DNA Testing Kits
DNA testing kits like 23andMe, AncestryDNA and FamilyTreeDNA have been purchased and used by many to discover more information about ancestors and their heritage.
Consumers purchase kits from various brands as gifts for friends and family as well as buying such kits out of genuine curiosity.
DNA test kits are able to open doors to the past and allow people to connect with their genealogy in a whole new way.
All in all, such DNA test kits services are in high-demand these days, but an even higher demand exists for the data within the kit.
Let’s take a look at what happens to your DNA after receiving your results.
How DNA Testing Kits Work
To begin, the basics of a DNA test kit are pretty straight forward. Across the board, to receive your genealogy analysis, three main steps need to happen.
One, order your desired kit. Two, simply spit in the provided tube and register it. Third, send your sample back to the company and wait for the analysis results to come back.
Overall, it is a pretty simple process. But the main question here is, what happens to your DNA after it has been analyzed?
What are the privacy concerns with a DNA testing kit?
As the concern with protecting privacy grows, many think that just worrying about smartphone data or a webcam is where it ends. That assumption may not be the case.
In recent news, horror stories are popping up on the internet about what happens to your DNA sample after your results come in. Such concerns include selling the information to third parties, giving law enforcement access and granting privileges to law enforcement.
However, this is not technically the case.
Who can access my DNA analysis results?
-
Third Parties
-
Law Enforcement
-
Research Laboratories
-
Malicious Users
Third Parties and Research
First and foremost, just by taking the test, you are not automatically giving consent to the DNA testing company to do what they want with you genetic analysis.
The option to explicitly give your consent for research is available. If you opt not to, your information will be safe from further use. But, you may receive many pestering emails to change your mind.
If you do decide to allow the company to use your information for research, many of the services also allow you to opt out during, if you change your mind later.
Although, a catch does exist to the choice to opt out. Any information that was currently in use or already used will remain with (for example) a research lab.
Some customers may view this as an opportunity to help advance research and help people. Which is a positive way to look at this scenario. But, it is okay to be skeptical of this situation as well.
Beyond the concern of selling genetic information, two other topics of privacy concern should be something to consider.
Law Enforcement
Researchers found that several DNA testing sites were also allowing law enforcement to access their databases.
For example, Family Tree DNA voluntarily “gave the FBI routine access to its database of more than 1 million users’ data. This allowed agents to test DNA samples from crime scenes against customers’ genetic information to look for family matches.”
The site later apologized to its users. This was followed by a statement from the company informing its customers on how to remove the “matching” option from their information to avoid this type of situation.
Security Breach
Finally, the main privacy concern that comes to mind when any type of personal information is stored is a data or security breach.
As a customer of a DNA testing kit company, you are voluntarily handing over your DNA to a company in hopes that it is properly secured.
Attackers see these companies as great targets due to all of the information you as the customer have to give in order to have your DNA analyzed.
If a malicious user has the capability to gain access to said systems, this presents a major security breach that could majorly impact the millions of people using the DNA testing kits.
HIPAA
According to axios.com, “commercial DNA-testing services aren’t specifically covered by federal privacy rules, such as HIPAA, because they aren’t health providers or insurers.”
I found this interesting due to the fact that one may just assume that because seemingly medical information and research is being conducted, the privacy standards would be the same of the medical field.
The standards are not the same, however. This leaves more wiggle room for lose regulations and security policies regarding data security.
Take-Away
Like anything, the risk for a possible security and or privacy concern exists. The main idea here is that you should consider your options, and make an educated decision.
Especially when it deals with your DNA and other personal information.
So, will you be testing your DNA anytime soon? Have you already? Tweet Us! @cyberprotectgrp
By Taylor Ritchey