When employees at Lyft log into their computer to look up information about a Lyft customer or driver nowadays, a warning message flashes on their screen with a reminder that their actions are logged and could be audited. Introducing the warning is just one of a series of changes Lyft has made over the past year to better protect customer privacy after someone claiming to be an employee said that Lyft workers were accessing the personal information of celebrities and stalking former romantic partners.
The changes followed a 2018 investigation by the company and some haven’t previously been reported. They include limiting access to user information to only those employees who need it as part of their day-to-day jobs and revising a process for employees to request access to user data. But the effectiveness of the changes is unclear. Employees describe the enhanced data security measures as relatively minor, consisting mostly of formalizing training for new workers. Employees, including people originally hired by outside contracting firms working with Lyft, are still able to look up a wide range of user information, including name and cell phone number.