Canada: Announced OPC and ICO joint investigation into 23andMe's compliance with cybersecurity regulations

On 10 June 2024, the Office of the Privacy Commissioner of Canada (OPC) announced that they had launched a joint investigation with the United Kingdom Information Commissioner's Office (ICO) into the data breach that was discovered in October 2023 at the global direct-to-consumer genetic testing company 23andMe. In particular, the breach exposed sensitive personal and genetic information, prompting concerns over the security measures at 23andMe. The investigation aims to determine the extent of the information leak, assess the adequacy of the company's data safeguards, and verify compliance with notification requirements under both Canadian and UK data protection laws.