‘Safety And Security Of That Data Hangs In The Balance’: Shontel Brown Warns Of 23andMe Sale Risks

Forbes Breaking News

During Tuesday’s House Oversight Committee hearing, Rep. Shontel Brown (D-OH) spoke about the bankruptcy sale of 23andMe, Inc.

Transcript

00:00Brown from Ohio. Thank you, Mr. Chairman. Today's hearing gives us an opportunity to explore

00:05bipartisan solutions to protect Americans' personal identifiable information. When services

00:11like 23andMe first launched, they were seen as groundbreaking, giving people unprecedented

00:15access to information about their ancestry, health, and genetics. For the first time,

00:21you could uncover long-lost family connections or gain insights into potential health risks,

00:26all from the comfort of your home. But what many of 23andMe's nearly 25 million customers didn't

00:33realize was that unless they actively opted out, they were also consenting to share their personal

00:38DNA data with third parties. Unlike a password, you can't change your DNA, and it can't truly be

00:45anonymized. What's more, one person's genetic data can reveal information about their entire family.

00:52Now, with that company's future uncertain, the safety and security of that data hangs in the

00:58balance. Americans deserve real oversight and tough privacy protections to keep their most sensitive

01:04data safe. Mr. Celsovich, when you became the CEO, just as 23andMe experienced a massive breach that

01:15exposed the sensitive genetic data of 7 million users, what concrete steps have you taken since

01:22to prevent this from happening again? And what can you tell your customers today, right now,

01:27that you couldn't say a year ago to reassure them their most personal data is safe?

01:34Congresswoman, you know, I will just want to reiterate that 23andMe always has put

01:40our consumers' security and data security and privacy at the forefront of the company.

01:47You know, since the data incident, we have implemented additional security measures.

01:52We, you know, forced every customer to actually reset their password to make sure that their accounts

01:57are safer. We implemented two-factor authentication, whereby a customer either gets an SMS or an email

02:06sort of code to actually enter in addition to their password to make sure their data is secure.

02:12And then we also ensure that any sensitive data, like the personal genomic data that the customer

02:17has, if they requested that data, that there was additional verification of the customer requesting

02:24it, such as their date of birth and other credentials, and then also put a time limit so that they couldn't

02:30access that data immediately. But rather, I'll put a time delay of 48 hours on that data.

02:37In addition, you know, we've hired a new chief information security officer at the company

02:42and put in additional security controls. Through the bankruptcy process, we're making sure that,

02:49you know, essentially through the process that our customer's data is safe, because we're requiring

02:55any bidder for the company to continue with the privacy policies and consents that are in place here

03:00at 23andMe. Thank you. We are having this conversation at a time when foreign adversaries

03:05like China and Russia are working overtime to exploit Americans' personal data. We know that

03:10China has targeted Americans' genetic data to train their AI technologies to develop advanced medicine

03:16and even for military research. And we are facing this threat with fewer resources. The Trump

03:21administration has made massive cuts to funding and staffing at our nation's top cyber security agencies.

03:28We need both strong cyber security protections and federal privacy laws to protect Americans' data.

03:33So Ms. Hu, as you know, there is no federal framework for how private companies handle consumer

03:40biological data. What steps should Congress take to ensure that private industries isn't putting

03:46Americans' private health and genetic data at risk, especially in the hands of our foreign adversaries?

03:51Ms. Thank you so much, Congresswoman, for that question. I do believe that we need

03:55an overlapping regime that takes into account both strong federal data privacy protections that

04:01now need to update laws such as HIPAA that do not cover these types of new biotech services and

04:08wearables and other types of apps. New health data is being generated that is not covered under existing

04:15health data protection laws. And we are increasingly faced with cyber security laws and data privacy laws at the

04:21state level that are now stepping in to fill the gap that is being left by Congress. But especially

04:26with AI warfare on the horizon, it's absolutely critical. And I agree with you, this is a bipartisan issue.

04:32Thank you so much. I'll close with this. Americans deserve to know their sensitive private data is safe

04:38and secure. I look forward to working with my colleagues on both sides of the aisle as we continue

04:43these important conversations. And with that, Mr. Chairman, I yield back. Thank you very much.

Category

Transcript

Be the first to comment

Recommended