With the holiday season approaching you may soon see ads from companies like 23andMe, Ancestry, and MyHeritage. These companies and others like them will try to convince you that for around $100-$200 you can purchase “a thoughtful gift” that will teach you about your family history and help you better understand your health. You may be encouraged to give more sensitive family information to maximize the health benefits gained through the testing. While this may seem rather harmless, you should know that there is a lot more at stake than these companies let on. Learn all the facts before sending them a tube of your saliva. 

Many people assume that regulations are in place to protect the privacy of their genetic data. In this case, the technology is ahead of the law. Currently, there are no federal regulations that specifically address consumer privacy issues related to direct-to-consumer (DTC) genetic testing companies. This means that DTC companies write their own privacy policies. By clicking “agree” to a vaguely worded privacy policy, consumers often allow DTCs to resell this sensitive data to huge biotech companies. According to FBI supervisory special agent Edward You, the high valuation of DTC genetic testing companies is based on their development of genetic databases, not on the services paid for by consumers.

Why should you care if your genetic profile gets sold? Concerns have been raised about the possible use of genetic data for insurance underwriting, that no significant regulations govern law enforcement’s access to genetic samples, and because one person’s consent can expose the genetic markers of many nonconsenting blood relatives. In 2008, Congress passed the Genetic Information Nondiscrimination Act (GINA) to prohibit the discriminatory use of genetic information by employers and health insurance companies. However, areas such as life, long-term care and disability insurance are not covered by the law.  In July 2020, Consumer Reports detailed some of these concerns, noting that 71 percent of DTC genetic companies use consumers’ genetic data for purposes unrelated to providing results to those consumers.    

There are also basic data security concerns related to genetic testing companies. What if one of these companies is hacked? Who will be held liable for the violation of you and your family’s future generations’ genetic privacy? In 2018, MyHeritage suffered a breach of 92 million customer email addresses and passwords. Luckily their genetic data was not compromised. But even Anne Wojcicki, the CEO and founder of 23andMe, acknowledged in a 60 Minutes interview that “Anyone who tells you that a hack is not possible is lying.” 

Unlike much of your digital data (email addresses, passwords, credit card numbers) that can be replaced if stolen, your genetic data can never be changed.  Because you share your genetic data with your family, it can be used to identify relatives as far away as third cousins. The truth is that the implications for having your genetic data made public are still uncertain as the technology and laws continue to evolve. You should therefore carefully consider your decision before releasing genetic data to anyone. You might also want to have a discussion with family members about issues related to genetic testing.  Do your own research and if you are as concerned as I am, go to the websites of Hawaii senators Brian Schatz and Mazie Hirono and let them know that you care about this issue.