financial struggles genetic testing and ancestry company 23andI Raises questions about customers’ safety DNA and other data.

company announced On Monday, it announced it would lay off nearly 40% of its workforce (about 200 employees) and shut down its drug development arm in a bid to cut costs.

On Tuesday, 23andMe launched latest earnings report showing revenue down 12% in the last quarter and share prices falling.

The company has faced additional challenges in the past few months. resignations Seven independent board members were elected in September.

Since its founding in 2006, 23andMe has sold more than 12 million of its DNA kits, which use a saliva sample to extract DNA that is then analyzed. accordingly company website.

Here are four questions answered about 23andMe and users’ data.

1. What did 23andMe say about customers’ genetic data among its challenges?

A.

A 23andMe spokesperson told ABC News on Wednesday that the company had no further comment when asked how the company’s business turmoil might affect customers’ personal data.

company states on it website that it will not sell or share customer personal information to third parties without the customer’s consent, that it will not voluntarily share data with law enforcement, and that it provides a choice for customers who wish to participate in research.

2. Is genetic data collected by 23andMe protected in the same way as health records?

N

O. 23andMe is considered a direct-to-consumer genetic testing company, and transactions with the company are considered business, not medical.

Because 23andMe is not a medical company, customers’ personal information HIPAA Privacy RuleProvides privacy protection for health records.

3. Has 23andMe had a data breach before?

I

n 2023, company experienced A major security breach that exposed the data of approximately 7 million users.

23andMe said at the time that customer profile information shared through the company’s DNA Relatives feature was accessed without permission.

In October, the company agreed to pay $30 million in cash in a class-action lawsuit stemming from the data breach. accordingly Associated Press.

Following the breach, the company in question required every customer to reset their password and began requiring all customers to use two-step verification for login.

4. Is there anything consumers can do?

A.

As a general rule, consumers who share their DNA with any direct-to-consumer genetic testing company should be wary of the company over the years, as companies have the right to change their privacy policies and business practices.

Companies, including 23andMe, also have a responsibility to notify consumers of changes and obtain “consumers’ affirmative explicit consent to new uses of their data.” accordingly Federal Trade Commission, the government agency that administers surveillance direct-to-consumer genetic testing companies