Browse content similar to Urgent Question on Uber. Check below for episodes and series from the same categories and more!
Line | From | To | |
---|---|---|---|
kind of education they need to
understand these attitudes are | 0:00:00 | 0:00:00 | |
unacceptable and we do that from an
early age. | 0:00:00 | 0:00:03 | |
THE SPEAKER: Thank you. Urgent
question, Wes Streeting. Thank you, | 0:00:03 | 0:00:09 | |
to ask the Secretary of State for
digital Culture, Media and Sport to | 0:00:09 | 0:00:14 | |
make a statement on Government
responsibilities and policies for | 0:00:14 | 0:00:18 | |
protecting British citizens
following the theft of the personal | 0:00:18 | 0:00:23 | |
data of 57 million Uber customers
and drivers. | 0:00:23 | 0:00:28 | |
THE SPEAKER: The minister for
digital Matt Hancock. Mr Speaker, | 0:00:28 | 0:00:32 | |
late on Tuesday, we were notified by
the media of a potentially | 0:00:32 | 0:00:38 | |
significant data breach of Uber
driver and customer data. Uber | 0:00:38 | 0:00:41 | |
failed to tell the UK authorities
before they spoke to the media. The | 0:00:41 | 0:00:47 | |
breach appeared dated back over a
year. Appears to have involved Uber | 0:00:47 | 0:00:51 | |
paying criminals money to try to
prevent further data loss. We are | 0:00:51 | 0:00:56 | |
told that some UK citizens' data is
affected. We're verifying the extent | 0:00:56 | 0:01:03 | |
and amount of information. And when
we have a sufficient as isment, we | 0:01:03 | 0:01:08 | |
will publish the details of the
impact on UK citizens and we plan to | 0:01:08 | 0:01:13 | |
do this in a matter of days. This
was, as far as we can tell, not a | 0:01:13 | 0:01:19 | |
hack perpetrated in the UK. Our role
is therefore to understand how UK | 0:01:19 | 0:01:25 | |
citizens are affected. We're working
with the Information Commissioner's | 0:01:25 | 0:01:30 | |
office, the national cybersecurity
centre and they are talking to the | 0:01:30 | 0:01:34 | |
US Federal Trade Commission and
others to get to the bottom of this. | 0:01:34 | 0:01:38 | |
At this stage, our initial
assessment is that for Uber | 0:01:38 | 0:01:43 | |
customers, the stolen information is
not the sort of information that | 0:01:43 | 0:01:46 | |
would allow direct financial crime
but we are working urgently to | 0:01:46 | 0:01:51 | |
verify this further and we rule
nothing out. Our advice to Uber | 0:01:51 | 0:01:55 | |
drivers and customers is to be
vigilant, to monitor accounts, | 0:01:55 | 0:02:01 | |
especially for phishing activities.
If you think you're a victim, | 0:02:01 | 0:02:05 | |
contact the Action Fraud helpline
and follow the NCSC guidance on | 0:02:05 | 0:02:13 | |
passwords and best practise. The new
data protection bill are introducing | 0:02:13 | 0:02:21 | |
a package of tougher measures to
deal with data breaches. Delayed | 0:02:21 | 0:02:26 | |
reporting is an aggravating factor
already but under the new bill | 0:02:26 | 0:02:31 | |
organisations had have to report to
the Information Commissioner within | 0:02:31 | 0:02:34 | |
72 hours of becoming aware of
breaches. And in serious cases will | 0:02:34 | 0:02:38 | |
have to notify those affected by the
breach. The commissioner will have | 0:02:38 | 0:02:42 | |
increased powers to respond in the
way she considers appropriate like | 0:02:42 | 0:02:48 | |
with fines up to £18 million or 4%
of global turnover. We are making | 0:02:48 | 0:02:53 | |
further assessments as we debate
this and we will keep the public and | 0:02:53 | 0:02:56 | |
the House updated. Thank you. Thank
you to the minister for that reply. | 0:02:56 | 0:03:04 | |
Did I hear even after the Government
has learnt about this data breach | 0:03:04 | 0:03:08 | |
the Government is still not in a
position to tell the public how many | 0:03:08 | 0:03:12 | |
customers and drivers in the UK have
had their personal data compromised | 0:03:12 | 0:03:17 | |
if so, that's outrageous on Uber's
part. They paid hackers 100,000 | 0:03:17 | 0:03:24 | |
dollars to delight the data and keep
it quiet. What assurances do we have | 0:03:24 | 0:03:30 | |
that infor more mace isn't in the
hands of criminals today. UK | 0:03:30 | 0:03:35 | |
authorities have acted swiftly since
this came to light. Will the | 0:03:35 | 0:03:38 | |
Government push for the toughest
penalties to punish Uber? Under EU | 0:03:38 | 0:03:47 | |
law, Uber could face fines of 20
million Euros or 4% of their annual | 0:03:47 | 0:03:53 | |
global turnover, which ever is
greater. The maximum fine from the | 0:03:53 | 0:04:00 | |
the FCS a £500,000. In any case, in
this particular case, does he really | 0:04:00 | 0:04:05 | |
think that a fine will cut it? Does
the minister think that a company | 0:04:05 | 0:04:09 | |
that covers up the theft of data and
pay as ransom to criminal hackers | 0:04:09 | 0:04:14 | |
could possibly be considered a fit
and proper operator of licensed mini | 0:04:14 | 0:04:19 | |
cabs in our towns and cities? If
not, what is the Government going to | 0:04:19 | 0:04:23 | |
Bo it? Whence TfL finally took
action over Uber's abysmal safety | 0:04:23 | 0:04:32 | |
record, there were leaflets handed
out attacking the mayor. This is not | 0:04:32 | 0:04:36 | |
a good look for the Government today
and will he revisit that? I'm | 0:04:36 | 0:04:43 | |
pro-tech, pro-innovation. But given
uber's stands of failing to handle | 0:04:43 | 0:04:49 | |
appropriately serious allegations of
rape and sexual assault. Given uber | 0:04:49 | 0:04:53 | |
has had to be dragged through the
court to give drivers employment | 0:04:53 | 0:04:59 | |
rights and pay their fair share of
VAT and they play fast and loose | 0:04:59 | 0:05:05 | |
with data of customers and drivers,
isn't it time the Government stop | 0:05:05 | 0:05:10 | |
cosying up to this grubby and
unethical company and stood up for | 0:05:10 | 0:05:15 | |
the public interest? Thank you. The
question of licensing taxi companies | 0:05:15 | 0:05:23 | |
and private hire companies is for
local authorities. This is a data | 0:05:23 | 0:05:29 | |
protection issue which we're dealing
with with the utmost urgency. He | 0:05:29 | 0:05:34 | |
raise the issue of fines. We are
legislating currently for the higher | 0:05:34 | 0:05:39 | |
fines I mentioned in my initial
response. That legislation will come | 0:05:39 | 0:05:44 | |
to this House after Christmas. In
terms of ensuring people who think | 0:05:44 | 0:05:51 | |
they have a data breach of the data
they hold on behalf of customers or | 0:05:51 | 0:05:56 | |
others, they already have a
responsibility to pro fact that | 0:05:56 | 0:06:00 | |
data. In future, they'll have a
responsibility to notify the | 0:06:00 | 0:06:06 | |
authorities immediately, within 72
hours. Delaying notification is not | 0:06:06 | 0:06:12 | |
acceptable unless there's a very
good reason for it and is an | 0:06:12 | 0:06:16 | |
aggravating factor in how the
Information Commissioner looks into | 0:06:16 | 0:06:21 | |
this sort of case. | 0:06:21 | 0:06:37 | |
The knowledge he has learned from
this data breach, will he make any | 0:06:37 | 0:06:42 | |
further amendments to the
legislation he brought before the | 0:06:42 | 0:06:45 | |
Lords and that will come back to us
in due course to strengthen the | 0:06:45 | 0:06:50 | |
powers to make sure that companies
report such breaches at an early | 0:06:50 | 0:06:55 | |
stage and take further safeguards to
safeguard the personal data of | 0:06:55 | 0:06:59 | |
customers? There is no doubt we can
debate that as the legislation comes | 0:06:59 | 0:07:05 | |
through this House. As it happens on
our initial assessment, the two | 0:07:05 | 0:07:11 | |
areas that are most concerning in
terms of the delayed in notification | 0:07:11 | 0:07:16 | |
and that they need to have recourse
and fines, not just to punish bad | 0:07:16 | 0:07:22 | |
behaviour but to incentivise good
behaviour. Those are already covered | 0:07:22 | 0:07:26 | |
by the data protection Bill as it is
drafted in front of the Other Place. | 0:07:26 | 0:07:30 | |
We will have a full assessment of
the information in due course and | 0:07:30 | 0:07:35 | |
can have more confidence in that
assessment, then we can have this | 0:07:35 | 0:07:42 | |
debate when the legislation is in
front of us. When transport for | 0:07:42 | 0:07:49 | |
London said they would not at --
give the license again to Uber, Uber | 0:07:49 | 0:07:57 | |
e-mailed the customers to protest
about this decision. If it can | 0:07:57 | 0:08:05 | |
e-mail the customers then, should
they do so now and begin that | 0:08:05 | 0:08:09 | |
communication with an apology. Can
you give us any rough idea, I know | 0:08:09 | 0:08:13 | |
he was looking at precise figures,
how many customers and drivers in | 0:08:13 | 0:08:19 | |
the UK had the personal information
compromised by this hack? What type | 0:08:19 | 0:08:25 | |
of data was compromised? What
contacted the Uber have with the | 0:08:25 | 0:08:28 | |
Government for the first time over
this issue and when exactly did that | 0:08:28 | 0:08:33 | |
happen? When did the Minister
personally become aware of this | 0:08:33 | 0:08:38 | |
security breach? And in his view and
the view of the Government, has Uber | 0:08:38 | 0:08:46 | |
broken current UK law in relation to
this page? Will he of the Secretary | 0:08:46 | 0:08:53 | |
of State Colin to the Department or
on the weekend if necessary, to | 0:08:53 | 0:08:56 | |
explain themselves and give more
information about the breach? Given | 0:08:56 | 0:09:01 | |
the magnitude of this breach, has
the Minister satisfied himself about | 0:09:01 | 0:09:05 | |
the facts about this case?
Particularly given that if | 0:09:05 | 0:09:10 | |
regulation requires strengthening
and we can do it in the Other Place | 0:09:10 | 0:09:13 | |
under the data protection Bill right
now? Can he confirm that this bike, | 0:09:13 | 0:09:20 | |
I think he said in a statement he
learned about this on Tuesday, | 0:09:20 | 0:09:23 | |
despite learning about this on
Tuesday, just yesterday in the House | 0:09:23 | 0:09:28 | |
of Lords, the Government blocked the
ability of consumer groups like | 0:09:28 | 0:09:35 | |
Which to get compensation for the
victims of data breach. Will he | 0:09:35 | 0:09:42 | |
commit now to reverse that position
when that amendment comes before the | 0:09:42 | 0:09:45 | |
House at the report stage in the
House of Lords to show that we are | 0:09:45 | 0:09:50 | |
on the side of consumers and
employers, not huge corporations who | 0:09:50 | 0:09:54 | |
are careless with our data? He asked
a number of questions. In terms of | 0:09:54 | 0:10:03 | |
the number, we do not have
sufficient confidence in the number | 0:10:03 | 0:10:07 | |
we have been told by Uber to be able
to go public on it. We are working | 0:10:07 | 0:10:14 | |
with the National Cyber Security
Centre and the ICA to have more | 0:10:14 | 0:10:19 | |
confidence in that figure. He will
know from the Echo fax breach, the | 0:10:19 | 0:10:23 | |
initial figure that suggested went
up. We want to make sure they get to | 0:10:23 | 0:10:28 | |
the bottom of it. -- Uber --
Equifax. I am willing to come to the | 0:10:28 | 0:10:39 | |
House next week to take further
questions. When did I personally | 0:10:39 | 0:10:43 | |
know about it? I knew about it when
I was alerted by the media. The UK | 0:10:43 | 0:10:50 | |
authorities, whether the Government,
I see all of the National Cyber | 0:10:50 | 0:10:55 | |
Security Centre this, the first
notification was through the media. | 0:10:55 | 0:10:59 | |
He asked whether this was illegal
under current UK law, that is a | 0:10:59 | 0:11:04 | |
matter for the courts but there is a
high chance that it is. He asked | 0:11:04 | 0:11:11 | |
about the question of acting in
order to take up an action because | 0:11:11 | 0:11:21 | |
of the data breach on a data
subject. I am in favour of people | 0:11:21 | 0:11:26 | |
being able to take action when a
data breach has happened and we are | 0:11:26 | 0:11:30 | |
legislating for it. The question
debated yesterday in the Other Place | 0:11:30 | 0:11:35 | |
was whether people should have to
give their consent to be acted on | 0:11:35 | 0:11:40 | |
their behalf. The principle behind
the data protection Bill is to | 0:11:40 | 0:11:43 | |
increase the amount of consent that
people have and that is required, | 0:11:43 | 0:11:50 | |
and to increase people's control
over their own data. This pushes | 0:11:50 | 0:11:54 | |
them in the opposite direction. That
is a reason for why we rejected it | 0:11:54 | 0:12:00 | |
yesterday but we will have a debate
in this House. I to press on to the | 0:12:00 | 0:12:07 | |
next business at 11pm so people
should pose single sentence, short | 0:12:07 | 0:12:13 | |
questions that will be addressed
with the characters ballistic Serhiy | 0:12:13 | 0:12:17 | |
Smelyk mass of the Minister. | 0:12:17 | 0:12:19 | |
This is concerning not just for
London users but people in the south | 0:12:24 | 0:12:33 | |
what will the Government do when
companies lose data but also seek to | 0:12:33 | 0:12:39 | |
hide from the responsibilities? Not
only will we use the full force of | 0:12:39 | 0:12:43 | |
the existing law but we are
strengthening the law to give people | 0:12:43 | 0:12:46 | |
more power and control over their
data. People across the UK will be | 0:12:46 | 0:12:54 | |
shocked that Uber failed to give
notification to the information | 0:12:54 | 0:13:03 | |
Commissioner, the Government and the
cyber Security Centre, could this | 0:13:03 | 0:13:08 | |
stimulate the growth of cyber crime?
What measures will the Minister have | 0:13:08 | 0:13:13 | |
to hold Uber to account and if there
are people in Scotland affected, | 0:13:13 | 0:13:17 | |
will they work with the Scottish
Government and share information? Of | 0:13:17 | 0:13:22 | |
course I will and we rule nothing
out. There are going to be lots of | 0:13:22 | 0:13:29 | |
very worried people who have got
Uber accounts. Please can we have | 0:13:29 | 0:13:33 | |
some reassurance from the Minister
that Uber will be held to account | 0:13:33 | 0:13:38 | |
and that we have the right
legislation and structure in place | 0:13:38 | 0:13:40 | |
to stop this kind of thing
happening? I want to give | 0:13:40 | 0:13:45 | |
reassurance that at this stage the
initial assessment is that for Uber | 0:13:45 | 0:13:50 | |
customers the stolen information is
not the sort of information that | 0:13:50 | 0:13:53 | |
would allow direct financial crime.
People need to make sure they do not | 0:13:53 | 0:13:58 | |
respond to a fishing e-mail and to
follow the NCSC guidelines. | 0:13:58 | 0:14:03 | |
Scandalous disregard by Uber over
the rights of people entrusted with | 0:14:03 | 0:14:09 | |
data shows we need greater
protection. In the budget yesterday | 0:14:09 | 0:14:13 | |
there was a sense about data ethics.
Can the Minister sure some light to | 0:14:13 | 0:14:19 | |
make sure we actually can deal with
these companies in the way that your | 0:14:19 | 0:14:23 | |
friend suggested? The information
Commissioner is the regulator. We | 0:14:23 | 0:14:29 | |
fingered as a broader question to
ensure that the modern use data -- | 0:14:29 | 0:14:35 | |
we think that as a broader question.
Is my honourable friend intending to | 0:14:35 | 0:14:44 | |
have discussions with his
international counterparts given the | 0:14:44 | 0:14:47 | |
international cross-border nature of
the problem? We have already had | 0:14:47 | 0:14:53 | |
discussions with the US Federal
Trade Commission. And also with the | 0:14:53 | 0:14:58 | |
Dutch authorities because the
European headquarters of Uber is in | 0:14:58 | 0:15:01 | |
Holland and the other pertinent to
the matter. The Minister has | 0:15:01 | 0:15:06 | |
mentioned the forthcoming data
protection regulations but that is | 0:15:06 | 0:15:08 | |
no requirement for a private company
to report a data breach even though | 0:15:08 | 0:15:13 | |
it is recommended. What will the
Government do to ensure companies | 0:15:13 | 0:15:16 | |
between now and the data protection
regulations to make sure people are | 0:15:16 | 0:15:21 | |
unaware that data is stolen? The new
data protection rules will come into | 0:15:21 | 0:15:25 | |
force on the 25th of May and it is
important we get the Bill through | 0:15:25 | 0:15:29 | |
before then. She's not quite right
in the premise of the question. It | 0:15:29 | 0:15:34 | |
is already an aggravating factor
that a breach is not reported | 0:15:34 | 0:15:38 | |
promptly. Companies which are not
just relying on data but didn't buy | 0:15:38 | 0:15:48 | |
data and are indeed market
disrupters will increasingly play an | 0:15:48 | 0:15:51 | |
important part in the UK economy,
what steps at his department taking | 0:15:51 | 0:15:57 | |
to ensure confidence of the British
public in such data driven market | 0:15:57 | 0:16:02 | |
disrupters? The single best thing
that anybody in this House can do to | 0:16:02 | 0:16:06 | |
improve our ability to respond to
this sort of thing is bought for the | 0:16:06 | 0:16:09 | |
data protection Bill when it comes
into this House. How will the | 0:16:09 | 0:16:16 | |
Minister enabled big business to
grasp the responsibility for private | 0:16:16 | 0:16:21 | |
detailed, confidential and
significant personal data. They need | 0:16:21 | 0:16:24 | |
to protect it like to be a very own
and that the present they simply do | 0:16:24 | 0:16:27 | |
not do that. There is lots of sense
and what the honourable gentleman | 0:16:27 | 0:16:31 | |
says. The action that we are taking
is that everything we can do to keep | 0:16:31 | 0:16:38 | |
people's data safe in response to
this incident but Bob Bodley | 0:16:38 | 0:16:42 | |
strengthening the rules will give
people more | 0:16:42 | 0:16:44 |