage. Rather than disabling cybercrime, Uber has enabled the hackers. Uber has failed to comply with its responsibility to customers and data protection regulations.
In attempting to protect its reputation through concealment, Uber has actually seriously damaged it. High fines, in the millions, will be issued by the regulators.
The General Data Protection Regulation, known as the GDPR, will be enforced from 25th May 2018. Companies that conceal data breaches will have to pay significant fines. The new rules state that companies must inform regulators about a breach within 72 hours of discovering a hack.
Companies which fail to do so will be fined 4% of their global annual turnover or 20 million euros whichever is higher.
At Decentralized ID (DID), the security of customer data is paramount. Information such as passports, ID cards, driving licences, visas and other sensitive documentation is securely transmitted using Blockchain technology. The aim is to enable individuals to take control of their identity and ensure access to services with maximum privacy.
Blockchain technology provides invulnerable cryptography. Verification is confirmed through Blockchain Originated Certificates of Authority ( BOCA) or DID tokens. Through this the individual exercises full control over his/her digital identity. Moreover there is the peace of mind that available ID documentation is held securely by the individual and is accessible when required.
Thus the individual may select exactly which data to share and with exactly which institution/company/individual. We cannot stop a platform from abusing your rights. However we can control what you share with them- by using ‘‘smart contracts’’ we can put in place checks and balances that make it clear that your identity may not be used e.g. for research, product development or selling on personal information.
To take back control of your ID please click the link below for more information about DID and our Foundation.
Originally published at decentralized.id.
