For IT & Collaboration Owners
Deliver safe, secure collaboration while satisfying the needs of stakeholders across the business

For Security
Improve your risk posture with a purpose-built solution for collaboration

For Legal
Scale, orchestrate and streamline your eDiscovery process for employee collaboration
For Compliance
Establish a proactive approach to collaboration compliance and information governance

For Employee Experience
Harness insights from surveys and collaboration data to transform the employee experience

AWR-2023_human-behavior-risk-analysis-report_cover art_small
Download the Resource

The Human Behavior Risk Analysis

Learn More →


Connect Aware to the tools you already use to have all your company messaging in one place.

Our Platform

Contextual Intelligence Platform

Aware is a contextual intelligence platform that identifies and reduces risk, strengthens security and compliance, and uncovers real-time business insights from digital conversations at scale.

LEARN MORE → Learn About our AI →
Our Applications


Protect your data and your people with complete, real-time visibility and centralized control of collaboration.

Learn More →

Data Management

Take centralized control and make smarter decisions about what to keep and what to purge.

Learn More →

Search & Discover

AI-powered universal search purpose-built for collaboration. Find information and surfaces the full story—faster.

Learn More →


Automatically capture authentic human signals from modern collaboration to support your most valuable asset.

Learn More →

What's in your data?

Calculate my results →


About Aware

Our leadership, our company


Explore open roles with our remote-friendly, global team


Driving customer value, together

Press Releases

Digital workplace news and insights


How Aware customers streamline operations, reduce risk, and boost productivity


Data security partners & certifications


Get in touch with us


10 Reasons Why Aware is a Top Place to Work

Learn more →


Access reports, webinars, checklists and more.

Explore →


Explore articles devoted to enterprise collaboration, employee engagement, research & more

Explore →
Case Study Promo_2023

How Aware customers streamline operations, reduce risk, and boost productivity

Read More →

The Hidden Cost of Security-Related Consent Decrees - The Secret Weapon of Regulatory Agencies

by Greg Moran

For those of us that have worked in highly regulated industries, consent decrees are not a new concept. However, in the tech industry, many companies are beginning to understand the power of this regulatory weapon.

Last week the FTC slapped a consent decree on Uber for its flawed privacy practices that led to the disclosure of private information for 100,000 Uber drivers. The FTC cannot fine a company for its first violation, so many viewed the consent decree as a slap on the wrist for a serious violation. Perhaps they should have been fined, but let's parse the effect of that consent decree for a moment to see what it really means.

The consent decree forces Uber to submit to annual audits of its privacy practices for 20 years. 20 years…as in the last audit under this decree will occur in 2037. Travis will be in his 60's when the audits stop.

Uber is a big company now, so let's think through the effect of this audit requirement.

It means that Uber must design and deploy a company-wide set of documented policies, practices and technology tools to protect the privacy of drivers and customers (which is good) that must be documented in an auditable way (which is good, but expensive when done in a hurry).

Next, Uber must begin record-keeping practices company-wide that can be audited - this means that you don't just need to follow the new security program, you have to keep records that prove that everyone followed the program.

This is proving a negative and in business process terms is both challenging and expensive. It's almost hard to fathom all the tentacles this consent decree will have on ID administration, infrastructure design, data governance practices, network scanning internally and externally, securing all communication platforms for the data (email, collaboration, etc.). 

Once a year, the FTC will come in and perform the audit (by the way, the typical practice is for the audited company to bear the entire cost of the audit). These audits can be exhaustive - the FTC is not incentivized to make it easy on the target company.

If perchance the FTC finds a violation of the consent decree, they can then fine the company (since it is a subsequent violation by definition). These fines run into the tens of millions (ref. Google's FTC fine of $22.5M for violating a 2011 consent decree). The cold hard reality is that regulatory agencies (at the state and federal level) use fines and oversight fees as a huge source of revenue.

Taken as whole, this is a meaningful financial risk for the company. Uber has to build the cost of all of this into its business model - i.e. the cost of ride. This means they either suffer lower margins (less attractive to investors) or find a way to offset the cost by paying drivers less, advertising less (less attractive to drivers and customers).

When a company is swimming in cash, it can seem like no big deal, but that does not last forever in a business that relies on the laws of physics to exist. Competition increases, margins decrease and then the pain begins…

Wouldn't it be a better idea for tech companies to take this issue seriously from the start and design these practices into their business model from the start

In retrospect, it seems the height of short-sightedness that a company like Uber (founded in 2009) hired its first chief security officer in 2015.

Topics:Compliance Adherence