[noduerme]

I think it's more a question of encrypting data on the backend. The data wasn't stolen by phishing 16 million individual users' passwords. Companies that deal with sensitive genetic data should be subject to the same level of HIPAA compliance as those that deal with medical data, for instance.

[beej71]

Weren't users willingly sharing that data with eachother? Encrypting it wouldn't make sense in that use case.

[noduerme]

I don't actually know. But if a user wanted to share personal data with another user, I'd make a one-time key. I'm relatively certain that they took no precautions against someone with access to their database. In some scenarios for tiny companies that might be okay, if you don't store sensitive data; but not when it might get whole groups of people slaughtered based on their genetic profile.

[beej71]

Might be a hard sell, though. People on Facebook share personal data with their friends in their profiles all the time.

[noduerme]

Ugh. I'm so divorced from social media, I didn't even consider the marketing use case for "share your genetic data with your friends"... I wonder if this hack was just someone scraping an API for that (?!!)

It's gross. On a side note, when I asked my father (an educated man in his 80s with a law degree) why he put our genetic information online without asking us, his response was that he didn't put it online, he mailed it, and it was just his own. I only say this to illustrate that the entire setup here resembled a con game to collect genetic data from unwitting people - which if they represented only 25% of the population would be enough to let you deduce the rest. The abhorrent fact that the was handled so flippantly is just icing on the cake.

[beej71]

In this case, to be fair, it's not "share your genetic data with your friends", exactly.