The One Big Problem With Gig Economy Contract Workers
In the new and steadily growing gig economy, risk of data exposure can potentially be spread far wider: across thousands of contract workers.
March 19, 2018 at 12:54 PM
6 minute read
The original version of this story was published on Legal Tech News
|
Managing cybersecurity risk has quickly become one of the biggest organizational concerns of the 21st century, especially when that risk is distributed across a number of employees, partners and third-party vendors. But in the new and steadily growing gig economy, that risk can be spread far and wide: across thousands, even hundreds of thousands, of contract workers.
Eversheds Sutherland partner and U.S. leader of the firm's global cybersecurity and privacy practice Michael Bahar explained that for enterprising hackers looking for personal information, a gig economy company presents an enormous trove of valuable data. “Some of these companies, like the Ubers, they become the iconic 'bank.' People know that there's a lot of personal information, both of the driver or the person moonlighting, as well as their customers,” he said.
Indeed, Uber Technologies Inc. has been subject to a barrage of data breach attempts, at least one of which exposed the names, email addresses and phone numbers of 57 million Uber users and the driver's license numbers of at least 600,000 drivers. A 2014 breach of the ride sharing company's data similarly exposed names and license information for upwards of 50,000 current and former drivers.
Risk of data exposure can be particularly precarious for gig workers themselves. Recent data collected by Harvard and Columbia University researchers found that many gig economy providers often require contractors to upload sensitive information, such as driver's license information, proof of insurance and location data, that can put them at serious fraud and safety risk if exposed.
The same study found that while companies tend to provide their employees with regular cybersecurity training, they often don't extend this training to contract workers, leaving many contractors relatively unaware of what they need to do to keep both their own and company data safe. Malicious hackers seem to have picked up on this trend, the researchers said, and have begun targeting gig workers with phishing attacks that can expose their personal information.
Hanson Bridgett attorney Everett Monroe explained that this dynamic can put companies in a weird place. “The individual companies don't have a lot of control, and the independent contractors don't have a lot of knowledge. You probably want your gig worker to have better data security, but there's not a lot of incentive and knowledge for them to build it,” he said.
One way to deal with this is by creating secured software channels, like an app, for gig workers to interact with company systems. Indeed, larger companies with broad independent contractors pools, the Ubers and Lyfts of the gig economy, typically manage contractors remotely, meaning that they often use similar kinds of contractor-facing technology as they do with consumer-facing ones. “Usually they're all going through some mobile platform. So as long as that's secure,” Bahar said, companies should be protected.
“The trick with contractors and third parties is that if they touch your network in a meaningful way, that provides a vector of attack such that if they're not secure, you're not secure,” Bahar added.
This too can have pitfalls. The research from Harvard and Columbia found that some the ways in which gig economy providers attempted to insure themselves against liability with gig workers, like requiring multiple identity verification, can be easily emulated and exploited by phishing schemes.
Bahar noted that for gig economy providers clamoring to be the next big thing and trying to impress venture funding, considering the cybersecurity concerns introduced by a gig-based business model often fall secondary to business development. “When you have a first-to-market approach, you're usually not first-to-security as well. The more things are the Uber of this and the Uber of that—everyone's racing to do that, which is endemic throughout the system, that they're not taking cybersecurity first to the system,” he said.
Although those filing litigation against gig economy providers for data breaches haven't been particularly successful thus far, that may not be the case forever. Danielle Urban, partner at Fisher & Phillips, said lawsuits in this area seem to be on the rise. “We've seen more lawsuits. The lawsuits haven't been particularly successful, although they continue to try novel areas of law, and I think there will be some inroads,” she said.
“It's very much unknown terrain legally. You don't want to look like you have too much control of your contractors,” Urban added.
In many ways, gig economy providers have nearly the same concerns and imperatives as your standard company operating in today's networked landscape. “I don't personally see any special issues, other than I think that much like employers, I think gig economy providers need to realize that their contractors are also a vulnerability,” Urban noted.
Monroe suggested that reframing cybersecurity as a concern located within people and the supply chain, rather than technology, can be an important way to go. “The way I would approach this is understanding that data security is quite often about how you are working with humans as opposed to a virus risk or some kind of advanced technology threat vectors. When you're keeping that in mind, first a comprehensive data security policy I think is just a must,” he said.
Urban flagged a few potential things gig economy providers can do to reduce their cybersecurity risk. “There are some best practices if you are a gig economy provider. I think you'd want to make sure that your contracts with contractors specify certain precautions that they would take,” she said, adding that specifying within contracts what procedures companies plan to take in the event of a breach can help reduce uncertainty.
“It's a fine line with gig economy providers, because they aren't your employees and you don't want to treat them as employees, but you'd want to make sure that the supply chain is as protected as it can be,” Urban said.
This content has been archived. It is available through our partners, LexisNexis® and Bloomberg Law.
To view this content, please continue to their sites.
Not a Lexis Subscriber?
Subscribe Now
Not a Bloomberg Law Subscriber?
Subscribe Now
NOT FOR REPRINT
© 2024 ALM Global, LLC, All Rights Reserved. Request academic re-use from www.copyright.com. All other uses, submit a request to [email protected]. For more information visit Asset & Logo Licensing.
You Might Like
View AllBeyond the Courtroom: Protecting High-Profile Clients From Online Smear Campaigns and Cyber Threats
6 minute readAs AI-Generated Fraud Rises, Financial Companies Face a Long Cybersecurity Battle
AI Adoption, Data Center Building Boom Opening More Doors for Cybercriminals, Many of Them Teenagers
Trending Stories
- 1Call for Nominations: Elite Trial Lawyers 2025
- 2Senate Judiciary Dems Release Report on Supreme Court Ethics
- 3Senate Confirms Last 2 of Biden's California Judicial Nominees
- 4Morrison & Foerster Doles Out Year-End and Special Bonuses, Raises Base Compensation for Associates
- 5Tom Girardi to Surrender to Federal Authorities on Jan. 7
Who Got The Work
Michael G. Bongiorno, Andrew Scott Dulberg and Elizabeth E. Driscoll from Wilmer Cutler Pickering Hale and Dorr have stepped in to represent Symbotic Inc., an A.I.-enabled technology platform that focuses on increasing supply chain efficiency, and other defendants in a pending shareholder derivative lawsuit. The case, filed Oct. 2 in Massachusetts District Court by the Brown Law Firm on behalf of Stephen Austen, accuses certain officers and directors of misleading investors in regard to Symbotic's potential for margin growth by failing to disclose that the company was not equipped to timely deploy its systems or manage expenses through project delays. The case, assigned to U.S. District Judge Nathaniel M. Gorton, is 1:24-cv-12522, Austen v. Cohen et al.
Who Got The Work
Edmund Polubinski and Marie Killmond of Davis Polk & Wardwell have entered appearances for data platform software development company MongoDB and other defendants in a pending shareholder derivative lawsuit. The action, filed Oct. 7 in New York Southern District Court by the Brown Law Firm, accuses the company's directors and/or officers of falsely expressing confidence in the company’s restructuring of its sales incentive plan and downplaying the severity of decreases in its upfront commitments. The case is 1:24-cv-07594, Roy v. Ittycheria et al.
Who Got The Work
Amy O. Bruchs and Kurt F. Ellison of Michael Best & Friedrich have entered appearances for Epic Systems Corp. in a pending employment discrimination lawsuit. The suit was filed Sept. 7 in Wisconsin Western District Court by Levine Eisberner LLC and Siri & Glimstad on behalf of a project manager who claims that he was wrongfully terminated after applying for a religious exemption to the defendant's COVID-19 vaccine mandate. The case, assigned to U.S. Magistrate Judge Anita Marie Boor, is 3:24-cv-00630, Secker, Nathan v. Epic Systems Corporation.
Who Got The Work
David X. Sullivan, Thomas J. Finn and Gregory A. Hall from McCarter & English have entered appearances for Sunrun Installation Services in a pending civil rights lawsuit. The complaint was filed Sept. 4 in Connecticut District Court by attorney Robert M. Berke on behalf of former employee George Edward Steins, who was arrested and charged with employing an unregistered home improvement salesperson. The complaint alleges that had Sunrun informed the Connecticut Department of Consumer Protection that the plaintiff's employment had ended in 2017 and that he no longer held Sunrun's home improvement contractor license, he would not have been hit with charges, which were dismissed in May 2024. The case, assigned to U.S. District Judge Jeffrey A. Meyer, is 3:24-cv-01423, Steins v. Sunrun, Inc. et al.
Who Got The Work
Greenberg Traurig shareholder Joshua L. Raskin has entered an appearance for boohoo.com UK Ltd. in a pending patent infringement lawsuit. The suit, filed Sept. 3 in Texas Eastern District Court by Rozier Hardt McDonough on behalf of Alto Dynamics, asserts five patents related to an online shopping platform. The case, assigned to U.S. District Judge Rodney Gilstrap, is 2:24-cv-00719, Alto Dynamics, LLC v. boohoo.com UK Limited.
Featured Firms
Law Offices of Gary Martin Hays & Associates, P.C.
(470) 294-1674
Law Offices of Mark E. Salomone
(857) 444-6468
Smith & Hassler
(713) 739-1250