The inquiry began after a series of BuzzFeed reports that revealed that Uber’s New York manager, Josh Mohrer, had accessed information about reporters’ use of the service without their permission, including through the company’s “God View” tool. The tool shows an aerial view of all passengers and drivers in a particular area.

SIGN UP: Get Data Sheet, Fortune’s daily newsletter about the business of technology.

Around the time of of the Uber dust-up, rival Lyft also updated its privacy policy and practices following a report from Re/code that a Lyft executive had accessed one of its own journalists’ data.

As part of the settlement, Uber will pay $20,000 in fines for failing to report unauthorized third-party access to drivers’ personal information until months after discovering it. This is related to a data breach that occurred in May 2014, after an Uber engineer unknowingly posted online login information for a private database containing driver information. Uber discovered this a few months later, in September, when a former employee from a competitor revealed the problem, according to the report.

WATCH: For more on Uber’s data breach, watch this Fortune video:

As part of the planned settlement, Uber has also agreed to make changes to its privacy and security practices, according to Buzzfeed. This would include password-protection and encryption for the location data of passengers and drivers, limiting employee access to the data, and adding more security tools to protect personal information. As BuzzFeed notes, much of Uber’s new policy on accessing passenger data was included in an update to the company’s privacy policy issued a day after reports of an Uber executive’s comments about doing research on journalists.

Uber also agreed to notify the Attorney General’s office if it begins to collect GPS data from customers’ smartphones when they’re not using the app, something the company claims it doesn’t do, according to BuzzFeed.