A data breach that occurred two years ago has now cost Uber its licence to operate a taxi-hailing service in Brighton.
It’s a perfect example of how important it is to ensure data security is robust ensuring loss of business and even terminal damage to your company is avoided.
Uber’s data breach comprised a leak of names, phone numbers and email addresses of more than 57 million people. Uber failed to report the lapse quickly, so customers and drivers were unaware they were at risk for a long time.
According to a report from Reuters, a 20-year-old man who was behind the breach was paid $100,000 to delete the data he’d obtained.
Brighton and Hove City Council followed in the steps of Transport for London(TfL) in deciding to revoke Uber’s licence.
Uber is appealing against TfL’s decision but even if it wins the appeal, the historic data breach won’t go away. Brighton’s decision proves the problem continues to haunt Uber.
Gary Jowett from Computer & Network Consultants in Brighton says: “The continuing problems facing Uber are a stark reminder to organisations of all sizes that you need to have good quality data security procedures in place that are closely adhered to and regularly updated.”
Brighton’s decision came just before the European Union’s General Data Protection Regulations took effect. These are regulations that affect anyone who handles customer data from EU countries.
They are tougher than previous regulations because there are big penalties for non-compliance. A data breach could incur fines as high as €20m – or 4 per cent of a company’s annual revenues. In addition, explicit consent is required from an individual before their data can be used.
To minimise the risk of data breaches, companies across Sussex need to ensure they have resilient processes in place. To help maintain the highest standards, it’s worthwhile obtaining certification from the Cyber Essentials programme. This demonstrates you have a good information security management system in place which could, in turn, attract new customers.
Gary explains: “Cyber Essentials provides a well-structured approach to maintaining top quality IT security. Your business is assessed by a Government-backed external monitoring body. The fact that you’ll need to renew your certification means you will always keep a close eye on processes and update them, where necessary, on a regular basis.”
An independent IT consultant can help you prepare for certification and also offer ongoing support for your business afterwards.
Gary says: “The digital world now has a large part to play in many aspects of commercial life, so it’s worth having someone on hand to provide independent support. Someone with experience of working with a range of different companies who will make an objective assessment about how safe your organisation is thereby leaving you to concentrate on your core business activities.”