The direct-to-consumer genetic test market means you can spit in a tube, send it off to a lab, and get results that shed light on your heritage or potential health risks.
But what happens to your data when you do that? Does an ancestry test or genetic analysis raise privacy concerns? Here’s what you need to know.
How Does an At-Home Genetic Test Work?
Testing yourself at home starts by collecting a sample, which is usually a small amount of saliva. However, some companies have customers take cheek swabs. Blood samples are also options but much less common.
Each company walks you through the process and provides approximate timeframes. For example, it takes three to five days to receive the 23andMe testing kit after ordering it from the website. You can get it faster by choosing express shipping.
The company provides a prepaid envelope for sending your sample back. However, before dropping it in a mailbox, it requires using a unique barcode to link the saliva to you. You’ll get an email in three to four weeks, prompting you to log into an online account containing your test results.
Some sites, including 23andMe, provide raw data with customers’ results. You can plug it into third-party online tools to gain further insights.
What they contain varies depending on what a company offers and how much you pay. For example, Ancestry.com offers tests that determine your family tree’s origins and where your relatives moved over time. It can also help find living relatives. The company’s expanded option assesses several dozen personal traits and explains how genetics influence them.
Some such tests claim incredible specificity about the relevant world regions. For example, AncestryDNA tracks lineage from more than 700,000 areas when providing results. You can also get an ancestry test through 23andMe, but the company has a broader selection of health-related products.
One option tells customers if their genetic variations elevate their risk of certain illnesses. Alternatively, a carrier test looks for genetic evidence of issues that could affect your offspring but not yourself.
How Do Genetic Testing Companies Handle Your Data?
Data privacy is a topic of interest among people interested in purchasing home-based genetic tests. Most have dedicated webpages and FAQ sections specifying their information-handling practices. Learning the answers to some pertinent questions will help you decide whether to do business with a certain enterprise.
For example, vetting a company’s data privacy practices may include checking:
- Whether the company anonymizes the data.
- How the business stores your information.
- What safeguards occur to stop misuse.
- If the organization uses your information for secondary purposes.
- What happens to your details if the company ceases operations.
- Who owns your genetic data.
- If you can opt-out of having info used for research.
- If the company deletes your information upon request.
In the case of a test company called Gene Planet, the company indicates that customers can choose how the business treats the information and what it retains. When evaluating any at-home testing company, look at the website’s footer for a privacy policy or the entire data protection-related section.
What Are the Risks of At-Home Tests?
If a company follows data protection best practices, the likelihood of associated problems is reduced. However, possible threats still exist.
Researchers Find Security Risks From Self-Uploaded Material
Many leading genetic testing companies do not allow users to upload their data to a system. However, research shows that smaller entities might, putting privacy at risk. A team uncovered several ways that other parties could learn about people’s genotypes without permission through customer-uploaded details.
One positive aspect was that the researchers examined the problem in theoretical terms without identifying real-life issues. Even so, their work shows that weaknesses could exist, giving hackers greater access to sensitive details.
Family Members May Spread Genetic Data Surprises
The medical industry follows strict rules, and federal legislation helps protect people from general adverse medical outcomes.
For instance, the government encourages individuals to come forward with information regarding medical and pharmaceutical malpractice according to the FCA. Also, the US Genetic Information Nondiscrimination Act (GINA) prohibits insurer or workplace-related discrimination due to test results.
Even so, your analysis may have details you don’t immediately want disclosed to friends or family members.
The internet features plenty of accounts of people who learned about their adoptions or that they’d never met their biological fathers after getting ancestry tests back. One study showed that 27 percent of respondents learned of previously unknown close relatives this way.
You may also learn unsettling health information, such as that you’re at a greater risk for a particular cancer.
That’s why many recommendations suggest accessing your genetic data privately and only sharing it with others after digesting it yourself.
Relatedly, it’s a good idea to choose a strong password for a site’s genetic data portal so people you live with or know won’t successfully snoop if the temptation arises.
Data Breach Risks Exist
Companies offering genetic and ancestry tests could also experience data breaches. One instance occurred in 2019 at a startup called Veritas Genetics. The company remained vague about the issue’s extent. A representative confirmed data access involving an unauthorized party but did not confirm precisely when it happened.
However, they specified the compromised information included customer data but not their health details.
In another case, Vitagene mistakenly publicized more than 3,000 customers’ birthdays, genetic health details, and full names. That blunder happened due to cloud storage errors the company made. It addressed the problem after learning of it, but the issue shows how mistakes could risk consumer privacy.
Third-Party Agreements Increase Potential Data Access
Situations also arise where a genetic company may share your data with others. In one example, 23andMe engaged in a four-year collaboration with drugmaker GlaxoSmithKline. Representatives from the pharmaceutical company wanted to use the genetic data to make its products more effective and improve recruitment for clinical trials, among other plans.
23andMe only provided the data after getting customer consent. However, when people sign up for new services, they often agree to things without reading the fine print.
Even if a person becomes aware of such data-sharing and agrees to it, they must also trust a second company to keep the information safe.
Protect Yourself Before Purchasing a Genetic Test
You probably freely give data to companies daily without a second thought and may have no issues with entrusting one with your genetic information. The smartest thing to do before buying a test or offering details to providers is to research how the specific entity deals with your info. Resist the urge to click “I accept” before verifying the specifics.
Additionally, find out whether you can opt in or out as desired. Maybe you’ll initially feel OK with a company giving your data to a third party but feel wary later. Knowing about a business’s security procedures will help you make a well-informed and confident choice.