Investigation Launched by British and Canadian Privacy Watchdogs into 23andMe Data Breach

As part of their memorandum of understanding, the Information Commissioner’s Office and the Office of the Privacy Commissioner of Canada have launched a joint investigation into the security incident at 23andMe that exposed the data of 6.9 million users. They are particularly interested in determining whether the company, specializing in recreational genetic testing, has taken adequate measures to protect the personal data of its over 14 million users.

The data protection authorities in the UK and Canada announced on June 10 the initiation of a joint investigation into the data breach of the American company 23andMe, specializing in recreational genetic testing. Under the memorandum of understanding, this procedure allows the Information Commissioner’s Office (ICO) and the Office of the Privacy Commissioner of Canada to pool their resources and expertise.

What security measures has 23andMe taken?

The purpose of this investigation is multifaceted. Initially, the authorities aim to examine “the scope of the information” that was exposed during the security incident and “the harm” that could be caused to the individuals affected. Additionally, they want to determine if 23andMe has implemented “adequate security measures” to protect the data of its users, which is “highly sensitive” in nature. Finally, they will look into whether or not the American company followed the proper data breach notification procedures.

This article is reserved for our Data Protection Club subscribers. Support expert journalism.

**Related Topics**
– Concerns over the use of “multi-personal” data from recreational genetic testing
– Hacker threatens to sell genetic data of 14 million individuals from 23andMe

**Associated Topics**
– Cybersecurity
– Health
– Personal data
– Databases
– Data management
– Canada
– United Kingdom