The DNA testing business has been booming for some time, Bloomberg says. In fact, Ancestry.com and 23andMe Inc. alone have sold more than 15 million DNA kits.
But, while more people are using these DNA tests, more problems are arising, especially with privacy. The issue took off in spring of 2018, when police gained access to genetic data from a genealogy website to nail down a suspect in the Golden State Killer case. More recently, consumer DNA-testing company FamilyTreeDNA enabled federal law enforcement to have access to the genetic information of millions of people.
“On a case-by-case basis, the company has agreed to test DNA samples for the FBI and upload profiles to its database, allowing law enforcement to see familial matches to crime-scene samples,” Bloomberg says. “FamilyTreeDNA said law enforcement may not freely browse genetic data but rather has access only to the same information any user might.”
While that might be the intent, genealogists are reporting a concern for users’ right to privacy. For example, reliance on genetics testing might lead law enforcement on a wild goose chase while chasing a suspect, and land them with the wrong person. “The real risk is not exposure of info but that an innocent person could be swept up in a criminal investigation because his or her cousin has taken a DNA test,’’ Debbie Kennett, a genealogist, told Bloomberg.
Similarly, people who opt to have their DNA tested put family members at risk, too. “That’s how police caught the alleged Golden State Killer,” Bloomberg says. “A study last year estimated that only 2 percent of the population needs to have done a DNA test for virtually everyone’s genetic information to be represented in that data.”
Similar to sensitive data that is stored in the Cloud or on a network – both secured and unsecured – there seems to be no such thing as “protected data;” people who take genetic tests give DNA companies their genetic data, and, depending on contracts that company has, give other entities – businesses, the government – that data, too. As a result, end users and decision makers alike should keep this case study in mind when considering how and where to store their data, and imparting privacy best practices to employees and customers.