You are currently viewing The 23andMe Data Breach and Congressional Scrutiny
Representation image: This image is an artistic interpretation related to the article theme.

The 23andMe Data Breach and Congressional Scrutiny

A Downward Spiral: The Events Leading Up to the Bankruptcy

23andMe, the genomics company that has been at the center of a maelstrom of conflict and controversy, has been in a downward spiral since 2023. The company suffered an unfortunate data breach during this time, which has since led to a series of events that have culminated in the company filing for Chapter 11 bankruptcy in March. The company has been searching for a buyer for its genetic data business ever since.

The data breach has led to significant criticism and concern from lawmakers and regulators. The company has had to lay off numerous employees, and has been involved in multiple lawsuits. Despite these challenges, 23andMe has repeatedly promised to continue protecting customers’ information.

A Congressional Inquiry: Republican Lawmakers Investigate

On Friday, Congressmen Brett Guthrie (R-KY), Gus Bilirakis (R-FL), and Gary Palmer (R-AL) sent a letter to 23andMe, expressing their concerns about the company’s handling of Americans’ data. The letter states that a judge recently ruled that 23andMe has the right to sell the sensitive medical and genetic information of its 15 million customers, which is considered the company’s most valuable asset.

Key Concerns:

  • Difficulty in deleting customer accounts and information
  • Unfulfilled deletion requests
  • Lack of a federal comprehensive data privacy and security law
  • Insufficient vetting process for prospective buyers

The lawmakers are asking 23andMe to explain how many of the deletion requests have been fulfilled, and whether the company has a vetting process in place to determine whether its prospective buyer has a history of implementing data security protections and compliance with sectoral, state, or any other data privacy and security laws.

A Lack of Federal Comprehensive Data Privacy Law

It’s worth noting that while the Republican letter complains of a lack of a federal comprehensive data privacy law, lawmakers have only themselves to blame for this. There have been multiple attempts to pass such a law, but so far, none have been successful. In fact, it can be argued that the lack of such a law has contributed to the current crisis, as companies like 23andMe are left to navigate the complex and often conflicting state and sectoral data privacy and security laws.

A press release from March notes that to constitute a qualified bid, potential buyers must agree to comply with 23andMe’s consumer privacy policy and all applicable laws with respect to the treatment of customer data. This means that the data privacy assurances that the company currently promises will be carried over to whatever company buys the business.

Response from 23andMe

Gizmodo reached out to 23andMe for comment, but the company did not respond.

Concern for 23andMe User Data

Concern for 23andMe user data is high, although the company has repeatedly promised to continue protecting customers’ information. However, the company’s current predicament raises questions about the effectiveness of these promises. Will the company be able to maintain its commitment to data privacy, or will it be compromised by the sale of its business to a new entity?

Conclusion

In conclusion, the 23andMe data breach and congressional scrutiny highlight the need for greater transparency and accountability in the handling of sensitive personal information. As companies like 23andMe navigate the complex regulatory landscape, it is imperative that lawmakers take a more active role in protecting consumers’ rights.

Leave a Reply