For decades, DNA testing has been used by select entities such as law enforcement and the military. Now, it is being used by private companies to gather and share personal customer information like a consumer’s ancestry. This tactic, however, is raising many privacy concerns. The testing kits require taking small samples of fluids, which is usually done through a cheek swab or saliva sample. While this action is a simple and easy way for consumers to learn about their heritage, it is also a security risk.
The case of 23andMe
23andMe is one prominent example of the consequences that may come from security testing kits. Recently, the company had to lay off over 100 employees, or nearly 15% of its workforce, because of lost sales. The CEO speculated that the decline was due to privacy issues.
The privacy issue in the DNA testing market draws additional attention to a contentious, ongoing debate between citizens and the US government about data protection and consumer rights. Overall, consumers have been outraged by the fact that their highly vulnerable personal information has been sold to third parties.
In one high-profile incident, 23andMe was heavily criticized for selling its customers’ biological information to the pharmaceutical giant GlaxoSmithKline. The government, however, argues that testing kits have previously played important roles in public safety and crime control. Identity testing, law enforcement officials say, was essential for identifying a serial killer in California who terrorized the state in the 1970s and 1980s.
The process for identity testing
The process for personal testing starts with a sample collection including:
A buccal smear procedure is the collection of saliva from inside one’s cheek. The collected sample is then sent to a laboratory, where a trained technician can verify an individual’s identity. The results can be distributed to the individual or the requesting entity, such as a law enforcement agency.
How DNA information is stored in digital databases
Once information is collected from individuals, it can be stored electronically in a digital database. After the data is uploaded online, it can be distributed in several ways. Some companies share the information gathered about a person to a law enforcement agency. Other companies sell individuals’ information to third-party companies. If this happens, it can be difficult to track (and in turn verify) someone’s personal identity. This can present problems for people who want to work for small, private companies, join the military, or even get insurance.
Concerns over privacy rights
Only recently, testing kits have been used in the public sector rather than just the military, law enforcement, and in other select settings. Experts warn that because testing is just starting to emerge in the private sector, laws are not yet in place regarding consumer rights. For that reason, information collected in testing kits is not as secure and confidential as personal information collected through medical tests. Information collected through medical testing is regulated by HIPAA (Health Insurance Portability and Accountability Act).
How individuals can protect their information
It might sound surprising, but only about 40% of companies have written policies regarding genetic details. Even though there are few legal regulations governing consumer data protection using testing kits, consumers can still take action to ensure their personal information remains protected and not subject to security infringements.
Most personal information is collected by the “Big Three”:
Certain steps are required to remove personal information from these sites. The requirements vary by company. For 23andMe, consumers can choose to delete their information on file through their account settings page. At Ancestry, consumers can sign into their account and choose to delete information stored under the test results summary. Information in MyHeritage can also be controlled through Account Settings.
Secure Forensics cares about your privacy and we have the tools, expertise, and resources required to identify a lack of digital security. Our examiners have the resources necessary to handle data breaches, identity theft, and any other digital security concern that might arise. We work to find evidence of a digital crime and will provide the facts in a court-admissible report. Call Secure Forensics to see how they can help with your data security needs at 1-800-288-1407.