• Home
  • Latest
  • Fortune 500
  • Finance
  • Tech
  • Leadership
  • Lifestyle
  • Rankings
  • Multimedia
TechUber Technologies

Uber Security Head Warns Staff After Latest Tracking Controversy

By
Jeff John Roberts
Jeff John Roberts and
Kia Kokalitcheva
Kia Kokalitcheva
Down Arrow Button Icon
By
Jeff John Roberts
Jeff John Roberts and
Kia Kokalitcheva
Kia Kokalitcheva
Down Arrow Button Icon
December 12, 2016, 9:09 PM ET
'Brexit' brouhaha briskly broached by World Economic Forum
Travis Kalanick, center, CEO of Uber, reacts at a sub-forum during the World Economic Forum 2016 Summer Davos in Tianjin, China, 26 June 2016. What's a premier exponent of globalization to do after Britain's vote to exit the European Union? In the case of the World Economic Forum, arrange a panel discussion. Responses to the British referendum at the start of a three-day forum event in China on Sunday (26 June 2016) ranged from lingering shock to analytical detachment and a degree of indifference, given the heft of the Chinese economy and its limited trade with Britain. Klaus Schwab, the German economist who is the forum's founder, didn't respond to a reporter's question about the British vote. With the topic top of mind for many, a special panel titled "After the Brexit" was added Sunday morning to a program that had been weeks in the planning. Adrian Monck, a member of the forum's executive committee, set the tone, saying that as a British passport holder and possible ex-EU passport holder, he was "still coming to terms with the emotional impact of 'Brexit'."Robert Schlesinger—Picture-Alliance/DPA/AP

Amid a new fuss over how its employees access sensitive user data, Uber’s top security executive sent a company-wide email to staff on Monday reminding them of their obligations when it comes to privacy.

“Like every fast-growing company, we haven’t always gotten everything perfect. But without the trust of our customers we have no business,” says the email, obtained by Fortune.

You can read the full email, by chief security officer John Flynn, further below. The memo refers to an article, published Monday by the Center for Investigative Reporting, that describes alleged privacy violations against users such as Uber employees tracking the trips of celebrities like Beyoncé, or using trip history to stalk former partners.

Get Data Sheet, Fortune’s technology newsletter.

The allegations come after a 2014 scandal in which BuzzFeed revealed that Uber employees used a tool they called “God View” to spy on customers’ activities. The scandal led to scrutiny from regulators and Uber eventually paying a $20,000 fine to settle a lawsuit. Uber has also since tightened up its privacy policies.

In the email, Flynn says “much of the information [in the new story] is out of date and doesn’t accurately reflect the state of our practices today.” He then reminds staff that they have instructed repeatedly about Uber’s rules about unauthorized access to user data, and explains the company has hired hundreds of staff dedicated to security and privacy.

The email also disputes a claim in Monday’s article that suggests all Uber employees have access to customer data, or that oversight is based on some sort of honor system.

Uber did, however, acknowledge in the Monday report that some of its employees broke the internal policies, resulting in about 10 of them being fired. Fortune has learned from one employee that a handful of Uber workers were fired earlier this year for accessing the trip data of celebrities.

For more on Uber, watch this Fortune video:

However, the employee also said that only certain teams have access to various levels of customer data, and when these employees do access it, they’re logged, making it difficult to hide their activities.

The details in Monday article are based in large part on a lawsuit filed by a former Uber employee, Ward Spangenberg, who says he was fired early this year for age discrimination. In his lawsuit, Spangenberg says Uber told him he was fired for breaching policies including rebuilding his laptop from scratch (he says it was common procedure when a computer crashes), and for accessing emails related to his performance review (he claims he was testing out an email program). Spangenberg also claims that Uber deleted files it was legally obligated to hold and asked him to cut Internet access to Uber offices during raids “so that law enforcement could not access Uber’s information.”

Here is the memo:

Hey Team,

You may have seen a news storytoday about some of Uber’s privacy and security practices. Much of the information is out of date and doesn’t accurately reflect the state of our practices today, so I wanted to update you on what we’re doing to protect user data.

Like every fast-growing company, we haven’t always gotten everything perfect. But without the trust of our customers we have no business. That’s why we continue to make major improvements to our security systems and policies to ensure that rider and driver data is protected.

For many years, we’ve had a policy prohibiting unauthorized access, and over time, we’ve invested even more in locking down and logging that access. You know about those rules because you signed the agreement when you started at Uber, heard about them during Uberversity training, and receive regular reminders via email and internal all-hands meetings.

Over the past several years, we’ve hired hundreds of security and privacy experts who work around the clock to protect user data. Our team includes experts in authentication, authorization, encryption and access management.

As you’ve probably noticed, particularly in the last year, we’ve significantly strengthened the tools and processes that restrict internal access to user data:

  • All employees are required to acknowledge and agree to a dataaccess policy, including at on-boarding. You’re reminded of this policy every time you access internal data tools once you have the required permission (see below). All data access is logged and routinely audited, and all potential violations are quickly and thoroughly investigated. We have terminated employees in the past for violating this policy.
  • It’s absolutely untrue that all (or nearly all) employees have access to customer data, with or without prior approval. This is more than simply the “honor system”: we have built entire systems to implement technical and administrative controls that limit access to customer data to those employees who require it to perform their jobs. This could include multiple steps of approval—by managers and the legal team—to ensure there is a legitimate business case for providing access.
  • What’s more, this access is granular: if an employee has access to some customerVdata, she does not have access to all customer data. Access is granted to specific types of data based on an employee’s role and the specific purpose at hand.
  • Many employees are in operational roles and have legitimate reasons to access customer data. For example, our anti-fraud team have access to trip data so they can investigate allegations of scams and compromised accounts. Some employees have access to driver profiles in order to check the validity of insurance documents required by law. And in the case of a traffic incident, a dedicated member of our safety team needs to access customer data to conduct a proper investigation and help the affected parties reach resolution.

We want our security and privacy practices and technology to be world-class, and we’re moving quickly toward that goal. Every time a rider or driver uses Uber, they entrust us with data that it’s the responsibility of each and every one of us to protect it.

John “Four” Flynn

Chief Information Security Officer

About the Authors
By Jeff John RobertsEditor, Finance and Crypto
LinkedIn iconTwitter icon

Jeff John Roberts is the Finance and Crypto editor at Fortune, overseeing coverage of the blockchain and how technology is changing finance.

See full bioRight Arrow Button Icon
By Kia Kokalitcheva
See full bioRight Arrow Button Icon
Latest in Tech
robots
InnovationRobots
‘The question is really just how long it will take’: Over 2,000 gather at Humanoids Summit to meet the robots who may take their jobs someday
By Matt O'Brien and The Associated PressDecember 12, 2025
43 minutes ago
Man about to go into police vehicle
CryptoCryptocurrency
Judge tells notorious crypto scammer ‘you have been bitten by the crypto bug’ in handing down 15 year sentence 
By Carlos GarciaDecember 12, 2025
2 hours ago
three men in suits, one gesturing
AIBrainstorm AI
The fastest athletes in the world can botch a baton pass if trust isn’t there—and the same is true of AI, Blackbaud exec says
By Amanda GerutDecember 12, 2025
2 hours ago
Brainstorm AI panel
AIBrainstorm AI
Creative workers won’t be replaced by AI—but their roles will change to become ‘directors’ managing AI agents, executives say
By Beatrice NolanDecember 12, 2025
2 hours ago
Fei-Fei Li, the "Godmother of AI," says she values AI skills more than college degrees when hiring software engineers for her tech startup.
AITech
‘Godmother of AI’ says degrees are less important in hiring than ‘how quickly can you superpower yourself’ with new tools
By Nino PaoliDecember 12, 2025
5 hours ago
C-SuiteFortune 500 Power Moves
Fortune 500 Power Moves: Which executives gained and lost power this week
By Fortune EditorsDecember 12, 2025
5 hours ago
Most Popular
placeholder alt text
Economy
Tariffs are taxes and they were used to finance the federal government until the 1913 income tax. A top economist breaks it down
By Kent JonesDecember 12, 2025
11 hours ago
placeholder alt text
Success
At 18, doctors gave him three hours to live. He played video games from his hospital bed—and now, he’s built a $10 million-a-year video game studio
By Preston ForeDecember 10, 2025
2 days ago
placeholder alt text
Success
Palantir cofounder calls elite college undergrads a ‘loser generation’ as data reveals rise in students seeking support for disabilities, like ADHD
By Preston ForeDecember 11, 2025
1 day ago
placeholder alt text
Investing
Baby boomers have now 'gobbled up' nearly one-third of America's wealth share, and they're leaving Gen Z and millennials behind
By Sasha RogelbergDecember 8, 2025
4 days ago
placeholder alt text
Arts & Entertainment
'We're not just going to want to be fed AI slop for 16 hours a day': Analyst sees Disney/OpenAI deal as a dividing line in entertainment history
By Nick LichtenbergDecember 11, 2025
23 hours ago
placeholder alt text
Economy
‘We have not seen this rosy picture’: ADP’s chief economist warns the real economy is pretty different from Wall Street’s bullish outlook
By Eleanor PringleDecember 11, 2025
1 day ago
Rankings
  • 100 Best Companies
  • Fortune 500
  • Global 500
  • Fortune 500 Europe
  • Most Powerful Women
  • Future 50
  • World’s Most Admired Companies
  • See All Rankings
Sections
  • Finance
  • Leadership
  • Success
  • Tech
  • Asia
  • Europe
  • Environment
  • Fortune Crypto
  • Health
  • Retail
  • Lifestyle
  • Politics
  • Newsletters
  • Magazine
  • Features
  • Commentary
  • Mpw
  • CEO Initiative
  • Conferences
  • Personal Finance
  • Education
Customer Support
  • Frequently Asked Questions
  • Customer Service Portal
  • Privacy Policy
  • Terms Of Use
  • Single Issues For Purchase
  • International Print
Commercial Services
  • Advertising
  • Fortune Brand Studio
  • Fortune Analytics
  • Fortune Conferences
  • Business Development
About Us
  • About Us
  • Editorial Calendar
  • Press Center
  • Work At Fortune
  • Diversity And Inclusion
  • Terms And Conditions
  • Site Map

© 2025 Fortune Media IP Limited. All Rights Reserved. Use of this site constitutes acceptance of our Terms of Use and Privacy Policy | CA Notice at Collection and Privacy Notice | Do Not Sell/Share My Personal Information
FORTUNE is a trademark of Fortune Media IP Limited, registered in the U.S. and other countries. FORTUNE may receive compensation for some links to products and services on this website. Offers may be subject to change without notice.