23andme ‘failed to take basic steps to protect personal information, finds check out
An investigation by Canada’s Privacy Commissioner found that the DNA testing company 23andme did not have enough data protection and was ignored by further warning signs of large -scale data violations about two years ago.
Commissioner Philip Dufts told reporters that 2023 did not have proper protection when hackers had access to about 6.9 million profiles on the site – about half its customer base.
“Violation acts as a careful story for all organizations about the importance of data security,” Duchry said during a news conference on Tuesday.
“With data violations growing in severity and complexity – and rapid growing in ransomware and malware attacks – no organization that is not taking steps to prioritize data security and addresses these dangers, rapidly weakening.”
The customer profiles included delicate personal data, in which the birth year, geographical location, health information and DNA share the percentage of users with their relatives. Dufresne said that some theft information was later being sold online.
The investigation was launched in collaboration with UK Information Commissioner John Edwards last year.
Edwards said, “23andme failed to take basic steps to protect people’s information, their security system was insufficient, warning signs and the company was slow to respond.”
Like other genetic testing businesses, 23andme uses saliva samples to generate reports about potential rehearsals for some health conditions along with a customer’s lineage.
At a joint press conference held in Ottawa on Tuesday morning, UK Information Commissioner John Edwards fined a 2.31 million GBP against genetic testing company 23andme. The decision follows a collaborative investigation with Canadian Privacy Commissioner Philip Dufts. Edwards said that the company failed to implement the fundamental security measures required to protect personal information worldwide.
The Commissioners said that around 320,000 canadians and 150,000 people in Britain were affected by a violation of 2023.
Edwards said the UK slapped the San Francisco -based company with a fine of $ 4.2 million on data breeches, but Dufrein said they did not have the power to hit the company with monetary punishment.
“(Right to fine companies) is something that is roughly present worldwide among the privacy authorities and it is something that is necessary. Unfortunately, the Canadian privacy law does not provide me yet,” Dufrein said.
legal Changes in the past have been proposed This would give the right to fines the privacy commissioner, but was never implemented. The Dufurge said that they hope that the new Parliament would soon propose changes again.
Canadian Privacy Commissioner Philip Dufts call for better equipment, saying that the Canadian law prevents them from issuing fines such as their UK counterparts, after the global data violation of the Genetics Testing Company, imposed a fine after checking the Genetics Testing Company 23andme.
23andme filed for bankruptcy earlier this year and announced that he would sell his property – meaning that customers’ data could be “access, sold or transferred.” However, the company said that the bankruptcy process would not affect how this customer stores, management or protects.
Dufrezne and Edwards said they hope that the company would adequately protect the user data during any sale.
“We will follow it carefully … (privacy) obligations should continue to apply to any new owner,” said by Dufreas.
