Support Centre

You have out of 5 free articles left for the month

Signup for a trial to access unlimited content.

Start Trial

Continue reading on DataGuidance with:

Free Member

Limited Articles

Create an account to continue accessing select articles, resources, and guidance notes.

Free Trial

Unlimited Access

Start your free trial to access unlimited articles, resources, guidance notes, and workspaces.

International: ICO and OPC investigate 23andMe data breach

On June 10, 2024, the Information Commissioner's Office (ICO) announced that it had launched a joint investigation with the Office of the Privacy Commissioner of Canada (OPC) into the data breach, which occurred in October 2023, at the global direct-to-consumer genetic testing company 23andMe, Inc.

In particular, the ICO noted that 23andMe is a custodian of highly sensitive personal information, including genetic information which does not change over time and can reveal information about an individual and their family members, including their health, ethnicity, and biological relationships, making public trust in these services essential.

The ICO explained that the joint investigation will examine:

  • the scope of information that was exposed by the breach and potential harms to affected people;
  • whether 23andMe had adequate safeguards to protect the highly sensitive information within its control; and
  • whether the company provided adequate notification about the breach to the two regulators and affected people as required under Canadian and UK data protection laws.

You can read the press release here.