This report is based on the data breach incident of nearly 380,000 people. The breach of data was made when Uber was hacked by a group of users. This had included the names, e-mail addresses and the mobile phone numbers. The hack in the data of Uber was considered to be the largest breach of data in 2017. The company had decided to conceal the activity of hack (Larcker and Tayan 2017). This had involved the information about 57 million Uber drivers. The law agencies and the IT authorities related to the organisation had stated that they would investigate the incident. They would also investigate whether the company were responsible for breaching the IT security laws. The security authorities such as the Personal Data Protection Commission (PDPC) had stated that the security breach had mostly affected a massive number of users in Singapore (Agrafiotis et al. 2018). The PDPC authorities have taken a serious view in terms of the data breaches and is thus investigating whether the company had been responsible for any of the provisions of data breach based on the Personal Data Protection Act (PDPA).
Based on the number of incidents of loss of public data, different law agencies have stated that as Uber is a massive transport service provider, they should be highly responsible for holding high standards based on public accountability based on ensuring consumer safety and also complying according to the laws set by PDPA. Though Uber had not disclosed about the number of riders and drivers who were affected by the data breach but according to a major report, it has been clearly estimated that over a million users have been using the application (Krishnamurthy, Smith and Desouza 2017). According to different external forensic experts, which were hired by Uber it was clearly reported that different vital information such as history of trip location, credit card numbers, date of birth, bank account numbers were not exposed.
Though Uber had stated that no information was breached but several reports that had emerged from last month have confirmed that some of the customers in Singapore have found various changes in their Uber and credit card accounts. This also included the different kinds of transactions that were made with foreign currencies. Uber had admitted that they would conceal the incident of data breach for more than a year. They would pay an amount of US $100,000 in order to delete the data and thus would close the incident. The law authorities in Singapore had also stated in various media coverage that the primary responsibility would lie with the company in order to defend themselves against any form of cyber-attacks within their systems. The higher security authorities have also stated that the security incident at Uber was being investigated by them (Manning 2015). This would help them in determining whether the US based company was primarily responsible in breaching any data protection laws. These authorities also stated the need of Uber to be transparent and thus be helpful in cooperating with the local authorities.
Based on the research on the issue of the current issue of data breach, a question could be framed based on the current issue. What are the current IT related laws set by the government at Singapore in relation to the data breach of Uber and what would be the proposed security measures that are imposed by the government in order to protect the data of the customers?
In the year 2013, Uber started its trails in Singapore and officially comes up with car-sharing services in the month of Feb. In March 2014, Uber comes up with two more option like UberX and Uber Taxi in Singapore (Li, Taeihagh and Jong 2018). Uber considered itself as technology organization instead of transport providers. Uber can be considered as a method of checking problems along with access to taxies mainly during the peak hours. After this, Uber considered themselves as technological organization which can provide riders and drivers with matching service in Singapore. As the popularity of ridesharing gained in recent times, various taxi drivers considered Uber ridesharing as competition.
In the past, there were many worldwide adaptations for various kind of technologies which focus on delivering efficient and effective public based services. Uber Ride Sharing economy can be considered to be as one of the well-known example (Chesterman 2018). It can be easily defined as collaborative economy which focuses on peer-production of economy. It can be easily stated like a marketplace that aims to bring various individual on same platform for utilizing various assets. Sharing technology mainly allows various customers for interaction with different services with the help of innovative technologies (Tian 2016). A number of organization like Uber have well established in different domains like consumer goods, transportation.
Adaptation of technological innovation like big data, waste plant, crowdsourcing, and autonomous vehicle, IOT and blockchain technology can easily cause various kind of issues (Engin and Treleaven 2018). It can easily cause unintended consequences. So as a result social acceptance of innovative project can be low. Both risk and uncertainty are two new concepts in this industry. The first one is applied to the probability and only outcomes are considered. There is large number of risk present in adapting large number of technologies like organizational risk, social risk and lastly turbulence.
Privacy: Uber ridesharing platform aims to collect various kind of sensitive information related to customers like mobile number, data of geolocation and lastly information of credit cards (Detsky and Garber 2016). Various ridesharing organization has complained regarding the inappropriate use and gathering of data. Different critics have also stated that Uber-like big data organization that is changing its business and gaining wealth related information. It mainly focuses on gathering new kind of services and generating huge amount of revenue by selling data (Engin and Treleaven 2018). If Uber collects information related to journalists, venture capitalists and lastly elected officials in improve way then it can easily huge amount of disaster. In the last few years, Uber has been working hard to improve its privacy policy, the organization is not sure of the fact that whether its policy will be effective in near future. In 2017 November, Uber confirmed about the fact that privacy is not that much serious concern for its Singapore citizen. It has been mainly done because PDPA has already provided privacy of citizen in the year 2012 (Cohen 2018). There are some challenges and additional requirements which are introduced to PDPA in the year 2017. Apart from this, there are some additional cybersecurity based measured against which the organization will be fined if the citizen makes use of private information in any illegal way.
Safety: The safety of customers comes into picture for various users in ridesharing in various parts of Singapore (Ann and Iqbal 2017). Many times customers can easily feel unsafe when they are driven by strangers in cars. In comparison to taxi drivers, ridesharing drivers are not that much professionally trained and properly licensed. There are many kinds of background checks which is used by ridesharing which is not as much strict as taxi driver’s parts (Engin and Treleaven 2018). Drivers of ridesharing do not need to conduct any kind of fingerprint scans while the taxi drivers need to do. There are many cases of molestation, driving force which has been influenced in the court. Apart from this, there is large number of vehicles which are used for ridesharing that are not reported. Uber does not need inspection of vehicle on regular interval. And same level of vehicle inspect comes into picture for conventional taxis which is not applied to cars. Various researchers have also argued about the fact that car drivers tend to earn much more money. There are many drivers in Singapore who are intended to buy second-hand car for working in Uber. They mainly do this as there is high cost involved in buying new kind of cars (Kamal and Chen, 2016). The concern is mainly raised as the drivers want more amount of money and not focus on involved risk. The acknowledgment is mainly done by the issues which are not limited to drivers only.
Influence on industries: Ridesharing is very disruptive in nature which implies that the output or result can easily anticipate effect of the given industries. Taxi drivers can easily view ridesharing organization as a competition (Kitchin, 2016). Taxi drivers can easily make claim regarding the use of various ridesharing platform like Uber. It can easily create negative influence on their overall business. Taxi riders have also argued regarding the fact that ridesharing does not need to comply with the overall price of customer’s protection. It can easily result in unfair kind of advantage. Uber focus on employing an overall surge in the price at the time of high demand. In the year 2015, Uber has increased its fare at the time of high demand (Laudon and Traver, 2017). It has ultimately resulted in various kind of disruption. It has ultimately lead to huge kind of disruption in train lines.
Liability: Ridesharing is considered to be an innovative technology which has ultimately resulted in both non-professional and non –regulated workers (Scassa 2017). There is large number of ride-sharing drivers that make use of rental cars so as a result the car may not be insured in proper way. At the time of accident, it may ultimately result in various kind of losses for both passengers and drivers. With the help of insurance, there is large number of unsolved legal question which is taken into consideration for various kind of question at the time of involvement of ridesharing. Uber has ultimately denied any kind of liability for any kind of accidents that occurs at the time of making use of services (Tian 2016). The argument of Uber does not only provide platform which facilities both machine divers with passengers. It does not bear any kind of legal responsibilities for damage of property and injuries to passengers caused by drivers. There has been argument with respect to responsibilities for various organization which is needed for enjoying profits but can easily result in some other kind of risk (Noto La Diego 2016). In Sep 2016, an accident took place in Singapore in which 19-years old died. There are many additional deaths which have taken place due to negligence of Uber. At present, there is no solution to deal with accidents and court which have been addressed due to issue caused by case study. PDVL ordered to mandatory insurance from private hired drivers along with compulsory seat for children that focus on overcoming liability issues.
Automation: As there has developed in ridesharing in Singapore, automation has come into picture (Engin and Treleaven 2018). It was mentioned in the year 2016 Sep, two driverless cars have been developed and set in partnership with Uber which allow the users to try them for free. Later on, In the year 2016, Uber made an announcement regarding the Japanese automaker that is Honda which is in collaboration with motorbike based services. Both Uber and Honda will make a partnership for autonomous ridesharing that will come in action in near future. Automation in the field of ridesharing can easily bring huge amount of changes in the given transport system. It will ultimately reduce any kind of facility related to crashes along with increase in mobility of the elder based services (Detsky and Garber 2016). It will ultimately result in increase in overload, lower value of emissions and lastly increase in saving for fuel. It might bring new kind of challenges for decision makers. It can easily result in unemployment in various taxi and private car drivers. It has ultimately resulted in decrease in demand on cars for various drivers. Apart from this, it can easily result in decrease in demand for cars along drivers. It can easily result in decrease in demand number of deaths as driver encounters errors in various motor-vehicle. General Insurance organization is very engaged in LTA along with implication of AV which is needed for insurance (Cohen 2018). Apart from this, it focuses on gathering new kind of developments. Apart from this, there is new kind of new kind of automation which is major area of concern. Automation is considered to be in the pilot stage and is long before it can be adapted in proper way.
Based on the legal aspects in relation to the data breach incident, the different security executives at the Singapore Law agencies have stated that the Personal Data Protection Companies (PDPC) takes a responsibility in dealing with the raised issues (Opderbeck 2015). The authority also takes responsibility in investigating about the major causes of the data breach incident and whether the company was liable in the incident of breach against the provisions of the Personal Data Protection Act (PDPA). The different kinds of vital laws implemented by the government of Singapore have been able to restrict the unauthorized access to hackers from gaining access to the vital data of the customers. These laws have been helpful for securing the data of the customers in relation to the ridesharing application.
The Land Transport Authority (LTA) have stated that they have expected that the company should be fully transparent within their operations based on protecting the customer data. They should also cooperate with the local regulators in dealing with the higher form of security of the data of the company (Khan et al. 2017). The LTA also suggests that the company should also be cooperative with the law authorities and the IT security executives in disclosing the extent up to which the customers and drivers have been affected during the breach of data breach. A high level of transparency within the entire system would be able to restrict the unauthorized access within the system information. This would also allow the users to remain notified about any form of unforeseen incident.
Uber Technologies Inc. (Uber) have agreed to the settlement with each of the 50 U.S state attorneys general based with the connection with the breach of data that had affected the personal information of the users. The data breach incident had affected the personal information of the driver license numbers of an approx. of 607,000 drivers on a nation-wide basis (Lowry, Dinev and Willison 2017). The Attorney General have also alleged that after the company had learned of the incident of the data breach, they had paid the intruders a ransom amount of $100,000 in order to delete the data of the customers and drivers. The Attorney General had also alleged the company that they had failed to notify each of the individuals about the breach of data (Cunha et al. 2018). The notification that was needed to be provided to each of the customers was needed to be provided to the users should have been provided during the incident.
As per the reports of Pennsylvania Office of the Attorney General, the settlement within the top officials would require the company to pay $148 million to the Attorney General. This amount would be divided among 50 states. In addition to paying the ransom amount, Uber should also be able to undertake certain security measures in relation to the security (Park et al. 2018). These security measures should include:
Information was also collected from the website of the Land Transport Authority (LTA) of Singapore and the different kinds of discussions based within the Parliament of Singapore. Different kinds of examination based on the governance of ridesharing was conducted in order to understand about the different kinds of security measures that are taken by the company. The major kind of changes that were made to the PDPA, which was proposed in Singapore in July 2017 had included the requirements that the organisation should be able to take the responsibility in notifying the users against the incident of data breach (Farnga 2018). According to the new laws that were set by PDPA, the organisation should also be able to notify the customers in case of any kind of data incident within 72 hours of detecting the incident. In case of any kind of critical infrastructure, the Cyber Security Agency (CSA) of Singapore should also be informed about the new form of proposed cyber-security bill.
The law agencies have stated the ride sharing platforms have collected different forms of vital sensitive information about their customers. These include the geo-location data, credit card numbers and telephone numbers of the customers. Some of the users of the ridesharing applications have complained the inappropriate ways of gathering data from the users. Based on the regular incidents in relation to the data breach, it has been seen that there different kinds of major changes that were introduced within PDPA in the summer of 2017. Different other kinds of cyber security measures were also introduced in 2018 with the implementation of Cyber Security Act. This kind of implemented law defined that if the organisation were making use of the private information of the citizens then they should be solely responsible about any form of illegal usage of such kind of information.
In order to manage the major forms of developments of different ridesharing platforms within Singapore and collection of information of customers, it would be necessary for taking different kinds of regulatory actions. In the recent case based on the data breach incident in relation to Uber Technologies, it has been seen that the Parliament had approved the Third-party Taxi Booking Services Act. Under the provisions of the Act, the third-party providers based on taxi-booking service should be conformed to register themselves with the LTA and thus should also comply with the defined regulations (Gan, Chua and Wong 2018). The Singapore government has also developed a PDVL framework based on private hire car drivers, which had come into effect during the first half of 2017.
In addition with the passing of the PDPA Act in Singapore in 2012 and the major amendment in 2017, it has been seen that the use of personal data would be already strictly regulated. In February 2017, it was firmly reported that the LTA would be responsible for setting up of time and different kinds of space limits based on driverless cars. They would thus be able to establish different kinds of design standards based on the equipment within such kind of vehicles. These kinds of laws implemented by the government at Singapore have majorly helped in regulating the different functions performed by the ridesharing applications within Singapore (Ow Yong et al. 2014). They would be able to point for adopting the control-oriented strategy set by the government.
Under the existing Singapore Laws based on enforcing IT security laws, most of the companies including Uber are primarily required to report any kind of incident of security breach. The different licensees of Monetary Authority of Singapore are also mandated to report any kind of incident of security breach. The mandatory approach of reporting any kind of incident of security breach would also be required by different kinds of selected organisations under the upcoming cyber security bill of the country. The cyber security bill have been expected to be introduced in the upcoming year. Under the newly proposed law, the different operators based on local form of critical information infrastructure (CII) should be responsible for taking some necessary steps based on safeguarding their information systems (Hwang, Zhao and Gay 2013). These organisations should also be responsible for reporting any kinds of threats and incidents within their systems within the next 72 hours from the notification of the incident.
On November 30, a bill was introduced based on the Data Security and Breach Notification Act that would require the businesses for reporting the data breaches that would be active within a minimum period of 30 days. This would also institute a maximum period of 5 years of imprisonment for the individuals who would be responsible for concealing the incident of the data breach (Lin et al. 2016). As Uber has been in the highlight within the current process of evaluation, it has been discussed that the hack and history of the security breach incident would have a major form of negative impact on the valuation within the company.
Based on the current issues of data breach within Uber, it has been suggested by the government that these organisations should be proactive in taking certain necessary steps based on protection against the breach of data (Huang et al. 2014). The several kinds of best practices that have been passed by the IT related laws by the government of Singapore are:
References
Agrafiotis, I., Nurse, J.R., Goldsmith, M., Creese, S. and Upton, D., 2018. A taxonomy of cyber-harms: Defining the impacts of cyber-attacks and understanding how they propagate. Journal of Cybersecurity.
Ann, C.W.S. and Iqbal, N.M., 2017. Open Application Programming Interface (API): A Financial Revolution. Bank Negara Malaysia Quarterly Bulletin, 4, pp.51-57.
Chesterman, S., 2018. Data Protection Law in Singapore: Privacy and Sovereignty in an Interconnected World (Introduction).
Cohen, M.C., 2018. Big data and service operations. Production and Operations Management.
Cunha, F., Maia, G., Ramos, H.S., Perreira, B., Celes, C., Campolina, A., Rettore, P., Guidoni, D., Sumika, F., Villas, L. and Mini, R., 2018. Vehicular Networks to Intelligent Transportation Systems. In Emerging Wireless Communication and Network Technologies (pp. 297-315). Springer, Singapore.
Detsky, A.S. and Garber, A.M., 2016. Uber’s message for health care. N Engl J Med, 374(9), pp.806-809.
Engin, Z. and Treleaven, P., 2018. Algorithmic Government: Automating Public Services and Supporting Civil Servants in using Data Science Technologies. The Computer Journal.
Farnga, M., 2018. Cloud Security Architecture and Implementation-A practical approach. arXiv preprint arXiv:1808.03892.
Gan, M.F., Chua, H.N. and Wong, S.F., 2018. Personal Data Protection Act Enforcement with PETs Adoption: An Exploratory Study on Employees’ Working Process Change. In IT Convergence and Security 2017 (pp. 193-202). Springer, Singapore.
Huang, X., Xiang, Y., Bertino, E., Zhou, J. and Xu, L., 2014. Robust multi-factor authentication for fragile communications. IEEE Transactions on Dependable and Secure Computing, 11(6), pp.568-581.
Hwang, B.G., Zhao, X. and Gay, M.J.S., 2013. Public private partnership projects in Singapore: Factors, critical risks and preferred risk allocation from the perspective of contractors. International Journal of Project Management, 31(3), pp.424-433.
Jiang, Q., Ma, J., Lu, X. and Tian, Y., 2015. An efficient two-factor user authentication scheme with unlinkability for wireless sensor networks. Peer-to-peer Networking and Applications, 8(6), pp.1070-1081.
Kamal, P. and Chen, J.Q., 2016, June. Trust in Sharing Economy. In PACIS (p. 109).
Karabat, C., Kiraz, M.S., Erdogan, H. and Savas, E., 2015. THRIVE: threshold homomorphic encryption based secure and privacy preserving biometric verification system. EURASIP Journal on Advances in Signal Processing, 2015(1), p.71.
Khan, S.M., Rahman, M., Apon, A. and Chowdhury, M., 2017. Characteristics of Intelligent Transportation Systems and Its Relationship With Data Analytics. In Data Analytics for Intelligent Transportation Systems (pp. 1-29).
Kitchin, R., 2016. Reframing, reimagining and remaking smart cities. Creating Smart Cities, pp.219-230.
Krishnamurthy, R., Smith, K.L. and Desouza, K.C., 2017. Urban informatics: critical data and technology considerations. In Seeing Cities Through Big Data (pp. 163-188). Springer, Cham.
Larcker, D. and Tayan, B., 2017. Governance Gone Wild: Epic Misbehavior at Uber Technologies..
Laudon, K.C. and Traver, C.G., 2017. E-commerce 2017.
Li, X., Niu, J., Liao, J. and Liang, W., 2015. Cryptanalysis of a dynamic identity?based remote user authentication scheme with verifiable password update. International Journal of Communication Systems, 28(2), pp.374-382.
Li, Y., Taeihagh, A. and Jong, M.D., 2018. The Governance of Risks in Ridesharing: A Revelatory Case from Singapore. Energies, 11(5), p.1277.
Lin, T.T., Paragas, F., Goh, D. and Bautista, J.R., 2016. Developing location-based mobile advertising in Singapore: A socio-technical perspective. Technological Forecasting and Social Change, 103, pp.334-349.
Lowry, P.B., Dinev, T. and Willison, R., 2017. Why security and privacy research lies at the centre of the information systems (IS) artefact: Proposing a bold research agenda. European Journal of Information Systems, 26(6), pp.546-563.
Manning, L., 2015. Setting the Table for Feast or Famine: How Education Will Play a Deciding Role in the Future of Precision Agriculture. J. Food L. & Pol’y, 11, p.113.
Noto La Diega, G., 2016. Uber law and awareness by design. An empirical study on online platforms and dehumanised negotiations. Revue européenne de droit de la consommation/European Journal of Consumer Law, 2016(II), pp.383-413.
Olalere, M., Abdullah, M.T., Mahmod, R. and Abdullah, A., 2015. A review of bring your own device on security issues. Sage Open, 5(2), p.2158244015580372.
Opderbeck, D.W., 2015. Cybersecurity, Data Breaches, and the Economic Loss Doctrine in the Payment Card Industry. Md. L. Rev., 75, p.935.
Ow Yong, L.M., Tan, A.W.L., Loo, C.L.K. and Lim, E.L.P., 2014. Risk Mitigation of Shared Electronic Records System in Campus Institutions: Medical Social Work Practice in Singapore. Social work in health care, 53(9), pp.834-844.
Park, S., Akatyev, N., Jang, Y., Hwang, J., Kim, D., Yu, W., Shin, H., Han, C. and Kim, J., 2018. A comparative study on data protection legislations and government standards to implement Digital Forensic Readiness as mandatory requirement. Digital Investigation, 24, pp.S93-S100.
Scassa, T., 2017. Sharing Data in the Platform Economy: A Public Interest Argument for Access to Platform Data. UBCL Rev., 50, p.1017.
Tian, G.Y., 2016. Current Issues of Cross-Border Personal Data Protection in the Context of Cloud Computing and Trans-Pacific Partnership Agreement: Join or Withdraw. Wis. Int’l LJ, 34, p.367.
Wang, F., Xu, Y., Zhang, H., Zhang, Y. and Zhu, L., 2016. 2FLIP: a two-factor lightweight privacy-preserving authentication scheme for VANET. IEEE Transactions on Vehicular Technology, 65(2), pp.896-911.
Essay Writing Service Features
Our Experience
No matter how complex your assignment is, we can find the right professional for your specific task. Contact Essay is an essay writing company that hires only the smartest minds to help you with your projects. Our expertise allows us to provide students with high-quality academic writing, editing & proofreading services.
Free Features
Free revision policy
$10Free bibliography & reference
$8Free title page
$8Free formatting
$8How Our Essay Writing Service Works
First, you will need to complete an order form. It's not difficult but, in case there is anything you find not to be clear, you may always call us so that we can guide you through it. On the order form, you will need to include some basic information concerning your order: subject, topic, number of pages, etc. We also encourage our clients to upload any relevant information or sources that will help.
Complete the order form
Once we have all the information and instructions that we need, we select the most suitable writer for your assignment. While everything seems to be clear, the writer, who has complete knowledge of the subject, may need clarification from you. It is at that point that you would receive a call or email from us.
Writer’s assignment
As soon as the writer has finished, it will be delivered both to the website and to your email address so that you will not miss it. If your deadline is close at hand, we will place a call to you to make sure that you receive the paper on time.
Completing the order and download