The corporations that deal with DNA should be subject to the death penalty for being hacked. Your personal information is the new gold. The latest data breach at 23andMe serves as a sharp reminder of a disturbing reality: the information that we consider the most private and intimate may not be as safe as we believe it to be. At the same time that they are making money off of our DNA, businesses are failing to preserve it, which is a terrible indictment of the sheer irresponsibility of those businesses.
During the breach at 23andMe, hackers were able to obtain access to the personal information of a staggering 6.9 million customers. This information included family trees, birth years, and geographic regions. It sheds light on several essential questions, including: Are businesses making sufficient efforts to safeguard our information? Would it be OK for us to entrust them with our most private information?
This situation has a few peculiarities, even though businesses have been promised to protect our data. As the Federal Bureau of Investigation (FBI) and every other law enforcement agency around the globe are presumably salivating at gaining access to such a massive data collection of DNA sequences, there is little doubt that the government is overreaching its authority. Every cold case from this point to the South Pole could be a gold mine for this.
The argument that “But if you haven’t done anything wrong, you have nothing to worry about!” is only partially relevant in this situation: In this case, the issue is one of consent. At one point in time, my father underwent a DNA test, and the results revealed that he had a half-brother who was about to reach 80 years old. When they began researching the background, they discovered a massive load of potentially troublesome family history, which resulted in an unbelievable amount of tension among the family.
The issue is not so much that my father decided to do that; instead, the concern is that I disagreed with being included in a database, and here is where things become problematic. I can see a future of Black Mirror in which one member’s family is interested in their lineage and decides to be tested. Two weeks later, the FBI comes knocking on the door of every person who shares fifty percent of their DNA with that individual because they are sought for some crime.
It is incredible to see firms like 23andMe and others like it have such guts. As the gatekeepers of our ancestral pasts and possible medical futures, they present themselves as the custodians of our genetic history. They also claim to be the future of medicine. On the other hand, when the chips are down and our data is exposed, they hide behind the old excuse that “we were not hacked; it was the users’ old passwords.”
A bank might say, “It’s not our fault your money got stolen; you should have had a better lock on your front door.” This line of reasoning is somewhat similar. In addition to being unacceptable, it is a significant surrender of duty.
Businesses should be held to the highest potential level available when dealing with such sensitive information. The numbers on credit cards and email addresses are not the only things being discussed here. Our DNA, the exact blueprint of our life, is contained within this. Indeed, if there is anything that ought to be regarded as “sacred” in digital technology, it ought to be this.
The fact that the stolen data was presented as a list of persons with ancestries that have, in the past, been victims of institutional discrimination is an additional worrisome layer that has been added to this mess. It brings to light the fact that such data has the potential to be abused in the most sinister ways, including discrimination and targeted assaults.
There is a need for the DNA testing business to take action. In addition to ensuring that the security measures are appropriate, it must also guarantee that they are outstanding. They must take the initiative in cybersecurity, serving as a model for all other segments of the economy to emulate.
Two-factor authentication and improved passwords are not the only things at play here. This pertains to a significant change in how these businesses see the information they have been entrusted with. The issue is that they must acknowledge their significant duty not just to their clients but to society as a whole.
Am I optimistic? In no way, shape, or form. As a result of the breach at Equifax, I have long argued that the firm ought to have been given the corporate equivalent of the death penalty. Instead, a fine of 700 million dollars was imposed on it. In my opinion, that is funny. Is it possible to even consider the possibility of a breach of such a scale, much alone to allow it to occur? There is no need for you to continue operating as a business. This is something that I believe is even more true for businesses that deal with our DNA.
It is time for 23andMe and the DNA testing business to realize that they are not just dealing with data. They are concerned with the lives of people, their history, and the destinies of various individuals. Our data should be treated with the respect and care it deserves, and it is time they begin doing so.