British and Canadian authorities launch investigation into data breach at 23andMe

The British and Canadian data protection authorities announced on June 10 the launch of a joint investigation into the data breach of the American company 23andMe, specializing in recreational genetic testing. Formed in a memorandum of understanding, this procedure allows the Information Commissioner's Office (ICO) and the Office of the Privacy Commissioner of Canada to pool their resources and expertise.

What security measures has 23andMe taken?

The objective of this investigation is plural. As a first step, the authorities wish to examine “the scope of the information“having been revealed during the security incident and”harm“which could be caused to the individuals concerned. Also, they want to know if 23andMe has taken “adequate security measures“to protect user data”very sensitive in nature“Finally, they will look into whether or not the American company complied with the notification procedure in the event of a data breach.



This article is reserved for our Data Protection Club subscribers

Support expert journalism.

Already subscribed?
Log in

Selected for you