This Thanksgiving, as families gather around the dinner table and discuss heritage and history, genetic testing is sure to be on the menu. Genetic testing companies are offering Black Friday and Cyber Monday discounts on kits to help you discover your genealogy and are sure to report record sales.
It is no surprise that as families come together this week, heritage, health, and the other fascinating information that can be drawn from DNA will be the talk of the table. From conversations about new family connections and serious health conditions to what types of wines best fit your genetic taste profile, DNA insights are becoming an important part of family discussions. And as with any family discussion, navigating serious or sensitive topics takes thoughtfulness and diplomacy; choosing a genetic testing provider also calls for careful consideration.
While today it is easier than ever to learn about family history, individuals should also be aware that genetic data is one of the most sensitive categories of personal information and warrants a high standard of privacy protection. Genetic data may be used to identify risk of future medical conditions, contain unexpected information that may be unsettling, and reveal information about the test taker’s family members. Because genetic information is so sensitive, you’ll want to know how a company will protect and use genetic data before buying Grandpa a kit on Black Friday.
One key way to assess a company’s genetic privacy practices is to look to the principles highlighted in the Future of Privacy Forum’s Privacy Best Practices for Consumer Genetic Testing Services, a set of standards for the collection, use, and sharing of genetic data. Companies that currently support the Best Practices include: Ancestry, 23andMe, Helix, MyHeritage, Habit, African Ancestry, FamilyTreeDNA, and Living DNA.
- Does the Company Ask for Your Consent Before Sharing Your Individual-Level Genetic Data with Third Parties? People choose to share their genetic data with third parties for a range of purposes (e.g., participate in scientific research or connect with potential relatives). However, genetic testing companies should never share your individual-level genetic data with third parties without your knowledge, particularly with insurers, employers, and educational institutions.
- Does the Company Provide You the Ability to Delete Your Genetic Data and Destroy Your Biological Sample If You Choose? Companies may have default policies to destroy all samples once testing is completed, retain data or samples for only a finite period of time, or retain data and samples indefinitely or until you close your account. Companies should be clear about their retention practices and offer prominent ways to delete your genetic data and destroy your biological sample.
- Does the Company Require Valid Legal Process before Disclosing Your Genetic Data to the Government? As we have seen in recent cases like the Golden State Killer, genetic data can be a powerful investigative tool for government. However, government access to your genetic data should not be as easy as pumpkin pie, as it presents substantial privacy risks. Companies should require that government entities obtain valid legal process before they disclose genetic data.
- Does the Company Notify You of Material Changes to Its Privacy Statement and Ask You to Agree to the Changes? Companies may modify their privacy statements occasionally, and sometimes they significantly change how genetic data is collected, used, and stored. Companies may also be bought, sold, or go out of business. But before changes are implemented, you should be notified and given an opportunity to review the changes and choose whether or not you want to continue using the services.
- Does the Company Have Strong Data Security Practices? As more than 12 million individuals have had their DNA tested, the potential for hacking and data breaches has become an increasing concern. Given the uniqueness of genetic data, companies should maintain a comprehensive security program through practices such as: secure storage of biological samples and genetic data, encryption, data-use agreements, contractual obligations, and accountability measures.
As we gather this week to give thanks for our families and heritage, let us also take a moment to consider the ways that genetic data can bring us closer together … and why it is important to protect it.