September 24, 2021

Volume XI, Number 267

Advertisement

September 24, 2021

Subscribe to Latest Legal News and Analysis

September 23, 2021

Subscribe to Latest Legal News and Analysis

September 22, 2021

Subscribe to Latest Legal News and Analysis
Advertisement

Uber Found to Have Breached Australians' Privacy Following 2016 Hack

In 2017, Uber disclosed to the Office of the Australian Information Commissioner (OAIC) a breach of its some 57 million global users and driver’s personal information (including approximately 1.2 million Australians). Last Friday, the OAIC determined that Uber had breached the Australian Privacy Act by failing to take reasonable steps to protect Australians' personal information from unauthorized access.

Despite the breach and Uber’s decision not to individually notify those affected or report the attack until 2017, no fine has been imposed; whereas, other jurisdictions imposed large fines for the breach – US ($148 million) and UK (£385,000 pounds). Instead of a fine, the OAIC has ordered Uber to put together a data breach response plan, information security program, and data retention and destruction policies and procedures. There is an independent supervision of these steps which is a popular measure with the OAIC. 

It is interesting to see that Australia did not set a monetary fine despite the size of the breach and the global industry player involved.

Since the determination, it has been reported that Uber has obtained ISO 27001 certification and has updated its security policies and procedures.

Following the series of ransomware attacks recently, it is also noteworthy that Uber chose to pay its attackers US $100,000 at the time to delete its user’s stolen data. Perhaps as suggested by the Ransomware Payments Bill, mandatory reporting of ransomware attacks would be helpful to better monitor these types of breaches in Australia, but we wonder if in with a global company such a payment would have fallen into Australian regulatory reach unless the Australian subsidiary made the payment?

Copyright 2021 K & L GatesNational Law Review, Volume XI, Number 208
Advertisement
Advertisement
Advertisement
Advertisement
Advertisement
Advertisement

About this Author

Cameron Abbott, Technology, Attorney, Australia, corporate, KL Gates Law Firm
Partner

Mr. Abbott is a corporate lawyer who focuses on technology, telecommunications and broadcasting transactions. He assists corporations and vendors in managing their technology requirements and contracts, particularly large outsourcing and technology procurements issues including licensing terms for SAP and Oracle and major system integration transactions.

Mr. Abbott partners with his clients to ensure market leading solutions are implemented in to their businesses. He concentrates on managing and negotiating complex technology solutions, which...

+61.3.9640.4261
Advertisement
Advertisement
Advertisement