23Andme Head 11 files: What next for your data?
23andme made a name for themselves by selling homemade mail testing kits that give ordinary people to look at their possible background, as well as genetic markers that can point out potential medical problems along the way.
People bought the idea and bought the kits. The company won a lot of money and its value reached $ 6 billion when it became public in 2021. But in the end, the request faded and thus made the profit of 23andme. Its value dropped to about $ 50 million last week. The company also suffered a Massive data disturbance in 2023Adding to its costs for increasing and destroying trust in your data security practices. At the end of last year, she said she would release 40% of her workforce.
So it was not a big surprise that after the failure of the offer for the last ditch from the CEO to take the company privately 23andme eventually filed for protection against Chapter 11At the end of March, saying he hoped the move would help him throw more expenses and bring to the sale of the companyS
Now the opportunity for sale controlled by a bankruptcy court is worried about data privacy experts. From a financial point of view, the collection of millions of genetic samples and reports of 23andme is an easily largest advantage. But for the clients of the company, this is part of their most delicate and personal information.
When announcing bankruptcyMark Jenson, chairman of the Special Committee of the Board of Directors of 23Andme, said the company “remains committed to continuing to protect customer data and be transparent regarding the management of user data that continues forward”.
He added that “the privacy of the data will be an important consideration in any potential transaction.”
But it is not clear how much control 23Andme there will be whom, if anyone buys the company and what he decides to do with his treasure trove of consumer data. On the sale of Chapter 11, the judge monitors the case, not the company itself, which has the last word who the buyer is.
“The problem we have at this exact moment is that we have more questions than answers,” Aaron Rose, a security architect with software check Point, said on Monday.
Rose noted that while users seemed to shrink from the 2023 data breach, which led to the compromise of personal information of about half of the company’s 14 million users at the time, filling seems to be awakened.
“People did not accept (violation) that seriously,” Rose said. “Now we have a situation where we do not know who will take over the property on this data.”
Concerns about data security
The thought of unknown property has many users justifiably upset, Rose said. And there are some data privacy experts who advise them to delete their 23andme accounts and request their samples and other data to be destroyed.
Ryan Sulkin, a partner at the Law Firm Benesch and the leader of his data protection group, said in many ways the case was unprecedented. Although hospitals and health insurance companies have undergone the process of Chapter 11, the case of 23andme may be the first, given the huge amounts of biometric and genetic data.
Overall, Sulkin said, when companies are sold, people’s data remain protected from the privacy policy existing when these data were collected.
But at the same time, there is no overall federal privacy law in the US to protect 23andme data. Laws such as the Health Insurance Portability and Accountability Act does not apply in this case, he said, since although 23andme data may appear medically oriented, this is not healthcare data as defined by this law.
Consumers who live in one of about 20 countries who have adopted their own data privacy laws may have some protection, Sulkin said. And he correctly predicts that the Federal Commerce Committee may be interested in the case and make it clear that he wants the users’ data to be protected.
FTC Chairman Andrew Ferguson on Monday issued a letter to the American TrusteeSaying that many Americans are concerned about the potential effects of the bankruptcy case on the confidentiality of their data. He said the FTC believes that in accordance with the federal bankruptcy law, the company must respect the promises stated in its current data privacy policy.
But in the end, the fate of the company’s consumer data will be determined by the bankruptcy court, which Sulkin said he would probably appoint Ombudson, who would, at least in theory, be responsible for protecting the rights of consumer confidentiality.
“But no matter what, there will be a tension between the bankruptcy court mission to protect the largest value as possible within the company and at the same time to comply with the privacy rights of individuals,” he said.
One thing you need to follow, Sulkin said, is the potential 23andme buyers, especially if they are based or at least partially based outside the US. He pointed to the ongoing disputes about Tiktok that legislators voted for a ban on last year Over concerns about his data collection and link practices with China.
The judge could choose to reject the offer from a foreign company because of such concerns, Sulkin said.
And 23andme notes that any potential sale would also be approved by federal regulators and must comply with the rules of antitrust and laws of the United States regulating foreign investment in US companies.
Is it time to delete?
Given the uncertainty that continues to rotate around the future of 23andme, people who are worried about the privacy and security of their data may want to delete their accounts and request their data to be destroyed more recently than later.
This is what Darren Williams, the founder and CEO of the Blackfog cybersecurity company, chose to do. He also made sure that his family members did the same.
Although 23andme data sharing practices will not change soon, its users ‘data will always be in the wrong hands, whether it is through another data breach or a sale of a company that is not as careful as it should be with users’ data.
“Unfortunately, we live in a world where the data exhibition is the norm, not an exception,” Williams said. “And after this data has come out into the dark network and are actually taken, there is no way to return this data.”
It is not clear what cybercriminals can do with this data if they handle it, he said. Experts have long been worried about what can happen if healthcare data have been stolen in violation, but most online criminals remain financially motivated and for their bigger part to find a way to make money from medical information.
The less, the more information attackers they have for each person, the more the bigger profile can build them, Williams said, putting them at risk of socially designed phishing and other online attacks.
Although these concerns are valid, Rose said it depends on the individual user to weigh the risks to the prizes and then decide whether they wanted to delete their account. Rose, also a longtime user of 23Andme, said he was in the process alone at the moment.
Regardless of how the 23andme case is played, Rose said he hoped that it makes people a little more aware of what part of their personal data they are there, and encourages them to think twice before handing over data to companies.
According to Sulkin, 23andme, users who are worried about security and confidentiality are best deleted and destroyed as soon as possible, simply given the uncertainty about the case. But he also hopes people will be more preferable to their personal information.
“Just because they provide their information to company A today, it does not mean that the company A will look the same annually from now or two years now or three years now,” Sulkin said. “And they should keep in mind that.”
English