Similar to Uber’s “God View” scandal, Lyft staffers have been abusing client insight software to opinion the personal contact info and ride history of the startup’s passengers. One source that formerly worked with Lyft tells TechCrunch that widespread access to the company’s backend let staffers “see pretty much everything including feedback, and yes, pick up and drop off coordinates.”
When asked if staffers, ranging from core team members to customer service reps, abused this privilege, the source said “Hell yes. I definitely looked at my friends’ rider history and looked at what drivers said about them. I never got in trouble.” Another supposed employee anonymously reported on workplace app Blind that staffers had access to this private information and that the access was abused.
Our source says that the data insights tool logs all utilization, so staffers were warned by their peers to be careful when accessing it surreptitiously. For example, some thought that repeatedly searching for the same person might get noticed. But despite Lyft logging the access, enforcement was weak, so team members still abused it.
Lyft tells TechCrunch that staffers in several departments that might need access to this data for their task have the ability to look up this information. That includes data analytics, engineering( particularly those working on fraud or investigations ), customer support, insurance and the trust and safety team. A Lyft spokesperson confirmed it’s investigating the issue and that there have been instances of enforcement in the past. They provided this statement 😛 TAGEND
Maintaining the trust of passengers and drivers is fundamental to Lyft. The specific accusations in this post would be a violation of Lyft’s policies and a cause for termination, and have not been raised with our Legal or Executive squads. We are conducting an investigation into the matter.Access to data is restricted to certain teams that need it to do their jobs. For those squads, each query is logged and attributed to a specific individual. We require employees to be trained in our data privacy practices and responsible utilize policy, which categorically prohibit accessing and using customer the necessary data for reasons other than those required by their specific role at the company. Employees are required to sign confidentiality and responsible employ agreements that bar them from accessing, using, or disclosing customer data outside the confines of their job responsibilities.
The news raises serious questions about proper data privacy at Lyft. While occasional access to rider data can be essential to some roles at the company, like if anyone loses an item, widespread and improperly limited access could be seen as a violation of riders’ trust. Lyft has tried to position itself as the friendlier, more ethical alternative to Uber, but staffers may have engaged in the same shady behavior.
Back in 2014, BuzzFeed violated news that Uber employed a system called “God View” that let staffers watch details about riders and their trips. That led to an investigation by the New York Attorney General’s office. It struck a settlement with Uber where the startup agreed to limit access to designated employees use multi-factor authentication, establish someone to supervise privacy of the system and audit usage of it. Yet reports surfaced in 2016 that Uber employees were still abusing the system renamed “Heaven View.”
In early 2015, Lyft’s CEO Logan Green and chairman John Zimmer responded to questioning about data privacy at Lyft and Uber from Senator Al Franken, writing that “As recent events in our industry have made clear, clients may be justifiably concerned about a company building improper use of their journey data. We’ve taken this opportunity to reevaluate our own limiteds and protections to ensure that we are doing everything we can to keep our customers’ journey data safe.”