23 and Me has received some critiques and skeptics are convinced it is simply a ploy for the government to have access to your DNA which is why 23 and Me takes privacy very seriously, in that your personal and registration information is stored separately from any genetic information which reduces the likelihood you could be identified. Your personal information is also given a random ID number and your genetic information is only identified using a barcode system. The site also ensures if you participate in surveys your responses remains unknown because a user’s genetic information is stripped of personally identifying information and transferred into the firm’s research environment where it is stored with the user’s survey response data and is assigned a randomized research identification number.
Much like privacy, 23 and Me has put in place security measures to keep user information safe. The firm employs software, hardware and physical security measures to protect the computers where customer data is stored. There are 9 sections of security the firm focuses on when handling sensitive information, however for the subject of this case we will focus on the blank related to technology systems put in place. The first is design security meaning 23andMe produces secure applications by design, by following principles such as Confidentiality, Integrity and Availability they also incorporate explicit security reviews in the software development lifecycle, quality assurance testing and operational deployment. As well as auditing security controls on a regular basis by a third party auditor. The second security measure is access controls all access is limited to authorized personnel, based on job function and roles. 23andMe access controls include multi-factor authentication, single sign-on, and follow a strict least-privileged authorization policy by default. 23andMe also uses industry standard, advanced protocols for authorization to supported internal platforms and Third-Party Apps. Furthermore, access to genetic and account information is enforced through different policies and encryption keys. That means your genetic information requires additional privileges to access. The third is Encryption, industry standard security measures are in place to encrypt sensitive personal data at rest. 23andMe also uses HTTPS by default to encrypt all data in transit. The fourth security measure is through monitoring and logging which uses intrusion detection as well as prevention measures to stop any potential attacks against its networks, this provides real-time monitoring, correlation and analysis of logs and alerts across virtually any system implemented. The two final types of security are vulnerability and incident management, to achieve this the firm is constantly scanning and running tests by a third party to resolve any kinks within the application or report incidents.
One way 23 and Me is able to gather data is through surveys, the firm supplements operational data with additional input surveys to assist the scientists and third party researchers working for 23 and Me. These surveys allows researchers, or approved third-party researchers, to use a customer’s de-identified information for a variety of studies.
Final project 