Tuesday, November 19, 2024
I’ve been thinking about your DNA again – and mine too. You may recall news this past spring about a significant data breach at 23andMe, the genetic testing company known for connecting users with their ancestry and health insights. That breach, affecting over seven million individuals, raised significant questions about how such deeply personal data is stored and protected. Now, the company’s struggles, and by extension the next set of concerns for their customers, have taken another sharp turn.
This week, 23andMe announced a major shift in strategy. Facing financial headwinds, they are laying off 40% of their workforce and shutting down their therapeutics division. This decision marks the end of their foray into drug development, which was expected to fill their long-term revenue model. The company plans to exit ongoing clinical trials and is reportedly exploring what to do with its drug development assets (read: selling off those assets).
These moves come amid a broader financial crisis for the company. Once valued at billions, 23andMe has been unable to achieve a sustainable business model since going public in 2021. While many customers purchased kits for ancestry or health insights, the one-time nature of those sales posed a challenge for ongoing profitability. This, combined with falling revenues and mounting losses – $667 million in the last fiscal year – has forced the company to take drastic action to cut costs and refocus.
CEO Anne Wojcicki has suggested that taking the company private might provide the flexibility needed to turn things around. However, even this plan faces hurdles, including disagreements with former board members who resigned en masse earlier this year.
For customers, these developments lead to a pressing concern: what happens to the genetic data 23andMe holds if the company can’t restructure successfully? Soon it may find itself with only one remaining asset to liquidate, their customers’ DNA information. The possibility of such personal information being sold raises profound ethical questions. Who would buy it? How would it be used? And what rights do individuals have once their data becomes an asset in corporate negotiations?
Data help by 23andMe is not protected under HIPPA; the company is a genetic testing company, not a medical company.
It’s not just personal data we need to consider; this story is another wake-up call for our businesses as well. Think about the data your company entrusts to third-party vendors: financial records, non-public customer information, and over time a detailed transaction map of every deal you’ve handled (including meta data). Do you know who owns or has access to that data? And more importantly, have you evaluated the risks of what might happen if those vendors face a financial crisis or acquisition? Just as our personal DNA can become a dangerous commodity in the wrong hands, so too can the sensitive information that underpins our professional operations. Your company’s DNA, the data you collect and hold, should be viewed as sensitive as your own personal DNA.
The story of 23andMe serves as a stark reminder: the data you voluntarily share today could have the most serious implications tomorrow. In a world increasingly powered by artificial intelligence, large data sets are becoming more valuable (and potentially more vulnerable) than ever before.
So, I’ll leave you with this: if the information that makes you “you” were up for grabs, who would want it, and for what purpose? What about the information that makes up your company’s DNA?
The data you share with a provider, partner or vendor is as critical to your company’s future as your personal fingerprints, iris data or DNA are to yours. It’s important to understand the terms you transact under and to have contract provisions that protect you in case business agreements do not go as originally planned.
Until Next Time,
Mary Schuster
Chief Knowledge Officer
October Research, LLC