DTC Genetic-Testing Giants Throw Their Weight Behind Privacy

For years, consumer and privacy advocates have railed against the potential for the direct-to-consumer (DTC) genetic testing to go horribly wrong. In what ways? Privacy violations, for one, along with the idea that companies could get rich off patient data, all while freely sharing our most personal information with law enforcement. But news this week suggests solutions for these problems could be on the way.

Future of Privacy Forum, a group that pushes for responsible data governance, yesterday released a set of best practices for the DTC genetic-testing industry, outlining eight key areas and a war chest of possible fixes. What’s more important, however, is the industry buy-in attached to the privacy guidelines: 23andMe, Ancestry, Helix, MyHeritage and Habit all signed on to the document.

>> READ: The Complicated Ethics of Gene Editing

“As the industry continues to expand and the technology becomes more accessible, it is vital that the industry acknowledges and addresses the risks posed to individual privacy when genetic data is generated in the consumer context,” Future of Privacy Forum authors wrote in the 21-page PDF file.

Strong guidelines are necessary for DTC genetic testing because of the power of the data. Future of Privacy Forum noted that the information can identify disease risk, disclose details about a person’s family, contain insights whose significance is not yet fully grasped and more.

The best practices cover transparency, consent, accountability, security, privacy by design and consumer education, along with data access, integrity, retention and deletion. Recommendations range from providing clear privacy notices of a company’s practices and asking separately for consent to share with third-party organizations to enabling consumers to delete their data, including biological samples.

In no way, however, does the document serve as a call to disarm the growing genetic-testing industry, which is poised to reach $340 million in market value over the next several years. But as more startups enter the space, the privacy challenge will become even greater, as privacy advocates work to sign on newcomers.

“Given the potential benefits that consumer genetic and personal genomic testing can provide to consumers and society, it is important that this data is subject to privacy controls and used responsibly,” Future of Privacy Forum wrote.

Here are some takeaways from the list of best practices. DTC genetic-testing companies should:

• Clearly describe their data-management practices, with the exception of deidentified data
• Get express consent for data collection, spelling out how they’ll use the information
• Get separate consent for third-party data sharing
• Get informed consent for research
• Collect, use and share genetic data “in ways that are compatible with reasonable consumer expectations”
• Only share customer data with law enforcement that go through the proper legal channels — and notify customers when that takes place
• Allow consumers to access and delete their data
• Ensure accuracy and retention of data
• Tap an employee to oversee privacy enforcement and training
• Protect against data breaches and other attacks on consumer privacy
• Educate their customers

For more information on the best practices, click here.

Get the best insights in healthcare analytics directly to your inbox.

Related

Rise of the Mobile Health Study

Study Finds 40% False Positives in Direct-to-Consumer Genetic Tests

Handling the Headaches of At-Home Genetic Testing