Ask HN: 23andMe has my data, am I screwed?

I&#x27;m quite concerned about 23andme. I deleted my account a year ago, but deep in their privacy statements they say they must retain data due to regulatory obligations. I&#x27;ve exchanged multiple emails with them asking what it means. I&#x27;ll post their response below. Am I &#x2F; are we... up a creek with no recourse?<p><pre><code> &quot;Thank you for your reply. Your inquiry has recently been escalated to me for review. Please note that once you confirm your request to delete your account, we will delete your data from our systems within 30 days, unless we are required by law or regulation to maintain limited data for a given timeframe, as described in our Privacy Statement. For example, archival files of information needed to satisfy state and federal legal requirements are retained, such as those set by the U.S. Federal Clinical Laboratory Improvement Amendments of 1988 (CLIA) and College of American Pathologists accreditation requirements. Your de-identified Genetic Information and a randomized identifier are retained on secure servers as required by law and any biobanked samples are discarded. The Genetic Information is not accessed, used, or disclosed for any purpose other than as needed to comply with the requirements referenced above. It is important to understand that the retained information is distinct from the genotyped data available within your account and is stripped from registration information. This data has not been processed by our interpretation software to produce your individual-level genotyped data (in your account). If you participated in telehealth services coordinated through your 23andMe account, your Medical Record will be retained in accordance with applicable law and is subject to the Medical Record Privacy Notice. You can read more about these retention requirements in the Privacy Statement.&quot;</code></pre>