Uber and New York Attorney General Eric Schneiderman reached an agreement Wednesday over investigations into the ride share company’s controversial data collection and analysis methods.

The attorney general’s office looked into reports that began in 2014 about Uber employees had access to riders’ locations, through an aerial view.

Schneiderman’s office was also investigating Uber for a 2014 breach of data that contained driver names and license numbers and wasn’t uncovered until nearly a year later.

As part of its agreement with the state, the company pledged to limit geolocation information to “designated employees with a legitimate business purpose,” encrypt the data and adopt multi-factor authentication to prevent it from getting into the wrong hands. Uber also agreed to pay a $20,000 penalty for failing to inform drivers about the data breach.

“I strongly encourage all technology companies to regularly review and amend their own policies and procedures to better protect their customers’ and employees’ private information,” Schneiderman said in a statement.