Ubermensch, Ubermess and what has this to do with GDPR?
Posted on 23rd November 2017
You don’t normally get German philosophers mentioned on the Be-IT blog (or on many other IT blogs come to that!), however, the imbroglio that the taxi app firm Uber have got themselves into is such that comparisons with Nietzsche’s Übermensch, while perhaps a tad on the pretentious side, are just asking to be made.
On the one hand, you have the Superman, the Übermensch, and the creation of new values and a changing world order (black cabs are dead), which, to many, Uber might seem to represent: and on the other hand you have the reality, as reported extensively over the last few days that Uber, like most companies, is not immune from the human and technical frailties that can damage reputations overnight.
The revelation that Uber had not only been hacked and the details of 57 million passengers stolen, but that they had then paid the hackers $100K to destroy these data, and today that Uber users are reporting that they are receiving bills in roubles for journeys between Moscow and St Petersburg that they have never taken… pause for breath ... well, if that’s not an Ubermess then I don’t know what is...
To cap it all, Uber did not tell anyone about this hack and the pay-off, and now the Information Commissioners Office (ICO) is investigating them and, according to the Times, has “’huge concerns’ about the company’s security and ethics.” In particular, there is a suggestion that Uber was perhaps a trifle naïve in believing that all the hacked data has been destroyed.
On top of that, Uber was refused renewal of its licence in London in September when Transport for London said it was “unfit” to run a taxi service. It’s unlikely that the press reports of the last few days will do much to change TfL’s opinion. In their minds, Uber is less Superman, more Supermess.
All of which suggests that Uber, whilst successful thus far and highly popular with its users, may have to get its act together if it’s to avoid reputational damage that could seriously affect its performance. A straw poll in the Be-IT offices in Glasgow and Edinburgh showed that about half of us use Uber regularly, and of those who do there were several stories of Uber drivers telling passengers that they (the drivers) wait until the price surge kicks in during periods of high demand and then head out to work and to make more money. At these times, Uber pricing can be similar to the black cabs and far less competitive. There are alternatives to Uber and if the latter’s reputation does take a hit then they will be in prime position to gain business, especially if they can demonstrate a more robust and open approach to safeguarding customers’ data.
Which brings me (at last I hear you cry) to GDPR and the Scottish Summit held earlier on this week. This was an exceptionally well-attended event (we’re told the waiting list for cancelled places was massive) and there were some excellent speakers. You can see the entire presentation on SlideShare, but can we just draw your attention to one session that we especially enjoyed, by Leo Cunningham of Zonal who tackled the vital question of “How will GDPR affect the IT Department?” A few slides into his presentation, he asked the fundamental questions that Uber should have asked themselves, namely, “How can I minimise risks and protect my business’s reputation?” and “How can my business protect personal data?” It’s easy when you know how, but as an example of a big brand getting it wrong this is hard to beat.
There will be some people, no doubt, who bemoan the extra work and effort made in getting their businesses GDPR ready and compliant. Yet there will be others who work at Uber who wish that perhaps they had had a more robust approach to data security over the last year or so… Hard, extra work it may be, but when you see the adverse impact on a major firm of not getting it right then the benefits of GDPR ought to be obvious.
Susie Toner, Be-IT
Posted in News, Opinion
.. Back to Blog