Technology, business and morality are not mutually exclusive, but rather fundamentally intertwined into the fabric of how our society operates and will have to increasingly operate in the future. As information about us is leveraged at the very core of modern economies, users have every right to expect a reasonable standard of care when it comes to keeping their personal information secure. And companies have a legal requirement to do just that. Security is far from perfect and we all acknowledge that breaches may still occur.
The Uber breach and subsequent coverup displayed not only a disregard for the law, but more fundamentally a disdain for their customers and basic morality responsibility. Uber not only failed to protect the information they were collecting about their customers -- thus causing them potential harm -- they chose to cover up the breach and subject those individuals to further risk by not meeting their notification responsibilities.
There are already a number of class action lawsuits against Uber, alleging the company was negligent in protecting consumer data. That sounds about right.
A digital society and economy require the establishment of a reasonable standard of care that ensures basic cyber hygiene practices are maintained by all organizations. While corporations may have resisted such a concept in the past, the inevitability of cyber attack and the possibility of breaches now has responsible boards of directors and corporate leaders looking for such clarity and guidance. All parties are finally saying “enough is enough.” Maybe that means some good change is around the corner.