Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

I’m in a weird spot with 23andMe - when I signed up, I used a fake name as a fig leaf in case they decided to sell to insurance or whatever. Since then, several members of my immediate family have all signed up, so “the child of X and the sibling of Y” means that fig leaf is pretty useless now - except I can’t issue an actual CCPA now, because fake name.

All of this is super predictable, but I wasn’t nearly cynical enough 15 years ago when I mailed my spit to them.



If you (and others in the replies) were to go and update and perfect your data, removing all these ambiguities (fake name, dob), you would then be in a position to ask them to delete it. Ie absolutely remove all doubts about who you are to then address your privacy concerns. Perverse, eh?


I wonder how many of your relatives now believe your parents had an additional child that they don't tell anyone about.


Yeah, the first sibling who joined after me texted me immediately when they saw my fake name there :-D

(Although that turned out not to be the biggest family scandal that was turned up by the genetic testing - the cautionary click through on the "relatives" page is no joke...)


I wonder if you can convince them through the customer service portal? People make typos all the time…


Doubt it. I assume they're under HIPAA regulations and it'd be a massive cost if they did it even once.


HIPAA also includes the right to correct incorrect information in your records. 23 may have to get unconventional to verify the individual but they're a DNA lab and have everything they need to make a positive confirmation.


HIPAA doesn't apply to 23&me.


> I assume they're under HIPAA regulations

You would be incorrect. HIPAA does not apply to 23 & Me (or, for that matter, to almost any direct-to-consumer product).


There’s no HIPAA concern if you just want to delete your info, I think.


I don't know enough about HIPAA to know if it would be a violation for them to delete my data upon your request but, assuming it is, that would be a good case for requiring identity verification.


Nope. Same boat. They want ID in the name I signed up with to do anything, and I haven’t been able to access my account since they mass reset passwords after their breaches.


Amusing that they literally have your genetic sequence data, but they won't trust anything other than a government ID with a name that matches their records.


I think it should be easier if the goal is just to get your data deleted. If you want to recover your account, that brings up some HIPAA concerns. But if you are just nuking it, that should be easier, right?


No, security shouldn't be relaxed because you are "just nuking it".


Yes, it should be. It is a “we’re giving away your personally identifiable medical information” issue, if they give you access. It is a normal customer service issue if they are just deleting the account for you.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: