The UK’s data protection authority has issued a substantial penalty against 23andMe, the well-known genetic testing service. This action follows a major data breach that compromised the highly sensitive genetic and personal information of a large number of individuals. The Information Commissioner’s Office (ICO) determined that 23andMe did not adequately protect this exceptionally private data. The breach was deemed profoundly damaging because it exposed information about users’ ancestry, health predispositions, and other deeply personal details. Regulators stressed the unique sensitivity of genetic information and the critical obligation companies have to shield it from unauthorized access. The fine, reportedly £9.6 million, highlights the serious consequences faced by organizations that fail to implement robust security measures. This decision serves as a powerful reminder of the paramount need for ironclad data protection in the handling of sensitive genetic data, emphasizing corporate accountability in safeguarding individual privacy.
Source: https://www.bleepingcomputer.com/news/security/uk-fines-23andme-for-profoundly-damaging-breach-exposing-genetics-data/
