Monday, September 3, 2018

"DNA Testing Companies Increase Lobbying as Privacy Concerns Mount"

From Sludge, August 28:

The increase in lobbying comes months after the arrest of the suspected Golden State Killer by using familial DNA data from a genealogy research site. 

It’s a scene from a dystopian novel: You’re curious about your ancestry so you purchase a genealogy kit online and submit a sample of your saliva to find out whether your grandmother was right about your family origins. A few weeks later you get your results. It makes for good fodder for the next family dinner. In exchange for quelling your curiosity, the company now has your DNA—the molecular composition that makes you, you. And unless you read the fine print, you likely have no idea that this information about what makes you unique is being sold to third-parties for medical research and who knows what else.

As the popularity of genetic and genealogy testing companies, such as Ancestry.com and 23andMe, skyrockets, and privacy concerns mount over how user data is secured, the companies are increasing their presence in Washington.

Ancestry.com, the largest for-profit genealogy company, hired a firm to lobby Congress and federal agencies on their behalf in January, after spending only $10,000 in 2017 on lobbying efforts. So far this year, the Utah-based company has increased their lobbying spending eightfold, spending $80,000 on a firm to lobby on “genetic privacy issues,” according to their Senate disclosure reports reviewed by Sludge.

Helix, another DNA testing site, also hired a lobbying firm for the first time in 2018, spending $40,000 so far this year to lobby on “genomic health, data privacy and security, and regulation of laboratory developed tests,” their lobbying disclosures states.

Golden State Killer Case Raises Privacy Concerns

The increase in lobbying comes months after the Sacramento County Sheriff’s Department arrested the suspected Golden State Killer—who killed at least a dozen people and committed more than 50 rapes during a 12-year spree beginning in 1974—by using data from a genealogy research site. 

More than four decades since the investigation began, police arrested 72-year old Joseph James DeAngelo in April after crime scene DNA was a partial match to DNA on GEDmatch, a geneology site. While DeAngelo’s genetic profile was not in the GEDMatch database, a distant relative’s was, narrowing down the suspected pool of possible serial killers to one family.

While law enforcement’s ingenious use of genealogy sites may have captured one of the most elusive serial killers, it surfaced questions about how genetic information is stored and who has access to users’ genetic data.

Unlike patients in clinical trials or in medical settings, there are no HIPAA-like regulations to protect consumers’ private health information on genetic and geneology testing websites. That means that users’ health data can be used or sold to third parties for medical research or to target certain individuals.

In June, Fast Company first reported that DNA testing companies, like 23andMe and Ancestry.com, were being investigated by the Federal Trade Commission over their policies for handling personal information and genetic data, as well as how that information was shared with third party vendors. 

A spokeswoman for the FTC declined to comment to Sludge, noting that the agency could not say whether it was investigating a company or not.

The data security issue was further bolstered after an Israeli-based genetic testing company learned of a security breach affecting 92 million people. In June, MyHeritage announced that it was victim to a security “breach” exposing email addresses and hashed passwords of roughly 92 million users. DNA data and family tree information were stored separately, the company said in a statement at the time....
...MUCH MORE