{"id":13874,"date":"2018-11-20T08:10:13","date_gmt":"2018-11-20T16:10:13","guid":{"rendered":"http:\/\/www.palada.net\/index.php\/2018\/11\/20\/news-7641\/"},"modified":"2018-11-20T08:10:13","modified_gmt":"2018-11-20T16:10:13","slug":"news-7641","status":"publish","type":"post","link":"http:\/\/www.palada.net\/index.php\/2018\/11\/20\/news-7641\/","title":{"rendered":"What DNA testing kit companies are really doing with your data"},"content":{"rendered":"

Credit to Author: Wendy Zamora| Date: Tue, 20 Nov 2018 15:00:00 +0000<\/strong><\/p>\n

Sarah* hovered over the mailbox, envelope in hand. She knew as soon as she mailed off her DNA sample, there\u2019d be no turning back. She ran through the information she looked up on 23andMe\u2019s website one more time: the privacy policy, the research parameters, the option to learn about potential health risks, the warning that the findings could have a dramatic impact on her life.<\/p>\n

She paused, instinctively retracting her arm from the mailbox opening. Would she live to regret this choice? What could she learn about her family, herself that she may not want to know? How safe did she really feel giving her genetic information away to be studied, shared with others, or even experimented with?<\/p>\n

Thinking back to her sign-up experience, Sarah suddenly worried about the massive amount of personally identifiable information she already handed over to the company. With a background in IT, she knew what a juicy target hers and other customers\u2019 data would be for a potential hacker. Realistically, how safe was her data from a potential breach? She tried to recall the specifics of the EULA, but the wall of legalese text melted before her memory.<\/p>\n

Pivoting on her heel, Sarah began to turn away from the mailbox when she remembered just why she wanted to sign up for genetic testing in the first place. She was compelled to learn about her own health history after finding out she had a rare genetic disorder,Ehlers-Danlos syndrome, and wanted to present her DNA for the purpose of further research. In addition, she was on a mission to find her mother\u2019s father. She had a vague idea of who he was, but no clue how to track him down, and believed DNA testing could lead her in the right direction.<\/p>\n

Sarah closed her eyes and pictured her mother\u2019s face when she told her she found her dad. With renewed conviction, she dropped the envelope in the mailbox. It was done.<\/p>\n

*Not her real name. Subject asked that her name be changed to protect her anonymity.<\/em><\/p>\n

An informed decision<\/h3>\n

What if Sarah were you? Would you be inclined to test your DNA to find out about your heritage, your potential health risks, or discover long lost family members? Would you want to submit a sample of genetic material for the purpose of testing and research? Would you care to have a trove of personal data stored in a large database alongside millions of other customers? And would you worry about what could be done with that data and genetic sample, both legally and illegally?<\/p>\n

Perhaps your curiosity is powerful enough to sign up without thinking through the consequences. But this would be a dire mistake. Sarah spent a long time weighing the pros and cons of her situation, and ultimately made an informed decision about what to do with her data. But even she was missing parts of the puzzle before taking the plunge. DNA testing is so commonplace now that we\u2019re blindly participating without truly understanding the implications.<\/p>\n

And there are many. From privacy concerns to law enforcement controversies to life insurance accessibility to employment discrimination, red flags abound. And yet, this fledgling industry shows no signs of stopping. As of 2017, an estimated 12 million people<\/a> have had their DNA analyzed through at-home genealogy tests. Want to venture a guess at how many of those read through the 21-page privacy policy<\/a> to understand exactly how their data is being used, shared, and protected?<\/p>\n

Nowadays, security and privacy cannot be assumed. Between hacks of major social media companies and underhanded sharing of data with third parties, there are ways that companies are both negligent of the dangers of storing data without following best security practices and complicit in the dissemination of data to those willing to pay\u2014whether that\u2019s in the name of research or not.<\/p>\n

So I decided to dig into exactly what these at-home DNA testing kit companies are doing to protect their customers\u2019 most precious data, since you can\u2019t get much more personally identifiable than a DNA sample. How seriously are these organizations taking the security of their data? What is being done to secure these massive databases of DNA and other PII? How transparent are these companies with their customers about what\u2019s being done with their data?<\/p>\n

There\u2019s a lot to unpack with commercial DNA testing\u2014often pages and pages of documents to sift through regarding privacy, security, and design. It can be mind-numbingly difficult to process, which is why so many customers just breeze through agreements and click \u201cOkay\u201d without really thinking about what they\u2019re purchasing.<\/p>\n

But this isn\u2019t some app on your phone or software on your computer. It\u2019s data that could be potentially life-changing. Data that, if misinterpreted, could send people into an emotional tailspin, or worse, a false sense of security. And it\u2019s data that, in the wrong hands, could be used for devastating purposes.<\/p>\n

In an effort to better educate users about the pros and cons of participating in at-home DNA testing, I\u2019m going to peel back the layers so customers can see for themselves, as clearly as possible, the areas of concern, as well as the benefits of using this technology. That way, users can make informed choices about their DNA and related data, information that we believe should not be taken or given away lightly.<\/p>\n

That way, when it\u2019s your turn to stand in front of the mailbox, you won\u2019t be second-guessing your decision.<\/p>\n

Area of concern: life insurance<\/h3>\n

Only a few years ago in the United States, health insurance companies could deny applicants coverage based on pre-existing conditions. While this is thankfully no longer the case, life insurance companies can be more selective about who they cover and how much they charge.<\/p>\n

According to the American Counsel for Life Insurers (ACLI), a life insurance company may ask an applicant for any relevant information about his health\u2014and that includes the results of a genetic test, if one was taken. Any indication of health risk could factor into the price tag of coverage here in the United States.<\/p>\n

Of course, there\u2019s nothing that forces an individual to disclose that information when applying for life insurance. But the industry relies on honest communication from its customers in order to effectively price policies.<\/p>\n

\u201cThe basis of sound underwriting has always been the sharing of information between the applicant and the insurer\u2014and that remains today,\u201d said Dr. Robert Gleeson, consultant for the ACLI. \u201cIt only makes sense for companies to know what the applicant knows. There must be a level playing field.\u201d<\/p>\n

The ACLI believes that the introduction of genetic testing can actually help life insurers better determine risk classification, enabling them to offer overall lower premiums for consumers. However, the fact remains: If a patience receives a diagnosis or if genetic testing reveals a high risk for a particular disease, their insurance premiums go up.<\/p>\n

In Australia<\/a>, any genetic results deemed a health risk can result in not only increased premiums but denial of coverage altogether. And if you thought Australians could get away with a little white lie of omission when applying for life insurance, they are bound by law to disclose any known genetic test results, including those from at-home DNA testing kits.<\/p>\n

Area of concern: employment<\/h3>\n

Going back as far as 1964 to Title VII<\/a> of the Civil Rights Act, employers cannot discriminate based on race, color, religion, sex, or nationality. Workers with disabilities or other health conditions are protected by the Americans with Disabilities Act, the Rehab Act, and the Family and Medical Leave Act (FMLA).<\/p>\n

But these regulations only apply to employees or candidates with a demonstrated health condition or disability. What if genetic tests reveal the potential <\/em>for disability or health concern? For that, we have GINA.<\/p>\n

The Genetic Information Nondiscrimination Act<\/a> (GINA) prohibits the use of genetic information in making employment decisions.<\/p>\n

“Genetic information is protected under GINA, and cannot be considered unless it relates to a legitimate safety-sensitive job function,” said John Jernigan, People and Culture Operations Director at Malwarebytes.<\/p>\n

So that\u2019s what the law says. What happens in reality might be a different story. Unfortunately, it\u2019s popular practice for individuals to share their genetic results online, especially on social media. In fact, 23andMe has even sponsored celebrities unveiling and sharing their results. Surely no one will see videos of stars like Mayim Bialik sharing their 23andMe results live and follow suit.<\/p>\n