What 23andMe’s Troubles Mean for Your Data – and What You Can Do About It

You may have seen this story reported by the BBC, where 23andMe, the well-known genetic testing company, has filed for bankruptcy protection – leaving millions of users scrambling to delete their most sensitive data. But as many have found, erasing your digital DNA isn’t always straightforward.

This article explores the current situation at 23andMe, outlines the steps you can take to protect your personal information, and offers expert advice from AJC on how individuals and organisations can navigate data protection risks more confidently.

A Surge of Concern – and Traffic

On Sunday 10 March, 23andMe filed for Chapter 11 bankruptcy in the U.S., triggering widespread concern over what would happen to the personal and genetic data of its 15+ million users. Within hours, customers flooded the site in a bid to delete their data – overloading systems and leaving many unable to log in or verify their accounts.

As the BBC reported, users encountered timeouts, expired authentication codes, and unresponsive support chats. One customer, Pauline Long, said: “This has been a nightmare and I am now going to be more cautious about doing anything online.” Another, Danielle Landriscina, questioned whether a future buyer could access her data: “What’s stopping a health insurance company from buying my data and using it to determine if I get cover?”

The company said it had resolved the technical issues, but questions remain. Even users who successfully deleted their accounts voiced doubts about whether their data had truly been erased.

What’s at Risk?

23andMe’s privacy policy currently states it “will not voluntarily share your Personal Information” with insurers. However, the fine print also acknowledges that in the case of bankruptcy or sale, personal data may be sold, accessed or transferred to the acquiring party.

Legal experts interviewed by the BBC highlighted that although buyers must comply with existing privacy laws, 23andMe also reserves the right to change its privacy policy over time – meaning protections could shift under new ownership.

This situation comes after a major data breach in 2023 occurred within 23andMe, in which millions of accounts were compromised. The company settled that incident for $30 million. For many users, it’s a worrying pattern.

Steps to Delete Your 23andMe Data

If you’re a 23andMe user and wish to delete your data, follow these steps:

• Log in to your account at 23andMe.com.
• Go to Settings and find the “23andMe Data” section.
• Click “View” and then “Permanently Delete Data.”
• Download your data (optional) if you want a copy before deletion.
• Confirm your request as prompted.

Also consider:

• Revoking consent for research participation.
• Requesting sample destruction if your biological material is still stored.

Know Your Rights

Attorneys General in California, Arizona, South Carolina, and New York have urged consumers to delete their data, reminding them of their legal rights to do so. As California AG Rob Bonta put it: “It’s exactly a moment like this when a reminder of your rights is appropriate, so you can determine how to act.”

UK users are covered by GDPR, which gives individuals the right to request deletion of personal data held by companies, even those based outside the UK. If 23andMe fails to honour those requests, complaints can be raised with the Information Commissioner’s Office (ICO).

How AJC Can Help You Take Control of Data Risk

At AJC, we work with organisations and individuals to help them protect sensitive data – whether that’s customer records, financial information, or, in cases like this, deeply personal genetic data.

We support clients with:

• Third-party risk assessments, helping organisations evaluate and manage the security practices of data processors.
• Data deletion and disposal protocols, ensuring data is handled securely from collection to destruction.
• Compliance with GDPR and other global privacy laws.
• Crisis response planning, including what to do in the event of a breach or corporate collapse.

AJC offers expert advice on exercising your data rights, understanding privacy policies, and managing risk when your data has already been shared.

Conclusion

The 23andMe case is a powerful reminder of just how critical personal data protection has become – not just for compliance, but for building trust, accountability, and long-term resilience. If you’re concerned about your digital DNA, now is the time to act.

Delete what you can. Withdraw your consent. Ask questions. And if you need support, speak to experts who understand how to protect your information in an unpredictable world.

Contact us on 020 7101 4861 email us info@ajollyconsulting.co.uk if you think we can help.

Sources

BBC News – Customers race to delete data after 23andMe files for bankruptcy
MarketWatch – 23andMe data concerns in bankruptcy
6ABC – Data deletion issues at 23andMe
California Attorney General – Consumer alert
23andMe Customer Care – Account deletion guide

Image accreditation: Wikicommons Media. Last accessed on 4th April 2025. Available at: https://commons.wikimedia.org/wiki/File:Zeppelin_NT_(July_2009)_(3697284912)_(2).jpg