Topline
A first-of-its-kind complaint from the Federal Trade Commission has charged San Francisco genetic testing company 1Health.io for allegedly failing to protect the privacy of its clients—something more than half of Americans say is a concern when it comes to DNA health and ancestry kits.
Key Facts
On Friday, the FTC announced it has charged the DNA testing company for allegedly lying to customers about deleting their data, changing their privacy policy without telling clients and leaving sensitive genetic and health data unsecured in the first formal privacy complaint levied against such a company.
According to the FTC, 1Health.io, formerly known as Vitagene, promises a “rock-solid” standard of cybersecurity when it comes to its DNA test kits, but it instead stored consumers’ sensitive data in publicly accessible “buckets” on Amazon Web Service’s cloud storage service.
There is no claim that the data was accessed by any third-party, but the FTC says nearly 2,400 health reports about consumers and raw genetic data of at least 227 consumers–sometimes accompanied by a first name–were at risk.
The company also did not have a policy to destroy DNA samples with the lab that processes them despite promising customers they could delete their personal information at any time and that samples would be destroyed shortly after they were analyzed.
The FTC says Vitagene was warned at least three times over two years that the company was storing unencrypted health, genetic and other personal information in publicly accessible places.
As part of a proposed settlement, 1Health will need to strengthen protections for genetic information and instruct third-party contract labs to destroy all consumer DNA samples older than 180 days.
Key Background
Many Americans have been skeptical of privacy with regards to increasingly popular mail-in DNA testing, which is used to learn about health concerns, genealogy and other factors. In a February poll by YouGov, more than half of respondents (53%) said privacy was “very much” or “somewhat” of a concern when it comes to private DNA testing companies. Americans have also expressed worry that law enforcement agencies will be able to access the DNA data of private companies, a fear that came to life with the arrest of the Golden State Killer in 2018. Police used GEDmatch, a free online database where anyone can share information from popular test kit sites like 23andMe and Ancestry.com, to arrest Joseph James DeAngelo. The YouGov poll showed 30% of Americans think police should be able to use DNA test information in all cases, 31% said only for violent crimes, and 23% said not at all.
Ancestry
Alternatives: 22 million. That’s how many people Ancestry, the largest consumer genetic testing company, claims have used its testing kits around the globe.
Further Reading
Ancestry Expands DNA Testing To 54 New Markets (Forbes)
How to Protect Your DNA Data Before and After Taking an at-Home Test (New York Times)
How DNA Companies Like Ancestry And 23andMe Are Using Your Genetic Data (Forbes)
Source: https://www.forbes.com/sites/maryroeloffs/2023/06/16/dna-testing-startup-lied-to-customers-about-deleting-their-data-ftc-alleges/