The financial struggles of genetic testing and ancestry company 23 and me raises questions about customer security DNA and other data.

The company announced Monday that it will lay off about 40 percent of its workforce — about 200 employees — and close its drug development arm in a bid to cut costs.

Tuesday the 23rd and me ISSUED its latest earnings report, showing revenue fell 12% in the latest quarter and share prices fell.

The company has faced additional struggles over the past several months, including RESIGNATION in September of the seven independent directors of the board of directors.

Since its founding in 2006, 23andMe has sold more than 12 million DNA kits, which use a saliva sample to extract DNA that is then analyzed, conformable company website.

Here are four questions answered about 23andMe and user data.

1. What did 23andMe say about customers’ genetic data amid its fight?

A

A 23andMe spokesperson told ABC News that the company had no further comment when asked Wednesday how the company’s business turmoil may affect customers’ personal data.

The company Member on her website that it does not sell or share customers’ personal information with third parties without the customer’s consent, that it does not voluntarily share data with law enforcement authorities, and that it provides an opt-in option for customers who wish to participate in research.

2. Is the genetic data collected by 23andMe protected in the same way as health records?

N

o. 23andMe is considered a direct-to-consumer genetic testing company, and transactions with the company are considered commercial, not medical.

Because 23andMe is not a medical company, customers’ personal information is not protected by HIPAA Privacy Rulewhich provides protection of the confidentiality of health records.

3. Has 23andMe had any other data breaches?

I

n 2023, the company experienced a massive security breach that exposed the data of nearly 7 million users.

23andMe said at the time that customer profile information shared through the company’s DNA feature was accessed without authorization.

The company agreed in October to pay a $30 million cash settlement in a class-action lawsuit stemming from the data breach. conformable The Associated Press.

Following the breach, the company also said required every customer to reset their password and began requiring all customers to use two-step verification for login.

4. Is there anything consumers can do?

A

as a general rule, consumers who have shared their DNA with any direct-to-consumer genetic testing company should pay attention to the company over the years, as companies have the right to change their privacy policies and business practices .

Companies, including 23andMe, also have a responsibility to notify consumers of changes and to obtain consumers’ “express affirmative consent to any new use of their data.” conformable The Federal Trade Commission, the governing government agency SURVEILLANCE direct-to-consumer genetic testing companies.