How Private is Your Data Once You've Taken a Home DNA Test?

How Private is Your Data Once You've Taken a Home DNA Test_
article by Nicky Hoseck author
As genetic technology becomes increasingly advanced, so home DNA tests are capable of giving you more and more information about your DNA and what it means in relation to your ethnicity, health, and fitness. Unfortunately, to gain that insider knowledge, you have to share a great deal of sensitive and personal information about yourself and what happens to that data once it's out of your hands could be cause for concern.

Most home DNA testing companies have detailed privacy policies and assure their customers that they do everything in their power to keep their data safe and value user privacy above all else. Unfortunately, this doesn’t always seem to be the case and recent reports are causing consumers to become increasingly concerned about the safety of their personal DNA data.

One news story revealed that 23andMe has entered into a partnership with the international pharmaceutical company, GlaxoSmithKline. In exchange for a $300-million share in the DNA testing company, GlaxoSmithKline will have access to their extensive pool of DNA samples and data. While 23andMe has assured customers this will not impact on their privacy, some doubts have unsurprisingly arisen, especially with regards to third-party access to individual DNA profiles.

Another report focused on FamilyTree DNA, a company that offers both home DNA testing and the opportunity to upload DNA data from other sources in order to gain access to their database and locate possible relatives. FamilyTree DNA does more than just that, however, having opened its database up to the FBI. In an attempt to solve violent crimes such as murder and rape, law enforcement agencies have turned to FamilyTree DNA in an effort to locate relatives of suspected criminals who they then use to try and track down the offender.

While this is great news for law enforcement, some FamilyTree DNA customers aren’t so enamored with the development. A genetic genealogist from California summed it up, saying, “All in all, I feel violated, I feel they have violated my trust as a customer”.

One big privacy issue that this development has uncovered is the fact that, although FamilyTree DNA users may have handed over their DNA profile voluntarily, their relatives haven’t. As an assistant law professor from the University of Baltimore, Natalie Ram, points out, “ We don’t choose our genetic relatives, and I cannot sever my genetic relation to them. There’s nothing voluntary about that”. As a result of that genetic connection, even if you haven’t taken a DNA test personally, your data could still be traced simply by using a relative’s DNA sample.

With all the controversy surrounding how your DNA information is handled by home DNA testing companies, if you’re thinking of taking one of these tests, you need to be very clear about what your rights as a consumer are and how the company you choose will handle your data once it’s been submitted.

Dangers of DNA Data

Let’s face it, most of us are pretty cagey about our personal data, be it our home address or social security number, so why would our attitude to our DNA be any different? A DNA test can reveal all sorts of information about you, from your family history to your health issues and your personality. In the wrong hands, data of this nature could easily be exploited.

So what are the main dangers facing the security of your DNA data?

1. Third Party Poopers

When you purchase a home DNA test, you agree to its terms and conditions which often include the right to share your data with third parties. While you probably gave that permission when you signed the forms, the chances are, you didn’t really read them, or if you did, you didn’t give it much thought.

Most DNA testing companies use contractors to perform certain services so these are the first third parties that have access to your information. The second layer is made up of research partners, including pharmaceutical companies. A third layer consists of law enforcement agencies.

While all these third parties have a valid reason to access your DNA profile, each time it’s shared, it’s made more vulnerable so even if you believe those third parties have your best interests and privacy at heart, it doesn’t necessarily mean those things are being safeguarded sufficiently.

2. Hacked to the Heart

A couple of years ago, millions of MyHeritage.com client’s privacy was compromised after a security breach gave an unauthorized security researcher access to 92 million account details. Fortunately, this didn’t include any DNA data but, nevertheless, has exposed the potential for such information to be leaked or accessed online. After all, once a hacker has your hashed password and email address, it’s just a matter of time before he logs into your account and has access to all your DNA data as well.

3. Looking Legal

The FBI aren’t the only ones eager to use private DNA databases to help them in their law enforcement efforts and, if you’ve taken a home DNA test and handed over your data to a company like FamilyTree DNA, state, federal and military agencies could all subpoena access to that information. While that’s only a threat to those who have committed a crime, it compromises the privacy of all DNA home test consumers.

4. Exposed to the Genes

You would expect that, if legal entities can access your DNA data, they should also be able to protect it but, at present, the legislation covering genetic privacy is inadequate. The Genetic Information Non-discrimination Act simply prevents insurance companies and employers from getting access to DNA information. Beyond this, there is very little in the law to protect your privacy.

5. Changeable Policies

Although you may have trusted the company when you submitted your DNA sample, it doesn’t mean to say you’ll still trust it 10 years’ down the line, nor that it will still be the same company. The cutting-edge world of business, firms are bought and sold and even go bankrupt. If this happens to a DNA testing company, however, what happens to its customers’ DNA data?

Furthermore, a business is entitled to change its privacy policy at any time and, even though most will alert its consumers to such an alteration, it’s up to you as an individual to read through the new policy and familiarize yourself with its implications.

It seems most home DNA test customers are positive about the service they’ve chosen, although often uninformed about the possible risks. Hopefully, this article is doing something to combat that trend.

Decided to Delete – What Next?

Perhaps this insider information has inspired a desire to delete, but is removing your DNA data footprint from every laboratory, database and website that stores it really that simple? Another aspect of home DNA tests that has come under frequent fire has been how difficult it can be to delete your account and related information.

Ironically, although the law does little to protect your personal genetic data, it does make removing it surprisingly difficult. For example, if you try to delete your information from 23andMe’s database, you’re liable to receive an email informing you that the company is obliged to store your “de-identified genotyping results” plus some analysis information in order to comply with the stipulations of the Clinical Laboratory Improvement Amendments of 1988. They don’t just store it for a month or two either but will retain your genetic information for up to 10 years!

Despite this, 23andMe proudly declare “you may delete your 23andMe account and personal data, directly within your Account Settings”, this clearly isn’t entirely true. To be fair, 23andMe does point out its legal obligations but these seem to be at odds with other clauses in the policy. As one reporter alleged, “When you delete your DNA information, you are mainly hiding your information from yourself”.

Is It a Risk Worth Taking?

When it comes down to it, only you can decide whether the information you’ll gain from a home DNA test, be it for ancestry, disease predisposition, or health purposes, outweighs the potential privacy threats. If you decide it does, then you need to be very careful in selecting a trustworthy company that holds both your interests and privacy in high regard.

Despite hitting the headlines with their GlaxoSmithKline partnership, 23andMe remains one of the most respected and reliable home DNA testing companies around. Yes, we’ve pulled apart every aspect of their service and privacy policy and there are some problems there but, nevertheless, if we were going to hand our DNA over to anyone, it would be 23andMe.

Not only does 23andMe make it very clear what its customers are consenting to, but it also does its utmost to keep your DNA sample safe and anonymous. All samples are stored with a randomized ID number so your DNA profile can’t be linked to either your name nor your credit card information.

What Other Risks Could I Be Exposed To?

Of course, security breaches aren’t the only risky aspect of a home DNA test and before you commit, it’s important to consider what you might learn from the experience. The results of DNA analysis can literally change your life!

For example, one consumer who was bewildered by her weight patterns! A few weeks in back in her country of origin, Russia, and she’d have lost pounds but a few days eating salads in Texas could see her gain 10 pounds or more. A DNA health report soon unraveled the mystery, revealing that her body didn’t react well to yeast or anything that would feed yeast. The results inspired her to fruit and starchy vegetables like carrots and potatoes from her diet as a result of which she promptly lost 10 pounds and got rid of the uncomfortable bloating that followed many a meal.

This is one of the positive stories, but sometimes DNA test results reveal some unpleasant surprises, like the person who discovered her dad wasn’t actually her biological father or the wife who found out, through her son’s DNA test, that her husband had fathered a child with another woman. Some companies are all too aware of how disruptive such findings can be and, in 23andMe’s terms of service, the company points out that customers “may discover things about yourself that trouble you and that you may not have the ability to control or change” and that “these outcomes could have social, legal, or economic implications”.

Who Should I Trust with My DNA?

According to an academic article published in the Cornell Journal of Law and Public Policy, no one. The author, James Hazel, looked at the privacy policies of 90 different home DNA testing companies and concluded: “that most policies fall well short of the ideal”. So, we know we can’t expect perfection, but which services offer the next best thing?

1. MyHeritage DNA

Although MyHeritage DNA doesn’t offer either health DNA reports nor feedback on your predisposition to disease or carrier status, its ethnicity reports are some of the best you can get. Better yet, MyHeritage DNA has responded positively to the dangers implied by the security breach last year and have assured customers that the “privacy and the security of your data are our highest priority”.

MyHeritage DNA is also developing a new two-factor authentication process which they hope will eliminate similar threats in the future and create a more secure environment for client data.

We have compiled a more extensive review on MyHeritage so make sure to check out our MyHeritage DNA review.

2. 23andMe

We discussed 23andMe in detail earlier so, just to recap, 23andMe offers both ancestry and health reports, covering everything from ancestry composition and your carrier status for numerous diseases to how your genes explain your weight gain problems. This information is valuable to a lot of people, hence the popularity of home DNA tests and if you want to gain further insight into your genetics, 23andMe offers more reliable service and accurate reporting than most.

If you want some more information about 23andMe DNA features, make sure not to miss out our in-depth 23andMe review.

3. Ancestry.com

Like MyHeritage DNA, Ancestry.com specializes in ancestry and ethnicity reports, but it does more than that, giving customers the opportunity to grow a family tree online and engage with its online community.  Ancestry.com prides itself on the detail contained in its reports, claiming to be able to trace your ancestry back to a single city in some cases. Ancestry.com is also committed to user privacy, applying high standards of security to its data storage.

According to its privacy statement, Ancestry.com will “delete all Genetic Information, including any derivative Genetic Information … from our production, development, analytics, and research systems within 30 days” upon request. It does, however, counter that by pointing out that, if you’ve consented to have your data used for research purposes, Ancestry.com will be unable to remove it from any current or completed projects. At least they’re clear about things, which is more than we can say for some of their rivals.

Additionally, we have explored their features in-depth, so if you are intrigued to make sure to read our Ancestry.com review.

Bottom Line

When it comes to the question of just how private is your data once you’ve taken a home DNA test, it’s evident that the answer depends on the company you’re addressing. It’s evident that the issues of privacy and security still need tackling further, particular in relation to how genetic information is gathered, stored and shared. Nevertheless, recent events, such as the security breach at MyHeritage DNA, do seem to have acted as a wake-up call to the direct-to-consumer DNA industry and companies are reacting positively, with MyHeritage DNA introducing tighter security and a new authentication process.

Not all the problems have yet been solved so, if you want to get access to your a but don’t want it shared with third parties or stored for a decade or more, it’s important to read the small print before signing any documents and especially consent forms. Remember, just because you want a DNA health report done, doesn’t mean you have to consent to your DNA being used for research purposes. At least you then retain a little more control over your sensitive data.

Having said that, DNA databases like those 23andMe and Ancestry.com are developing, are clearly giving scientific and medical researchers and law enforcement agencies access to very useful information, making the question of consent even more tricky.

At the end of the day, the choice is yours, as is the decision about which company to use for a DNA test, just remember to read the small print and make sure you’re fully informed before you submit any sensitive data.