23andMe, a prominent direct-to-consumer genetic testing company, filed for Chapter 11 bankruptcy in March, prompting concerns among lawmakers about the implications for customer data. Company co-founder and CEO Anne Wojcicki has stepped down. She is now seeking a private bid for the embattled company, which further complicates everything.
The House Committee on Energy and Commerce has opened an investigation. We would like to see these communities engage with the implications of this bankruptcy on the future management of customer data. Lawmakers are understandably alarmed that there are no protections under the Health Insurance Portability and Accountability Act (HIPAA). This is especially troubling because HIPAA often does not apply to the activities of 23andMe. Without strong federal protections, consumers are at grave risk. They are left vulnerable if a data breach happens or if the company decides to sell their data.
In the face of these concerns, Republican Representatives Brett Guthrie, Gus Bilirakis, and Gary Palmer made their move. They followed up with a letter to Joe Selsavage, the interim CEO of 23andMe. The correspondence raises critical questions regarding the company’s data management practices and what measures will be taken to protect customer information if a sale occurs.
“Given the lack of HIPAA protections, the patchwork of state laws covering genetic privacy, and the uncertainty surrounding what happens to customer information should a sale of a company or customer data and information transpire, we are concerned that this trove of sensitive information is at risk of being compromised.” – Representatives Brett Guthrie, Gus Bilirakis, and Gary Palmer
The scrutiny surrounding 23andMe intensified after the company agreed to settle a data breach lawsuit for $30 million last year. Furthermore, the settlement seemed an admission of the company’s failure to protect sensitive customer data. Potentially tens of thousands of customers have had trouble getting their data removed from the 23andMe platform. AI’s unpredictability further deepens concerns over whether users will have real control over the information they shared.
Though how customer data will be affected hangs in the balance, as 23andMe steers through its bankruptcy proceedings. Without ongoing investigations, lawmakers would be out of immediate political pressure. In turn, consumers can be left at risk when it comes to their sensitive genetic data.