If you have been listening to the genealogical community recently, or even the national news, you will have probably heard of some issues coming up regarding privacy and your possession of it or lack thereof when submitting your DNA to DNA testing sites. It has been a big topic in the national news ever since DNA on an open source DNA storage website was used to identify a serial killer who began a decade of unsolved killings in California in the 1970’s. The killer himself did not submit DNA, but a cousin of his did, and that was enough for investigators scouring these sites to identify the probable perpetrator.
If you have had your DNA tested by a DNA testing company, or stored the results with a DNA storage company, do you need to be concerned about your privacy? Here is what you need to know.
The first thing you should know is that anyone who has had their DNA tested with any company has signed a consent form regarding how that DNA may be used. Whether you read that consent form is another thing entirely. Most consumers do not read them, as they tend to be lengthy and full of legalese. Who has time for that? You just want your DNA results, not to read several dozen pages worth of legal talk. It’s understandable.
Millions of Americans have taken these tests, and their DNA samples are now stored in labs across the country. Customers who have been interviewed about the privacy issue have all pretty much consistently said they did not give much, if any, thought to what would be done with their DNA after the company they were using tested it.
While each DNA testing company has different legal language in their consent forms, one thing that is common among all of them is a right to sell your DNA data to third parties. However, before you become alarmed at that idea, it should also be noted that all current DNA testing companies also agree to only sell your DNA aggregated with the DNA of other customers, and without your name being attached to it.
The most common third party purchasers of this anonymous DNA information are biomedical and pharmaceutical companies that use it for research. This can actually lead to breakthroughs in health and medicine that are beneficial to everyone, including the customers whose DNA was used to conduct the research.
While this is the typical way DNA is usually used after it has been tested, some privacy lawyers and DNA test kit customers are concerned that their DNA could be sold to insurance companies and private employers, along with their names, and that their DNA could then be used to make insurance issuance and employment decisions regarding them. This has not happened yet, that anyone knows of, yet it remains a concern, as there is nothing in the consent agreements of most DNA testing companies that would prohibit this kind of use.
Yet, at the same time, current federal laws prohibit health insurance companies, at least, from using the genetic data of their potential or current customers to deny issuing insurance to anyone. It should be noted, though, that those laws do not apply to life insurance and long-term care insurance companies.
While some privacy lawyers and advocates say stronger privacy laws are needed to protect DNA test kit customers, others say the risk of your DNA being used against you is small, and virtually nil for any nefarious purposes; in other words, there is far more dangerous to you in having your Social Security number stolen than your DNA information sold (or hacked), because actual damage can be done to you with your Social Security number in the wrong hands. Anyone who has your DNA data is limited in what they can do with it, and besides the insurance concern, which has not become an issue to anyone yet, there is nothing else a hacker could currently do with it.
Other privacy experts point out that DNA is no different than any other personal information you share online. Any information you provide is subject to being exposed. These privacy experts liken sharing your DNA to doing online banking… there is always the danger of it being hacked or sold and used for purposes you do not approve, but the risk is actually very small. We all expose ourselves online in a variety of ways all the time. DNA is just the latest way we do it, and so is part of an ongoing and evolving conversation about overall personal privacy and the security of personal information online.
The reality is that most DNA testing companies, especially the “big two”… 23andme and Ancestry… keep very careful control over any DNA you submit that is stored online. Your DNA is at far greater risk of being stolen and information in it made public or used for some as-yet-unforeseen criminal purpose once it leaves those companies and is sold to third parties.
Right now, your biggest risk, when it comes to having your DNA tested, is revealing previously unknown family secrets, such as a child given away for adoption that no one knew was even born, or finding out a family member had an out-of-wedlock child, a child of an affair, or was adopted and never knew they were.
If you are comfortable taking the risk of revealing family secrets, either to yourself or other people in your family, there is no reason at present to be concerned about your DNA affecting your personal privacy, regardless of who is currently controlling the information.