The probe will focus on three key areas, the first of which being the scope of information exposed during the breach and the extent to which such information may be potentially harmful to breach victims.
Crucially, it will also look at whether 23andMe had "adequate safeguards" in place to protect sensitive customer data in the first instance, and whether the company provided "adequate notification" about the breach to both regulators.
Public trust in a service like 23andMe is "essential," the ICO said in its statement, being that the firm is a "custodian of highly sensitive" data such as genetic information.
"Ensuring that personal information is adequately protected against attacks by malicious actors is an important focus for privacy authorities in Canada and around the world," he added.
[
Collection
]
[
|
...
]