How do direct-to-consumer genetic testing companies protect their customers’ privacy?

A person’s genetic data represent personal, private health information. If you are considering direct-to-consumer genetic testing, it is important to know how the testing company will protect your information. In particular, you should know how the company will handle your sample (for example, saliva), how it plans to safeguard your data, and whether and how your data will be used for secondary purposes (such as research or advertising).

Most direct-to-consumer genetic testing companies provide detailed information on their websites about their privacy and security practices. This information may be included in a “privacy policy,” “privacy statement,” or “privacy center.” Be sure to read, understand, and agree with this information before you start the testing process. If you have questions, contact the company to get more information.

Questions that can help you assess a company’s privacy practices include:

  • What does the company do with your sample once it has completed the analysis? Will the sample be stored, shared, sold, or destroyed?

  • Once you take the test, who owns your genetic data?

  • How does the company safeguard your genetic data and other personal information that you provide? Is it stored in a database that is protected from unauthorized access? What happens if the database is hacked or otherwise compromised?

  • Can you delete your results from the company’s database if you wish?

  • Does the company use your information for internal research, advertising, or other secondary purposes?

  • Will the company share your genetic data or sell it to pharmaceutical or biotechnology companies, academic institutions, or nonprofit organizations? If so, will the shared data include other information that could identify you (such as your name or date of birth)? For what purposes will your data be used? Will you be informed when your data are shared or sold?

  • If you do not want your genetic data shared, sold, or used for research, can you opt out? What happens if you agree to share your information but want to opt out later?

  • Will you be notified in the future if the company changes its privacy policies?

  • What would happen to your sample and your genetic information if the company is sold or goes out of business?

In some cases, even if a testing service promises not to share your genetic information with others, they may be required by law to disclose the information to authorities in response to a warrant, court order, or other legal requirement. Many companies now provide explicit information about whether and how your genetic data may be accessed by law enforcement officials. If you upload your data to public databases, such as those administered by some third-party interpretation services, that information will be available to law enforcement. Be sure to read and understand how your data may be accessed by authorities before you submit your sample. Because everyone shares genetic similarities with their relatives, it may have implications not only for your own privacy but for that of people who are related to you.

Scientific journal articles for further reading

Berkman BE, Miller WK, Grady C. Is It Ethical to Use Genealogy Data to Solve Crimes? Ann Intern Med. 2018 May 29. doi: 10.7326/M18-1348. [Epub ahead of print] PubMed: 29809242.

Ram N, Guerrini CJ, McGuire AL. Genealogy databases and the future of criminal investigation. Science. 2018 Jun 8;360(6393):1078-1079. doi:10.1126/science.aau1083. PubMed: 29880677.

Shen H, Ma J. Privacy Challenges of Genomic Big Data. Adv Exp Med Biol. 2017;1028:139-148. doi: 10.1007/978-981-10-6041-0_8. Review. PubMed: 29058220.