At-Home DNA Test Kits Raise Security Questions

Despite the answers a bit of saliva can provide, some are critical of the at-home test services, questioning the level of security they provide for your most sensitive information.

• By Jessica Davis
• Dec 05, 2017

Home DNA test kits such as AncestryDNA or 23andMe are some of the most popular gifts this season, allowing you to send a DNA sample off to be analyzed for information on your ethnic background and genetic health conditions. Despite the answers a bit of saliva can provide, some are critical of the at-home test services, questioning the level of security they provide for your most sensitive information.

In November, Senator Chuck Schumer expressed concern about the at-home testing kits, saying many of their terms-of-service agreements weren’t clear on what the company could do with your genetic information.

"There are no prohibitions, and many companies say that they can still sell your information to other companies," Schumer said. He called for the Federal Trade Commission to “take a serious look at this relatively new kind of service and ensure that these companies can have clear, fair privacy policies”.

The privacy policies of these companies do vary, but typically require customer consent to share personally identifiable data. However, they often allow the sale or sharing of DNA information that has been anonymized as well as aggregate DNA information. There are potential benefits to this information sharing, but a lack of clear security safeguards means dangers loom.

"It all leads to good places for a patient if it's used appropriately, but when there's opportunity for misuse or for monetary gain, criminals are very fast on the uptake," said Peter Pitts, president of the Center for Medicine in the Public Interest.

While companies may anonymize DNA, it’s difficult to truly separate genetic information from identity, as DNA is basically the most personal identifying information anyone has. A 2013 study in the journal Science using two public genealogy databases found that researchers could correctly find people’s surnames from their genetic data alone between 12 and 18 percent of the time.

If DNA information and the genetic databases they’re held in aren’t properly secured and protected, the consequences of leaked data could be serious.

“It’s really inevitable that these databases will be breached” by hackers, said Michelle De Mooy, director of the privacy and data project at the Center for Democracy & Technology. “This is just tempting, tempting data for the government, too,” De Mooy said.

The Genetic Information Nondiscrimination Act of 2008 (GINA) aims to prevent insurance companies from denying coverage to healthy people based on predispositions their DNA may reveal and to prevent employers from using genetic information to make hiring, firing or promotion decisions. However, GINA has loopholes, and House Bill 1313, recently introduced in the U.S. House of Representatives, would reverse some of GINA’s workplace protections by allowing workplace wellness programs to restrict rewards to employees who did not provide genetic data.

Pitts said that the popularity and presence of genetic information means that the law needs to start paying attention.

"It simply means thoughtful regulation and thoughtful consumer education," he said.