The key problem with both Lyft and Uber is that employees who had the right to view the data abused the privileges.
While encryption can help to enforce the privileges against technically capable employees, the main problem is the privilege system itself, or lack thereof. 95% of the abuse would be eliminated with no encryption, just proper design of the internal interfaces and queries talking to the plain text database.
And many employees really do need elevated access for their work. It's then imperative to create a privacy focused internal culture where it's clear that abuses result in termination and civil/criminal actions, and put in place strict access logging and enforce these policies.
Agree completely. Encryption or tokenization is great but a much easier first step which covers the first order problem of employees abusing access privileges is simply a secure audit trail and someone to actually look at the logs and discipline or terminate employees who misuse their access.
There are probably innumerable reasons to have access to a particular ride’s exact route, or a particular users ride history, or feedback history, etc. Just like the police have many perfectly valid reasons to run a plate.
Audit logging and request throttling are the low hanging fruit. If your system can tie each request to the service ticket which prompted it, even better.
While encryption can help to enforce the privileges against technically capable employees, the main problem is the privilege system itself, or lack thereof. 95% of the abuse would be eliminated with no encryption, just proper design of the internal interfaces and queries talking to the plain text database.
And many employees really do need elevated access for their work. It's then imperative to create a privacy focused internal culture where it's clear that abuses result in termination and civil/criminal actions, and put in place strict access logging and enforce these policies.