Ancestry, Privacy, and Your DNA: What to Consider Before You Disclose Your Genetic Information

Commercial genetic testing services have exploded in popularity in recent years.

Consumers have been buying and sending DNA test kits to companies for reasons ranging from ancestry profiles, discovering markers for possible medical conditions, and even wine selections paired to mesh with your genetic code rather than your meal.  Excluding identical twins, an individual’s genetic makeup is about as personal and unique as a category of identifying information can get, and yet there isn’t a great deal of law or regulation affecting ownership, use, or protection of genetic information once voluntarily disclosed.  The rights and obligations affecting consumer privacy interests in their DNA data are largely set by the company’s own policies, barring an applicable state law.  Thus, consumers should consider the potential privacy risks and take the time to make an informed decision before sending a dna kit. These concerns can include:

• Family and Estate Issues—Half of your DNA is shared with your parents, half your DNA is usually shared with your siblings, perhaps a quarter with your grandparents, and to some degree with every person in your family tree. A DNA test can reveal uncomfortable paternity information, and marriages have ended due to the results of what is in effect a consumer initiated wide ranging paternity test. Depending on the service and the database used, it may also reveal previously unknown relatives that could create or significantly complicate probate and estate issues for your family.
• Medical Concerns—There are services that are marketed exclusively for finding genetic markers that raise individual health concerns, but any test can collect markers that can show anything from a higher risk of cancer to a higher risk of developing alcoholism or other addictions. That information may be sold individually or in the aggregate to third parties depending on the company’s policies and practices, and there is no common regime of use or disclosure restrictions. Individuals that want to keep that kind of information from being disseminated should scrutinize the fine print for all DNA testing services.
• Law Enforcement Concerns— DNA testing has been a longstanding tool for solving crimes, prosecuting offenders, and exonerating the wrongfully convicted, but the use of DNA databases held by commercial entities for law enforcement is a relatively new development. Like any other entity, law enforcement can legally request records held by private entities for law enforcement investigations by warrant or subpoena.  Companies may also chose to voluntarily share their DNA databases, with or without notifying affected individuals depending on their polices and state law.  This practice garnered headlines earlier this year after the arrest of Joseph DeAngelo, the accused “Golden State Killer,” who was identified when law enforcement compared DNA obtained from crime scenes against the DNA database of GEDMatch, which almost certainly contained DNA profiles of DeAngelo’s relatives.  Users need to be aware of this possibility that law enforcement may access these databases, and once the information is disclosed there may be little practical ability for them to have that information returned or deleted.
• Hacking Concerns—Data breaches happen even when companies use first rate security technology and practices, and not all state based breach notification laws cover genetic information. Consumers need to be aware of the ever present risk their DNA data may be acquired by a hacker and sold, and unlike bank account numbers, social security numbers, or other personal information, you can’t get another DNA profile if it is compromised.

Consumers should be weighing privacy concerns right alongside price and service type when choosing whether to use a DNA testing service, and weigh those concerns for both themselves and for their relatives. Each company’s policies and practices differ, and genetic information is important enough that it is worth reading the fine print and making an informed decision before sharing. Contact our Sioux City, Sioux Falls, or Omaha offices for more information on how your DNA may be used in legal proceedings. For more Cyber Security topics visit our blog here!