By now you’ve heard – the Golden State Killer’s 40+ year reign of terror is potentially over as the FBI agents used an ancestry website DNA sample to arrest their suspect, James DeAngelo, Jr.
Over the last few years, DNA testing has gone mainstream for novelty reasons. Companies like Ancestry.com and 23andMe have offered easy access to the insights of your genetics, including potential health risks and family heritage, and even reconnect family members, through simple genetic tests.
However, as a famously ageless actor once suggested in a dinosaur movie, don’t focus too much on if you can do this, without asking if you should do this.
When you look closely, you can find several reasons to wonder if sending your DNA to these companies is a wise choice.
These reasons mostly come down to privacy protection, and while most companies do have privacy policies in place, you will find some surprising loopholes in the fine print. For one, most of the big players don’t give you the option to not have your data sold.
These companies, like 23andMe and Ancestry.com, can always sell your data so long as your data is “anonymized,” thanks to the HIPAA Act of 1996. Anonymization involves separating key identifying features about a person from their medical or biological data.
These companies know that loophole well; Ancestry.com, for example, won’t even give customers an opt-out of having their DNA data sold.
Aside from how disconcerting it is that these companies will exploit this loophole for their gain at your expense, it’s also worth noting that standards for anonymizing data don’t work all that well.
In one incident, reportedly, “one MIT scientists was able to ID the people behind five supposedly anonymous genetic samples randomly selected from a public research database. It took him less than a day.”
There’s also the issue of the places where that data goes when it goes out. That report the MIT story comes from noted that 23andMe has sold data to at least 14 outside pharmaceutical firms.
Additionally, Ancestry.com has a formal data-sharing agreement with a biotech firm. That’s not good for you as the consumer, because you may not know how that firm will handle the data.
Some companies give data away to the public databases for free, but as we saw from the earlier example, those can be easy targets if you wanted to reverse engineer the data back to the person.
It would appear the only safe course of action is to have this data destroyed once your results are in. However, according to US federal regulation for laboratory compliance stipulates that US labs hold raw information for a minimum of 10 years before destruction.
Now, consider all that privacy concern in the context of what happens when your DNA data is compromised. For one, this kind of privacy breach is irreversible.
It’s not as simple as resetting all your passwords or freezing your credit.
If hackers don’t get it, the government certainly can; there’s even an instance of authorities successfully obtaining a warrant for DNA evidence from Ancestry.com in a murder trial.
Even if you’re not the criminal type who would worry about such a thing, the precedent is concerning.
Finally, if these companies are already selling data to entities in the biomedical field, how long until medical and life insurance providers get their hands on it?
I’ll be the first to admit that the slippery slope fallacy is strong here, but there are a few troubling patterns of behavior and incorrect assumptions already in play regarding the handling of your DNA evidence.
The best course of action is to take extra precaution.
Read the fine print carefully, especially what’s in between the lines. As less scrupulous companies look to cash in on the trend, be aware of entities who skimp on privacy details; DNA Explained chronicles a lot of questionable experiences with other testing companies.
Above all, really think about what you’re comfortable with before you send in those cheek swabs or tubes of spit. While the commercials make this look fun, it is a serious choice and should be treated like one.
This story was first published, October 2017.