Consumer Alert
Keep people’s sensitive DNA information private
Image
You’ve probably heard about genetic testing services, where a company examines your DNA, often from a saliva sample and sends you a report about your family background or your likelihood for developing certain health conditions. It might sound great, but can you trust a company when it promises to keep your sensitive DNA data private?
Vitagene, a San Francisco-based DNA testing company, promised consumers that it exceeded industry-standard security practices for maintaining the privacy of people’s sensitive health and genetic information. But the FTC says the company didn’t keep that promise. In fact, the FTC says Vitagene used a well-known cloud service provider to store people’s confidential information but didn’t use built-in cloud security measures. That made it possible for anyone with internet access to see the detailed health reports of nearly 2,400 consumers and raw genetic data of at least 227 others. To settle the case, the company will implement a comprehensive security program verified by a third party approved by the FTC.
If you’re considering using a DNA testing service, here are some things to consider.
- Know that your DNA data is sensitive because it’s about who you are. In fact, it’s so sensitive there’s a law to protect you from discrimination based on genetic information when you’re trying to get work or health insurance. But that law doesn’t apply if you’re trying to get disability or long-term care insurance.
- Do some research. Read and understand the company’s “terms of use” before you buy. Who will have access to your data? How will the company protect your privacy and keep your genetic information safe?
It is your choice whether to submit a comment. If you do, you must create a user name, or we will not post your comment. The Federal Trade Commission Act authorizes this information collection for purposes of managing online comments. Comments and user names are part of the Federal Trade Commission’s (FTC) public records system, and user names also are part of the FTC’s computer user records system. We may routinely use these records as described in the FTC’s Privacy Act system notices. For more information on how the FTC handles information that we collect, please read our privacy policy.
The purpose of this blog and its comments section is to inform readers about Federal Trade Commission activity, and share information to help them avoid, report, and recover from fraud, scams, and bad business practices. Your thoughts, ideas, and concerns are welcome, and we encourage comments. But keep in mind, this is a moderated blog. We review all comments before they are posted, and we won’t post comments that don’t comply with our commenting policy. We expect commenters to treat each other and the blog writers with respect.
We don't edit comments to remove objectionable content, so please ensure that your comment contains none of the above. The comments posted on this blog become part of the public domain. To protect your privacy and the privacy of other people, please do not include personal information. Opinions in comments that appear in this blog belong to the individuals who expressed them. They do not belong to or represent views of the Federal Trade Commission.
Thank you, for the information!
In reply to Thank you, for the… by Ana Otoupalik
Thank You for the information
I frequently receive calls from individuals claiming to be from MEDICARE who say they want to send me a DNA test kit that I can mail to my health provider or to them. I continue to refuse. Is this legitimate:? Thanks
In reply to I frequently receive calls… by Mark Walker
It is not legitimate. Definitely continue to refuse - better yet, don’t answer those calls, and report previous ones to the FTC.
See this article for more details: https://oig.hhs.gov/fraud/consumer-alerts/fraud-alert-genetic-testing-s….
In reply to I frequently receive calls… by Mark Walker
You could call Medicare back, on their 800 number, and ask if they are sending people DNA test kits. See what they tell you.
Thank you for this advice! Do you have any suggestions on how a consumer can verify a company's integrity? e.g., ways to spot a fraud? Much appreciated.
In reply to Thank you for this advice! … by Lawrence Marquit
I have this question too. Thanks!
So what recourse can consumers take?
In reply to So what recourse can… by Wafa Rizk Lt C…
How do we know? Can we have ease of mind as consumers!! Are all of these business practicing this policy? What is the FTC doing to make sure these companies are complying with said law?? In respect to out genetic information?
What danger is there in sharing DNA data? I don't understand the threat of having it public, isn't this just another blown out of proportion fear?
In reply to What danger is there in… by Dan E Funkhouser
Fraud is a big one. Too much info for those who target people for evil doing. Being sold for money to insurance companies who could use it to increase your policy cost.
In reply to What danger is there in… by Dan E Funkhouser
No, certain disease's or having the propensity for developing certain diseases can wreck havoc on you and your financial and family life. My stepson and his mother both had Huntington's Chorea (always fatal) and when she tested positive the whole family lost their life insurance, just cancelled by the insurance company. My husband and I had to fight for a long time to prove we weren't "blood related" that was his ex-wife's disease not his or mine. In order to get our insurance re-instated.
I guess this comes kind of late for me since I had a DNA analysis but at least I know my ethnicity on my father's side now.
Good info!
Thank you! I have forewarned my adult children but they phoo phoo'd me. Thanks again!!
Thank you. This was helpful!
Thank you for the years of service to me through my email subscription to your articles. I can truly say you are the only government entity that I trust and get real help.
Thank you.
Since so many evil people exist any licensed business should automatically never be allowed to use your info for any purpose than what a person gives access for their original use and then either stored in a secured entity or erased from memory. Greed causes breeches and needs to be stopped.
Does this apply to those that did jail time for a charge that was dismissed with prejudice. We were forced to give our dna.
I should be the industry standard that no company should collect and store my genetic information regardless of whether or not I give them permission so that I can see whether or not I have a little Mongolian in me I would assume that most of DNA for Homo sapiens would be kind of the same so the specific individual information that would be private and privileged would be about the actual individual I should be an industry standard it's uploaded by the client not stored by the company and certain parts of it should be blanked out for privacy reasons they don't actually need 100% of your genetic code in order to answer some family tree questions and they don't need any sort of paperwork giving them permission to hold on to those things for any longer now I understand Big Data dumps and things like that but no you're not going to collect genetic records of a bunch of people and then just keep them around and definitely and farewell they don't actually belong to the individuals anymore they belong to me because I know when I was doing the DNA testing so I don't really need the individuals permission in order to share the genetic material that I now own and I'm pretty sure the individualized no idea that I be keeping it for extended periods of time just such as United States intelligence services purchasing information about United States citizens from private corporations I'm going to turn the bash in the intelligence agent she's going to get their info from somewhere but it's the United States government is purchasing information about US citizens from us companies and although it's not foot Page News it was not hidden and that's not good. most people don't feel that there doing wrong or illegal
I bought Long Term Care insurance over 16 years ago and have taken a DNA test for Ancestry. Does this concern apply to me?
It happens to me too. They store it some where in thier lab did are lairs scams