Uber’s recent FTC settlement, in which it agreed to implement a comprehensive privacy program designed to address privacy risks and protect consumers’ confidential information, highlights the utility of a privacy impact assessment (PIA), which may help other companies stay out of the agency’s crosshairs in the first instance. This article summarizes Uber's settlement of FTC claims that were based on allegations that it failed to properly protect consumers’ personal information, and covers the role of a PIA in designing a comprehensive privacy program, including what the process should entail, who should be involved, cost-benefit considerations and how it helps to fulfill regulatory obligations. See also “Privacy Leaders Share Key Considerations for Incorporating a Privacy Policy in the Corporate Culture” (Oct. 19, 2016).