It’s pretty clear based on this that 23andMe is screwed. But the part that should terrify any customer of this DNA testing service is what happens to that data when the company finally dies. That’s a real concern as according to this NPR report:
Anya Prince, a law professor at the University of Iowa’s College of Law who focuses on genetic privacy, said those worried about their sensitive DNA information may not realize just how few federal protections exist.
For instance, the Health Insurance Portability and Accountability Act, also known as HIPAA, does not apply to 23andMe since it is a company outside of the health care realm.
“HIPAA does not protect data that’s held by direct-to-consumer companies like 23andMe,” she said.
Although DNA data has no federal safeguards, some states, like California and Florida, do give consumers rights over their genetic information.
“If customers are really worried, they could ask for their samples to be withdrawn from these databases under those laws,” said Prince.
That’s a bit troubling. Fortunately, there’s something that 23andMe customers can do about it. Close their account ASAPunt:
23andMe has a page with instructions on how users can request an account closure. But in your 23andMe account, navigate to Settings, scroll down to the 23andMe Data section at the bottom, and click View on the right. Enter your birthday and then scroll to the bottom of the next page and click Permanently Delete Data.
Once you submit your request, 23andMe will email you to confirm it. Doing so will prompt the company to discard a customer’s genetic testing samples and prevent the company from using their data for future research projects. It could take up to 30 days to go into effect, though.
There is a catch though:
Although customers can request the company to delete their data, 23andMe won’t necessarily erase all your information. The company has been telling users who request an account deletion: “23andMe and the contracted genotyping laboratory will retain your Genetic Information, date of birth, and sex as required for compliance with legal obligations, pursuant to the federal Clinical Laboratory Improvement Amendments of 1988 and California laboratory regulations.”
And that is going to be a worry for any 23andMe customer. Especially since any bankruptcy proceeding or sale of the company likely would involve selling that data as part of the assets of the company. But at least requesting that your account be closed is something.
Bottom line. This is a cautionary tale that illustrates that these sorts of companies operate in a “grey area” and more regulation is required to govern how companies like this operate.
Like this:
Like Loading...
Related
This entry was posted on October 6, 2024 at 8:01 am and is filed under Commentary with tags 23andMe. You can follow any responses to this entry through the RSS 2.0 feed.
You can leave a response, or trackback from your own site.
23andMe Is Screwed… What Happens To Customer Data?
It’s pretty clear based on this that 23andMe is screwed. But the part that should terrify any customer of this DNA testing service is what happens to that data when the company finally dies. That’s a real concern as according to this NPR report:
Anya Prince, a law professor at the University of Iowa’s College of Law who focuses on genetic privacy, said those worried about their sensitive DNA information may not realize just how few federal protections exist.
For instance, the Health Insurance Portability and Accountability Act, also known as HIPAA, does not apply to 23andMe since it is a company outside of the health care realm.
“HIPAA does not protect data that’s held by direct-to-consumer companies like 23andMe,” she said.
Although DNA data has no federal safeguards, some states, like California and Florida, do give consumers rights over their genetic information.
“If customers are really worried, they could ask for their samples to be withdrawn from these databases under those laws,” said Prince.
That’s a bit troubling. Fortunately, there’s something that 23andMe customers can do about it. Close their account ASAPunt:
23andMe has a page with instructions on how users can request an account closure. But in your 23andMe account, navigate to Settings, scroll down to the 23andMe Data section at the bottom, and click View on the right. Enter your birthday and then scroll to the bottom of the next page and click Permanently Delete Data.
Once you submit your request, 23andMe will email you to confirm it. Doing so will prompt the company to discard a customer’s genetic testing samples and prevent the company from using their data for future research projects. It could take up to 30 days to go into effect, though.
There is a catch though:
Although customers can request the company to delete their data, 23andMe won’t necessarily erase all your information. The company has been telling users who request an account deletion: “23andMe and the contracted genotyping laboratory will retain your Genetic Information, date of birth, and sex as required for compliance with legal obligations, pursuant to the federal Clinical Laboratory Improvement Amendments of 1988 and California laboratory regulations.”
And that is going to be a worry for any 23andMe customer. Especially since any bankruptcy proceeding or sale of the company likely would involve selling that data as part of the assets of the company. But at least requesting that your account be closed is something.
Bottom line. This is a cautionary tale that illustrates that these sorts of companies operate in a “grey area” and more regulation is required to govern how companies like this operate.
Share this:
Like this:
Related
This entry was posted on October 6, 2024 at 8:01 am and is filed under Commentary with tags 23andMe. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.