Personal data is the new gold. The recent 23andMe data breach is a reminder of a frightening reality – our most intimate, personal information may not be as secure as we think. This is a serious indictment of the gross negligence of companies who are failing to protect our DNA despite profiting from it.

The 23andMe breach gave hackers access to the personal information of 6.9 million users, including family trees, birth years, and geographic locations. This brings up some important questions: Are companies really doing enough to protect our data? Should we trust them with our most intimate information?

Companies are promising to keep our data safe, but there are some quirks. Government overreach is certainly a possibility, as the FBI and every police agency in the world are probably drooling at the idea of ​​having access to such a massive dataset of DNA sequences. This could be a gold mine for every cold case from here to the South Pole.

The argument, “But if you haven’t done anything wrong, you have nothing to worry about!” Only partially applicable here: the problem is one of consent. At one point my father took a DNA test, and found out he had a half brother who was about to turn 80. When they started digging into the history and discovered a whole bunch of potentially problematic family history an incredible family drama was uncovered.

The problem isn’t so much that my dad chose to do this, the problem is that I didn’t consent to being in the database, and that’s where things get tricky. I can imagine a certain Black Mirror-esque future, where a family member is curious about their ancestry, gets tested, and two weeks later, the FBI is knocking on the doors of every person who knows that person. Shares 50% DNA with someone because they want to commit some kind of crime.

The audacity of 23andMe and companies like it is astonishing. They present themselves as guardians of our genetic history, gatekeepers to our ancestral past and potential medical future. But when the chips go down and our data is leaked, they hide behind the old platitude “We weren’t hacked; It was the users old password” excuse.

This argument is akin to a bank saying, “It’s not our fault your money was stolen; You should have put a better lock on your front door.” This is unacceptable and a gross abdication of responsibility.

Companies dealing with such sensitive data should be held to the highest possible standard. We’re not just talking about credit card numbers or email addresses here. It is our DNA, the blueprint of our existence. If anything should be considered “sacred” in the digital realm, surely this should be it?

The fact that the stolen data was advertised as a list of ancestors who have been victims of systemic discrimination in the past adds another troubling layer to this debacle. This exposes the possibility of misuse of such data in the most nefarious ways, including targeted attacks and discrimination.

The DNA testing industry needs to move forward. He has to ensure that security measures are not only adequate, but extraordinary. They should lead in cyber security and set an example for all other industries.

It’s not just about better passwords or two-factor authentication. It’s about a fundamental change in how these companies view the data they are entrusted with. It is about recognizing their profound responsibility not only towards their customers, but towards the society at large.

Am I optimistic? Not even a little bit. I have long argued that after the Equifax breach, the company should have received the corporate equivalent of the death penalty. Instead, he was fined $700 million. I think it’s ridiculous. Allowing a breach of this magnitude to be possible, with no objection to it actually happening? You are not worthy of being a company. I think this is even more true for companies that relate to our DNA.

It’s time for 23andMe and the entire DNA testing industry to understand that they are not just working with data. They are dealing with people’s lives, their history and their future. It’s time they started treating our data with the respect and care it deserves.

Source: techcrunch.com