How do direct-to-consumer genetic testing companies protect their customers’ privacy?

A person’s genetic data represent personal, private health information. If you are considering direct-to-consumer genetic testing, it is important to know how the testing company will protect your information. In particular, you should know how the company will handle your sample (for example, saliva), how it plans to safeguard your data, and whether and how your data will be used for secondary purposes (such as research or advertising).

Most direct-to-consumer genetic testing companies provide detailed information on their websites about their privacy and security practices. This information may be included in a “privacy policy,” “privacy statement,” or “privacy center.” Be sure to read, understand, and agree with this information before you start the testing process. If you have questions, contact the company to get more information.

Questions that can help you assess a company’s privacy practices include:

  • What does the company do with your sample once it has completed the analysis? Will the sample be stored, shared, sold, or destroyed?

  • Once you take the test, who owns your genetic data?

  • How does the company safeguard your genetic data and other personal information that you provide? Is it stored in a database that is protected from unauthorized access? What happens if the database is hacked or otherwise compromised?

  • Can you delete your results from the company’s database if you wish?

  • Does the company use your information for internal research, advertising, or other secondary purposes?

  • Will the company share your genetic data or sell it to pharmaceutical or biotechnology companies, academic institutions, or nonprofit organizations? If so, will the shared data include other information that could identify you (such as your name or date of birth)? For what purposes will your data be used? Will you be informed when your data are shared or sold?

  • If you do not want your genetic data shared, sold, or used for research, can you opt out? What happens if you agree to share your information but want to opt out later?

  • Will you be notified in the future if the company changes its privacy policies?

  • What would happen to your sample and your genetic information if the company is sold or goes out of business?

It is important to remember that your DNA is unique and specific to you. Current technology makes it possible to link a sequence of DNA to a particular individual (“de-anonymize” a DNA sample). So if you agree to allow a company to use or share your DNA sequence, even if they don’t include your name or other easily identifying information, your genetic information may not remain anonymous and your privacy could be at risk.