"The crux of the argument from 23andMe is an interpretation of the California Privacy Rights Act (CPRA) which requires businesses to implement procedures for collecting sensitive data."
"23andMe therefore claims in an open letter that it is not responsible for any security breach, and rather contends that users who 'negligently recycled and failed to update their passwords,' after past security incidents bear responsibility."
[
add
]
[
|
|
...
]