Uber hired a law firm to assess its privacy policies - here's what the experts said

A couple months ago, Uber announced the company would be adding law firm Hogan Lovells to its privacy team.

Data privacy expert Harriet Pearson - and Pearson's colleagues at Hogan Lovells - were to review and assess Uber's data privacy program.

The law firm has completed its comprehensive review of Uber's privacy policies, Uber announced Friday in a blog post.

"The review was comprehensive and found that overall our Privacy Program is strong," the blog post reads. "While Uber is encouraged by these findings, we fully acknowledge that we haven't always gotten it right."

Questions arose surrounding Uber's privacy policies in November. At a dinner held by the company, Uber's SVP of business, Emil Michael, told BuzzFeed editor-in-chief Ben Smith about how his company could hire a team of opposition researchers to dig up dirt on journalists critical of the company. Smith didn't realize the event wasn't off the record, and he reported on the dinner on Buzzfeed.

Then, the company's top New York City executive, Josh Mohrer, was later investigated for breaching Uber's privacy policy by tracking a journalist without her permission. He was later "disciplined," according to the company, but he kept his job. Mohrer used a tool called "God View" to track BuzzFeed reporter Johana Bhuiyan's location without asking her for permission, an action that violates the company's privacy policy.

Overall, Hogan Lovells appears to have given Uber a pretty good privacy report.

"Based on our in-depth review of Uber's current Privacy Program over a six-week period, we found that Uber has in place appropriate policies and procedures in each of the program elements assessed," Hogan Lovells says in the summary of its review.

Hogan Lovells' reviewed internal Uber documents and interviewing senior management at the company.

"In some instances, we were able to verify findings and have so noted in this Report. In other instances, we relied upon the presumed accuracy of the information Uber provided. We permitted Uber to review this Report in draft form to identify factual errors for our consideration," Hogan Lovells says.

But Hogan Lovells does have a few suggested improvements for Uber:

• Enhance Uber's privacy policy framework. Develop concrete plans to review company privacy policies. Ensure that senior leadership sets "an appropriate tone at the top."
• Make it easy for customers to see and understand Uber's privacy disclosures. Let customers access their ratings.
• Put additional measures in place to review closed or inactive Uber accounts that have, for a valid reason, been retained for a certain length of time, and determine whether it's still necessary that Uber keep these accounts.
• Update Uber's written privacy policies to document any unwritten policies surrounding customer data.
• Create a central "hub" for incident response resources. Create a system for classifying the severity of incidents.
• Enhance employee accountability, training, and awareness surrounding privacy guidelines.

"Our approach is to constantly review and iterate on our policies, processes and technology so that we ultimately become a leader in the area of privacy and data protection," Uber says of the privacy report. "We believe this report card from Hogan Lovells is a strong step in that direction and provides a roadmap to do even better going forward."

You can read the full report here.