“Corporate Citizenship is a recognition that a business, corporation or business-like organisation, has social, cultural and environmental responsibilities to the community in which it seeks a licence to operate, as well as economic and financial ones to its shareholders or immediate stakeholders. Corporate citizenship involves an organisation coming to terms with the need for often radical internal and external changes, to better meet its responsibilities to all of its stakeholders (direct or indirect), to establish, and maintain, sustainable success for the organisation, and, because of that success, to achieve long term sustainable success for the community at large.” (Corporate Citizen Research Unit at Deakin University in Australia)
From the above definition, it becomes clear that an organisation should be fully aware of its responsibilities and what needs to be done to fulfil these responsibilities. Today, we look closely into Uber – who in recent times has struggled in the security and privacy of both its customers and drivers – to determine if its actions have displayed efforts towards good corporate citizenship, or otherwise. Forming the basis of our inquiry is the article published by Reveal in December 2016, where Ward Spangenberg, a former security professional with Uber, was reported to have said, “Uber’s lack of security regarding its customer data was resulting in Uber employees being able to track high profile politicians, celebrities, and even personal acquaintances of Uber employees, including ex-boyfriends/girlfriends, and ex-spouses.” That raises a huge red flag!
Uber was founded in March, 2009 by Travis Kalanick and Garret Camp in San Francisco, California, USA. Ever since its launch in May 31, 2010, the company has made breakthroughs in over 500 cities worldwide. In an article published by Marketing Interactive in January 2016, Uber in 2015 claimed to have completed its 1 billionth ride since its launch. Also, in October 2016, it was reported that 40 million riders used the service in a single month (Fortune Magazine, 2016). Clearly, Uber has gained and maintained success since its launch.
However, along with its success in many countries of the world – including Nigeria – it has suffered some criticism. In cities such as Paris, Costa Rica, Brazil, Indonesia and Cape Town, the local taxi drivers operating have protested Uber, and even attacked some of its drivers. These local drivers have acted in response to the threat that Uber has bitten off a significant chunk of the market, threatening their major source of income; and in some cases, Uber failed to meet and liaise with these drivers. Therein lies the first mistake: before entering the local community, Uber should have taken the requisite steps to fully understand the space in which it wanted to operate and adopted an attendant market strategy.
Moving on to the major issue here, concerns regarding customer privacy had been raised even before the comment by Spangenberg reference earlier. In an article by TechCrunch in 2014, Senator Al Franken, Chairman of the Subcommittee on Privacy, Technology, and the Law had in a public letter to Uber CEO, Travis Kalanick, stated, “I am especially troubled because there appears to be evidence of practices inconsistent with the policy [Uber spokesperson] Ms. Hourajian articulated. It has been reported that a tool known as ‘God view’ is ‘widely available to most Uber corporate employees’ and allows employees to track the location of Uber customers who have requested car service.” This is especially troubling in recent times where security has become a national concern, especially in Nigeria. If Uber is unable to protect the data of its users, or communicate its efforts at doing so, the reputation will continue to inadvertently take blows to its reputation, but more importantly, will lose its credibility as a responsible business or a trustworthy partner.
In an article published in February 2015 by ArcTechnica, Uber’s Managing Counsel of Data Privacy, Katherine Tassi, revealed that it had suffered a data breach more than nine months before, where driver names and license plate information on approximately 50,000 drivers were disclosed. While this breach was discovered by Uber in September 2014, it reportedly waited close to five months before notifying the affected drivers. By doing so, Uber left its drivers vulnerable to attack for close to 5 months, with no forewarning or instruction to take extra precautions. As Claire Gartland, of the Electronic Privacy Information Center so succinctly put it, “The idea that Uber is so cavalierly taking very little responsibility for protecting your information should be concerning to everyone” (Reveal, 2016)
Though Uber has enjoyed success over the years, and has penetrated large cities worldwide, there are still numerous doubts as to whether it is meeting up to its responsibilities as a good corporate citizen. Its users’ privacy and safety should be its number one concern, yet it seems to have failed to fully grasp the importance of this issue to its stakeholders, and blatantly positions itself with constant privacy controversy.
Summarily, it is interesting to see how the story unfolds, particularly because of the significance of data security and privacy to technology companies in building a sustainable business. As more awareness is raised over Uber’s infractions, we expect to see the company face strict regulations in countries that will inspire it to revaluate its current somewhat flippant attitude, and make the requisite steps towards compliance. Same goes for other organisations: as a responsible corporate citizen, you should strive towards sustainable success through inclusive and progressive business practices that your stakeholders can trust. It is crucial to remember that corporate citizenship should be treated with the highest regard.