DNA companies should receive the death penalty for getting hacked Personal data is the new gold. The recent 23andMe data breach is a stark reminder of a
agree. at the same time i wonder whether the usual authentication system is adequate given a) the sensitive nature of the data and b) the data’s implications for people who have not signed up, e.g., if my cousin signs up and provides data, the data he provides is not really his but, in a way, also mine. so, i wonder how much data processing is really covered by my cousin’s consent, given that it is not really his data alone, and whether, given this circumstances, special provisions should have been provided by the processor.
(personally i tend to believe that companies like 23&me should not exist in the first place, given that their operation requires processing of sensitive data from people who have not consented to the use of their data, i.e. processing of relational data should require consent of all related partners.)
You aren’t hacked if your users have the same password on another platform that gets hacked.
agree. at the same time i wonder whether the usual authentication system is adequate given a) the sensitive nature of the data and b) the data’s implications for people who have not signed up, e.g., if my cousin signs up and provides data, the data he provides is not really his but, in a way, also mine. so, i wonder how much data processing is really covered by my cousin’s consent, given that it is not really his data alone, and whether, given this circumstances, special provisions should have been provided by the processor.
(personally i tend to believe that companies like 23&me should not exist in the first place, given that their operation requires processing of sensitive data from people who have not consented to the use of their data, i.e. processing of relational data should require consent of all related partners.)