Virginia Foxx Asks Interim 23andMe CEO About Cutting Off CCP Access To Sensitive Genetic Data

Forbes Breaking News

During Tuesday’s House Oversight Committee hearing, Rep. Virginia Foxx (R-NC) questioned Joe Selsavage, Interim Chief Executive Officer and Chief Financial and Accounting Officer of 23andMe, Inc., about CCP access to the company’s data.

Transcript

00:00Dr. Fox from North Carolina.

00:02Thank you, Mr. Chairman, and thank you to our witnesses for being here.

00:06Mr. Selsavage, we all know the Chinese Communist Party, CCP, has a track record of misusing genetic data,

00:14and even the New York Times acknowledged that, quote,

00:17China uses genetic tests to track members of the Uyghurs, end quote,

00:22who are a politically disfavored minority group.

00:25This abuse can surely be perpetrated against any disfavored group whose genetic data is available.

00:34How does 23andMe prevent the genetic data, mainly from Americans,

00:39controlled by the company from being used by the CCP or some other malign actor to track or harm Americans?

00:47Congresswoman, you know, 23andMe puts data security and privacy at the top of the forefront of our company.

00:53You know, all of our data is secured with top security encryption.

00:59You know, we have, you know, security professionals, you know, in place at 23andMe implementing the latest technologies in security,

01:08and we've received, you know, three ISO certifications for the company in terms of security, cybersecurity, and privacy

01:16to make sure that the data of our customers is secure.

01:20In addition, you know, as, you know, after the cybersecurity incident, we made sure that, you know,

01:25basically we've implemented two-factor authentication.

01:28We've ensured that customers have reset their passwords, and we make sure that those passwords are not,

01:34have not been, you know, basically in compromised databases anywhere to make sure that our customer data is safe.

01:40Mr. Sellsavage, besides the 15 million individuals who have their genetic data stored with the company,

01:48family members, by virtue of having a similar genetic makeup to those who took the test,

01:53are also potentially at risk if 23andMe's genetic data is exposed or used for nefarious purposes.

02:01Is that correct?

02:02You know, if a customer at 23andMe chooses to allow their data to be shared, as such as a DNA relatives feature at 23andMe,

02:12you know, people can access, can, relatives could actually, and family members can see that additional data, yes.

02:18Ms. Wojewski, precisely because of concerns about the genetic information control by 23andMe falling into the wrong hands,

02:27that the Pentagon warned its personnel in 2019 not to use consumer DNA kits.

02:33How did 23andMe respond to the Pentagon's warning at that time?

02:39Thank you for that question.

02:41I have to say, in all honesty, we were surprised.

02:45We had not been contacted.

02:47We were surprised.

02:48So we were happy to engage around that discussion as to what are the potential concerns,

02:53but it was a surprise to us, and we did not get forewarning, and we did not, no one engaged afterwards.

03:01So after the warning, did the company change the way it handled or protected consumers' genetic data?

03:09Thank you for that.

03:11There were not substantial changes because, as I mentioned,

03:14privacy and data security had really been top priority since then, since the inception of the company.

03:22So I would say after that notice and reading about that, it definitely became top of mind,

03:29and I think the number one takeaway we had was really there should be an engagement around the understanding

03:34of how we actually are making sure that we're securing data and how we're making sure that customers,

03:41we're always honoring the customer's privacy.

03:44So it was a great opportunity for us to consider engaging.

03:47We always are reviewing our systems.

03:50We're always looking at sort of the update of what else should we be doing with our security protocols,

03:55and so that was the primary takeaway from that.

03:59Do you believe there's anything could have been done to prevent the 2023 breach?

04:04That is a, I appreciate that question.

04:09I'm pretty limited with what I can say specifically around that because of the potential litigation

04:15or the ongoing litigation around there.

04:18The thing that we always said is that you have to be vigilant on a daily basis.

04:23You have to always live in a world of paranoia because you see how many threat actors there are out there,

04:30the number of security incidents that are there.

04:32So the primary takeaway we always thought is like, what's also the product by design?

04:37How are we making sure we're designing the product?

04:39So if and when something happens that we're doing everything we can to protect the privacy of our customers,

04:44the database security design has always been really important for us about making sure that if there ever was a threat actor,

04:51how are we actually making sure that we're doing everything we can to prevent that?

04:55So it was always top of mind for us to think about what those potential risks are.

05:02Thank you, Mr. Chairman.

05:04I yield back.

05:04Gentle lady yields back.

05:05Chair, I recognize Ms. Brown.

Category

Transcript

Recommended