The FTC said in its complaint that Uber collected the "name, email address, phone number, postal address, profile picture, Social Security number, driver's license information, bank account information (including domestic routing and bank account numbers), vehicle registration information, and insurance information" of its drivers.
The FTC accused Uber of misleading drivers and passengers about how it was using and storing their personal information.
Uber's privacy practices came in for criticism in November of 2014, when it emerged that the company had an internal tool, "God View", that gave employees access to customers' geolocation data while en route.
Uber settled FTC allegations that it failed to protect users and driver data from access by company employees and outside hackers, despite its pledges to do so.
Uber publicly claimed it was closely monitoring employee access to consumer personal information and developed an automated monitoring system in December 2014, but the FTC says that between August 2015 and May 2016 it didn't act on the system's automated alerts in a timely fashion.
As part of this recent settlement, Uber "neither admits nor denies" any wrongdoing, but has agreed to implement the changes ordered by the FTC.
Ezekiel Elliott Suspended Six Games Under Personal Conduct Policy
But even in the event he has the suspension decreased upon appeal, he'll more than likely be out against the Giants in Week 1. The Cowboys expected much of the same this season but the suspension puts their plans for a strong start in serious jeopardy.
The settlement is the latest in a long string of legal headaches for Uber, which is being sued by Google's Waymo unit for stealing trade secrets and is facing another lawsuit from drivers alleging they were systematically short-changed by its algorithms.
The settlement comes as Uber is trying to move beyond a tumultuous period in which co-founder Travis Kalanick was ousted in June as chief executive officer following accusations that the company created a hostile environment for female employees under his leadership.
In a statement, Uber said it has steadily improved its data security guidelines since 2014 and welcomed the agreement with the FTC. The complaint involved practices that date as far back as 2014. On a conference call discussing the settlement, the FTC's Ohlhausen indicated the order was meant to promote change in that culture. The FTC said Uber did not require engineers and programmers to use distinct access keys to access personal information stored in the cloud.
Kristin Judge, director of government affairs at the National Cybersecurity Alliance, said consumers should take care to read privacy policies for all apps, not just location-based services, to be clear on what information they are sharing.
"This case shows that, even if you're a fast growing company, you can't leave consumers behind: you must honor your privacy and security promises", Maureen K. Ohlhausen, the FTC's acting chairman, said in a statement.