23andme Chapter 11 files: What is the following for your data?

23ndme created a name for himself by selling DNA testing groups at home that gave ordinary people a look at their potential ancestors as well as genetic signs that could indicate possible medical problems on the road.

People bought the idea and bought groups. The company achieved a lot of money, and its value was up to $ 6 billion when it was announced in 2021. But the demands in the end faded and also achieved 23ndme profits. Its value decreased to about $ 50 million last week. The company also suffered Break the huge data in 2023In addition to the costs of fixing and destroying confidence in its data security practices. Late last year, she said it would exclude 40 % of the workforce.

So it was not a big surprise that after the last offer failed by the CEO to take the private company, 23andme is ultimately It was presented for Chapter 11, bankruptcy protection In late March, she said that she hopes that this step will help her Get rid of more costs and achieve the sale of the company.

Now, the possibility of sale supervised by the bankruptcy court has private data experts. From a financial point of view, the 23ndme group consisting of millions of genetic samples and reports are easily easily balance. But for the company’s customers, it is some of their most private and personal information.

In announcing the submission of bankruptcyMark Jensen, Chairman of the Special Committee of the 23andme Board of Directors, said that the company “is still committed to continuing to protect customer data and transparency about user data management to move forward.”

“The privacy of data will be important in any possible treatment.”

But it is not clear how much control of 23andme is on whom, if anyone, buy the company and what they choose to do with the consumer data treasure. In Chapter 11, the judge is supervised by the case, not the company itself, which has the final statement about who is the buyer.

“The problem we face at this exact moment is that we have more questions than answers,” said Aaron Rose, a security engineer with Check Point on Monday.

Rose noted that although consumers seemed to ignore data breach 2023 for the company, which led to a compromise of personal information for about half of the 14 million company users at that time, it seems that the filling was a required awakening call.

“People did not take (the breach) seriously,” said Rose. “We now have a position that we do not know who will bear the ownership of this data.”

Fears about data safety

Rose said that the idea of ​​unknown ownership has many consumers justified. He has some data privacy experts who advise them to delete their 23ndme accounts and request the destruction of their samples and other data.

Ryan Solkin, a partner at the Lawyer Bench and the leader of the Data Protection Group, said that in many ways he was unprecedented. Although hospitals and health insurance companies have passed the process of Chapter 11, the 23ndme issue may be first, given the huge quantities of the genetic and genetic data concerned.

In general, Sulkin said, when companies are sold, people’s data remain protected under the applicable privacy policy when collecting these data.

But at the same time, there is no comprehensive federal privacy law in the United States that would protect 23andme data. He said that laws such as the law of health insurance and accountability do not apply, or HIPAA, in this case, because although 23ndme data may seem medically directed, it is not health care data as specified in this law.

Solkin said that users who live in one of about 20 states have approved their data privacy laws may have some protection. He properly expected that the Federal Trade Committee can be concerned with the issue and make it know that it wants to protect consumer data.

Chairman of the Federal Trade Committee Andrew Ferguson on Monday I issued a message to the American guardianSaying that many Americans are concerned about the potential effects of bankruptcy on the privacy of their data. He said that FTC believes that it is in line with the Federal Banking Law, the company must maintain the promises written in the current data privacy policy.

But in the end, the fate of the company’s consumer data will be determined by the bankruptcy court, which Sulkin said is likely to appoint the grievance secretary who will be at least in theory, the responsibility of protecting privacy rights for consumers.

“But regardless of this, there will be tension between the bankruptcy task to protect the largest possible value within the company and at the same time respect the rights of individuals,” he said.

Solkin said that one thing that must be monitored is potential buyers 23andme, especially if they depend at least, or at least partially, outside the United States. He referred to the ongoing controversy over Tijook, that is, legislators Voice for the ban last year On concerns about data collection practices and its relationships with China.

Solkin said the judge could choose to reject an offer from a foreign company due to similar concerns.
23ANDME notes that any possible sale will also be approved by federal organizers and must comply with US monopoly regulations and laws that govern foreign investment in American companies.

Time to delete?

Given the uncertainty that continues to rotate around the future of 23andme, people who are concerned about the privacy and security of their data may want to delete their accounts and request the destruction of their data sooner and not later.

This is chosen by Darren Williams, founder and chief executive of the Cyber ​​Security Company, Blackfog, to do. He also confirmed that his family members did the same.

Although the data sharing practices in 23ndme will change any time soon, there is always a possibility that consumer data will end in the hands of the error, whether by violating another data or selling a company that is not careful as it should be with consumer data.

“Unfortunately, we live in a world now where data nomination is the rule, not the exception,” Williams said. “As soon as this data is launched on the dark network and is already taken, there is no way to restore this data.”

He said it is still unclear what Internet criminals could do with these data if they put their hands on them. Experts have long been concerned about what could happen if health care data is stolen in breach, but most of the online criminals are still financially enthusiastic, and they have not yet found a way to earn money from medical information.

At least, the more attackers around any specific person, the greatest profile they can build from them, Williams said, which exposes them to the risk of socially engineering and other online attacks.

While these concerns are valid, Rose said that it is up to the individual user of risk weight for bonuses and then determining whether they want to delete their account. Rose, a 23ANDME user for a long time, said he is doing this now.

Regardless of how to run the 23ndme case, Rose said he hoped to make people more aware of their personal data, and demands them to think twice before delivering data to companies.

From Sulkin’s point of view, 23ndme users who are concerned about safety and privacy are the best from deleting and destroying as soon as possible, only given the uncertainty surrounding the case. But he also hopes that people will be more careful with their personal information.

“Just because they provide their information to the company A today, it does not mean that the company” A “will seem the same year from now, two years from now or three years from now.” “They need to be aware of that.”