Companies, 23andMe included, also have a responsibility to notify consumers of changes and get "consumers' affirmative express consent for any new uses of their data," according to the Federal Trade Commission, the government agency that conducts oversight of direct-to-consumer genetic testing companies. ????? ???????

As a general rule, consumers who have shared their DNA with any direct-to-consumer genetic testing company should pay attention to the company over the years, as companies have the right to change their privacy policies and business practices. ????????????  

Following the breach, the company also said it required every customer to reset their password and began requiring all customers to use two-step verification for login. ?????  

The company agreed in October to pay a $30 million cash settlement in a class-action lawsuit stemming from the data breach, according to The Associated Press. ????? ???????  

Because 23andMe is not a medical company, customers' personal information is not protected under the HIPAA Privacy Rule, which affords privacy protections to health records. ????????????