Data Protection Implications of 23andMe's Bankruptcy: Lessons for DPOs

The recent bankruptcy of DNA testing company 23andMe has raised significant concerns about the protection and potential sale of customer genetic data. As Data Protection Officers (DPOs), this situation highlights critical issues we must address in our organizations.

Data Lifecycle Management

The 23andMe case underscores the importance of robust data lifecycle management policies. DPOs should ensure their organizations have clear protocols for data deletion or anonymization when a company faces financial difficulties or changes ownership.

Consumer Rights and Transparency

This incident emphasizes the need for transparent communication with data subjects about how their data may be used or transferred, especially in unforeseen circumstances. DPOs should review and strengthen privacy policies to clearly outline all potential data uses.

Data Classification and Protection

The sensitivity of genetic data in the 23andMe case reminds us to carefully classify all data types within our organizations. DPOs must ensure that highly sensitive data receives appropriate protection measures and handling protocols.

Third-Party Risk Management

As companies increasingly rely on external partners for data processing, DPOs must rigorously assess and monitor third-party data handling practices. This includes evaluating the financial stability of key data processors.

Regulatory Compliance

The 23andMe situation has prompted calls for stronger data protection legislation. DPOs should stay informed about potential regulatory changes and proactively adapt organizational practices to meet evolving standards.

Crisis Response Planning

DPOs should work with their organizations to develop comprehensive data breach and crisis response plans. These should include steps for quickly notifying affected individuals and relevant authorities in case of unauthorized data access or transfer.

By learning from the 23andMe case, DPOs can strengthen their organizations’ data protection frameworks and better safeguard sensitive information in an increasingly complex digital landscape.

---

Other links on the web

• Proposed State Privacy Law Update
• Data Protection Officers
• 51 Useful Data Protection Resources
• State Data Protection Issues
• Data Protection Officer (DPO) Resource
• Data Security Guide
• Taiwan News on Data Protection
• EDPS Data Protection Officer Reference
• Principles of Privacy by Design
• Krueger Pushes Data Protection Bill
• How to Become a DPO
• How to Start a Blog
• Experts Call for Amendment of Nigeria’s Data Protection Act
• Roles and Responsibilities of a Data Protection Officer
• Top Cyber Security Blogs and Websites
• Data Privacy and Security
• The Future of Data Protection Officers
• Writing Tips for Blogs
• IoT Data Hackathon 2025
• DLA Piper Data Protection Officers