Topics: Data Privacy,
Data Security,
Healthcare
Anne Wojcicki’s TTAM Research Institute Secures Purchase of Bankrupt Genomics Testing Company
Anne Wojcicki, the co-founder and former CEO of 23andMe, has led her new company, TTAM Research Institute, to victory in an auction to acquire the bankrupt genomics testing firm. In a bid that amounted to $305 million, TTAM has pledged to enhance the privacy and security measures for 23andMe’s users, addressing concerns surrounding the sensitive personal data that will now be managed by the new entity.
Previously, the highest bid for 23andMe was $256 million from Regeneron Pharmaceuticals, prompting a reopening of the bidding process by the bankruptcy court. Ultimately, TTAM was selected as the winning bidder, with Regeneron designated as a backup. This development comes amidst growing scrutiny regarding 23andMe’s data practices, particularly following a significant data breach that impacted nearly 7 million individuals.
As part of the transaction, 23andMe confirmed it had agreed to transfer nearly all its assets, including the Personal Genome Service and Telehealth business Lemonaid Health, to TTAM. The transition must navigate various legal and regulatory hurdles, and a court hearing is set to address the approval of this sale. Privacy advocates remain watchful, particularly regarding TTAM’s commitments to uphold robust data protection practices.
During a recent Congressional inquiry, lawmakers questioned Wojcicki and 23andMe’s interim CEO Joseph Selsavage about their data privacy protocols and the implications for customers’ genomic data post-sale. Notably, a group of 28 state attorneys general has also initiated legal action to prevent the sale unless explicit consent for customer data transfers is established, emphasizing the need for consumer rights in such significant corporate changes.
In conjunction with this, a consumer privacy ombudsman has recommended that the company secure individual consent from customers prior to the sale of their data, or alternatively, prior to any usage of that data post-sale. TTAM’s bid includes provisions to honor existing privacy commitments and implement additional safeguards to protect personal information.
As part of its operational framework, TTAM has pledged compliance with current privacy policies, ensuring that all data handling aligns with customer agreements. These commitments also include measures to enhance privacy controls, such as establishing a consumer advisory board and providing two years of free identity theft monitoring for affected customers.
TTAM’s agreement signifies a critical shift in the management of sensitive genomic data, with potential implications for cybersecurity strategy. Observers note that the involvement of 23andMe’s founding team could instill confidence in preserving data security; however, experts caution consumers to remain vigilant. The situation underscores the pervasive risks surrounding data management in the tech landscape, where attacks could employ tactics identified by the MITRE ATT&CK framework, including initial access strategies and privilege escalation methods used in data breaches.
While TTAM’s commitment appears robust, it is vital for 23andMe customers to assess their comfort with the evolving policies and practices as the transition unfolds. Presently, the alert to consumers about impending data sales, set at two business days, may not suffice. Observers recommend extended notice periods to ensure informed consent and maintain trust in the management of Personal Identifiable Information (PII). The forthcoming court hearing will be pivotal in determining the fate of customer data and subsequent privacy protections.
