• |

    Apr. 16, 2025

Sale of 23andMe’s Genetic Data: Implications of the Motions for a Privacy Ombudsman and State Laws

A court fight broke out last week over 23andMe’s bankruptcy sale of genetic and other personal data collected from over 15 million people. The Texas AG and U.S. Trustee moved the court to appoint a neutral privacy ombudsman before the company can sell data. The AG cited the company’s admission that it was behind in completing consumers’ data deletion requests and the risk that the data sale would violate three Texas laws. This first article in a two-part series delving into the privacy aspects of the operatic 23andMe bankruptcy proceeding discusses the company’s data assets and policies, the motions on the appointment of a consumer privacy ombudsman and their implications for the case, and how state privacy laws now may play an outsized and disruptive role in data-centric bankruptcies. Part two will cover expansion of privacy’s borders beyond individuals’ data rights to those of others who can be profiled from the data, and will offer steps that companies can consider to address the growing risk of enforcement around sensitive data inferences. See “Examining DOJ’s Final Rules on Access to Government and Sensitive U.S. Personal Data” (Jan. 29, 2025).

Checklist for AI Procurement

AI can add power and speed to companies’ daily operations, but plenty of AI has developed without full attention to its risks. This checklist, derived from our in-depth coverage on the topic, offers practical and sometimes overlooked steps to manage the process for obtaining AI. See our two-part series on how to manage AI procurement: “Leadership and Preparation” (Sep. 18, 2024), and “Five Steps” (Oct. 2, 2024).

Rethinking Click-Through Training: Maximize Effectiveness With Customization

Off-the-shelf click-through training is attractive for many companies because it is cost effective and easy to deploy. Although customized content can be pricier, it also can lead to better learning outcomes and behavior changes. This second article in a three-part series discusses making click-through training more effective through design and customization and then measuring the results. The first article focused on the development of click-through training and some of its benefits and drawbacks. The final article will address integrating click-through training into a broader training program and explore how to choose the right vendor. See “Go Phish: Employee Training Key to Fighting Social Engineering Attacks” (Aug. 9, 2023).

Data, Privacy and Security Partner Joins King & Spalding in Brussels

King & Spalding has welcomed Charles-Albert Helleputte to its data, privacy and security team and its government matters and regulation practice group as a partner in Brussels. He joins from Squire Patton Boggs. For commentary from Helleputte, see “Implications of EDPB Meta Ruling on Behavioral Advertising Practices” (Nov. 29, 2023). For insights from King & Spalding, see “Navigating the SEC’s Newly Adopted Cybersecurity Disclosure and Controls Regime” (Sep. 6, 2023); and “Electronic Communications, Cooperation Standards and Other Emerging Trends in the SEC’s Oversight of Private Funds” (Jan. 18, 2023).

Most-Read Articles

Women to Watch: Contributions, Achievements and Observations of Outstanding Female Professionals

To mark International Women’s Day, women editors and reporters at ION Analytics interviewed outstanding women in the industries and jurisdictions we cover. In this part, Law Report Group editors Jill Abitbol, Robin L. Barton and Megan Zwiebel profile notable women in data privacy, cybersecurity, private funds and anti-corruption law, including Anne-Gabrielle Haie, Jessica Lee, Micaela McMurrough, Laura Perkins, Amanda Raad, Madelyn Calabrese, Ranah Esmaili and Genna Garver. Enjoy reading their inspiring remarks here.

Celebrating Data Privacy Day 2025

Read the full brief here.

Cybersecurity Awareness Month

Read the full brief here.