Uber was a company in transition when Ruby Zefo began her tenure at the company in August 2018.
The ride-hailing app was recuperating from an embarrassing 2016 data breach incident, where two hackers accessed the names, email addresses and phone numbers of 25 million U.S users and drivers.
Instead of reporting the incident, as required by the law, Uber paid the hackers $100,000 to delete the data. And as a result, the company paid $148 million to settle claims. Former CEO Travis Kalanick was running the company at the time, before stepping down in the middle of 2017 amid a string of accusations about the company’s culture and ethical practices.
A lot was changing within the walls of the San Francisco-based company, especially around its approach to privacy.
“Some companies spend a lot of time thinking about privacy, and some don’t,” said Zefo. “Uber had to learn it the hard way, which is why they hired me pre-IPO to help turn it around.”
Now, Uber is a company with revenues of $31.8 billion in 2022 and an ads business worth $500 million, which it plans to grow to $1 billion by 2024, per its February earnings. In October, it said it will launch ads before and during a customer’s ride via the app.
As Uber’s first chief privacy officer, Zefo got her first taste of a privacy-driven role at her previous company, Intel Corporation, in 2011. Following the launch of a consumer-facing set-top box that came complete with a camera so the company could see who was in the room, Zefo was dropped overnight into the role of a legal director for IT, privacy & security.
Inside Uber’s CPO’s day
Currently at Uber, a majority of Zefo’s day involves deciding whether certain data incidents qualify for breach investigations. Along with this, she delegates legal work involving privacy updates and policy-making protocols across her team.
“Every company has minor incidents where you’re wondering what happened with some data,” she told Adweek. “I make the call every day on what incident is a problem.”